|
Log-Analyse und Auswertung: Echtzeitscanner meldet Problem: services.exe w32/patched.ucWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.06.2013, 07:47 | #1 |
| Echtzeitscanner meldet Problem: services.exe w32/patched.uc Hallo liebe Community, ich habe seit ein paar Tagen das PRoblem, das mein Avira Echtzeitscanner ein Problem meldet das ein Trojaner gefunden wurde(services.exe w32/patched.uc) Avira schlägt vor diesen zu entfernen, doch leider sobald ich auf entfernen klicke, kommt sofort wieder die gleiche Meldung. # Ich habe die vorbereitungen für den Trojaner bereits getroffen, allerding ein Problem gehabt mit dem Gmer.exe welches eine gewisse Zeit lief und ich dann einen Bluescreen erhalten habe. extras.txt:[ Code:
ATTFilter OTL Extras logfile created on: 22.06.2013 12:47:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nico\Desktop\Gegen Virus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 6,12 Gb Available Physical Memory | 77,90% Memory free 15,71 Gb Paging File | 13,65 Gb Available in Paging File | 86,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 678,54 Gb Total Space | 541,71 Gb Free Space | 79,84% Space Free | Partition Type: NTFS Drive D: | 698,63 Gb Total Space | 544,40 Gb Free Space | 77,92% Space Free | Partition Type: NTFS Computer Name: NICO-PC | User Name: Nico | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Users\Nico\AppData\Roaming\File Scout\filescout.exe" /open "%1" () Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Users\Nico\AppData\Roaming\File Scout\filescout.exe" /open "%1" () Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files "{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared "{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 "{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer "{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{30AD92E0-E077-EA9A-2D30-97C5E6644930}" = ccc-utility64 "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files "{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources "{75C461E9-0D7A-4B55-B9A4-66D6ED878038}" = Ufasoft SocksChain "{7688DE34-87F5-45D5-AADA-E5501C1E0814}" = Oracle VM VirtualBox 4.1.0 "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes "{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64 "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 "{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU "{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DDDB6BC8-496D-4058-9E68-4B5B08C2F076}" = CD- und DVD-Sharing "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{E7F13A64-2E17-6800-06A9-D898C728A755}" = ATI Catalyst Install Manager "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 2.0.7 "WinRAR archiver" = WinRAR 4.01 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{01994B47-23FB-7678-E11A-ACB21F6EFA08}" = CCC Help Korean "{0215ADBE-2C36-1651-F537-A37749153A65}" = CCC Help Japanese "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0CDBAAE4-BD9F-5DB4-BA6A-58373173FD4E}" = PX Profile Update "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0DAC2E86-97E8-94F6-5BF0-C08043BFF517}" = CCC Help Turkish "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19CBDE24-2761-49A5-816B-D2BA65D0CA8D}" = Kontrola Windows Live Mesh ActiveX za daljinske veze "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2BB6EF5D-44A3-5206-BBD5-26ECC066F58F}" = CCC Help English "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{304D04C5-C4C7-DF22-E13B-653E48C841EE}" = CCC Help Finnish "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM) "{41F11B70-481A-76A9-3D4B-2D368F192CF5}" = CCC Help Russian "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{45A5BEBD-2CA0-6B5D-70EC-D0DED8B0A473}" = CCC Help Polish "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail "{49DC7D87-B9F9-4782-9386-B7F13BC75E48}" = Adobe Creative Suite 5 Design Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D27EAF3-5029-65C1-F240-48B1335F129B}" = CCC Help French "{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{4E803843-C363-50D6-6CB2-5F11D667602D}" = CCC Help Danish "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger "{545C7FEC-BC4C-41DA-D6C1-59513E428CBE}" = CCC Help Norwegian "{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack "{54FCE80F-7ED4-4612-29EA-3CBE66313038}" = CCC Help Czech "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57CA189D-BAEB-49BC-AE75-CE70E9B775E1}" = Catalyst Control Center - Branding "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項 "{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{68AFA3A7-9265-4ABD-994A-ACA413E3715C}" = Nero Multimedia Suite 10 Essentials "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6C25E9F7-D3F2-77A7-6C10-C1BD7B6C6280}" = CCC Help Dutch "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{76454862-992F-4A12-9D61-76E52A1C6922}" = Windows Live Messenger "{76C064E2-BB99-4453-8FDA-42BC01AD0734}" = Control ActiveX del Windows Live Mesh per a connexions remotes "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7BA6DF02-B094-45D7-A3C9-BE3684253922}" = Urruneko konexioetarako Windows Live Mesh ActiveX kontrola "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources "{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13 "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{84402369-AD42-8C41-090F-468BC3B1CEBB}" = CCC Help Chinese Traditional "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime "{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{89CD148A-64A8-18AA-E2E0-AF784B03D14E}" = CCC Help Hungarian "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AA9248E-C0E7-F51E-5B0E-F9C00D8663C8}" = Catalyst Control Center Localization All "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย) "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AAFDD7EF-1580-E9B2-6723-EBB386DD3253}" = CCC Help Thai "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B22FB9DD-BA6C-CFCF-C31F-C19E611D6B7D}" = CCC Help Spanish "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B5DAF7CF-928B-3A5E-7BF5-8CCE4F5F69A4}" = CCC Help Chinese Standard "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst "{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0083B85-A6DE-12E3-4AD3-AC4D44854222}" = CCC Help Italian "{D069BF2F-8648-B4CE-FB72-09B1ABC74288}" = Catalyst Control Center Profiles Mobile "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D265857F-A9CB-C813-7F98-13A210DEF14C}" = Catalyst Control Center "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D57EE916-8D07-12B9-AEE6-95579E3ED100}" = CCC Help Greek "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{DFB53C63-3092-9EE6-3628-541479E81347}" = CCC Help Portuguese "{DFF8BA6D-A415-F77C-2AAC-C1413B5D75E4}" = Catalyst Control Center InstallProxy "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة "{E22F5F97-BEFE-9ACB-8410-9DD3AC2C4D8D}" = CCC Help Swedish "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger "{F3080E90-9674-1627-2654-98437E7B31ED}" = CCC Help German "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™ "{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger "5513-1208-7298-9440" = JDownloader 0.9 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age of Mythology 1.0" = Age of Mythology "Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion "Avira AntiVir Desktop" = Avira Free Antivirus "Battlelog Web Plugins" = Battlelog Web Plugins "BitTorrent" = BitTorrent "Call of Duty Modern Warfare 3 (c) Activision_is1" = Call of Duty Modern Warfare 3 (c) Activision version 1 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Crysis 3 Repack" = Crysis 3 Repack "DAEMON Tools Pro" = DAEMON Tools Pro "DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar "ESN Sonar-0.70.4" = ESN Sonar "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212 "Identity Card" = Identity Card "InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks "InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Video Web Camera "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "JAP" = JAP "LManager" = Launch Manager "Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Home and Business 2010 "Origin" = Origin "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Welcome Center" = Welcome Center "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "PunkBusterSvc" = PunkBuster Services "QUICKfind" = QUICKfind server v1.1 "SDR2" = Schlag den Raab - Das 2. Spiel "SopCast" = SopCast 3.5.0 "TeamViewer 8" = TeamViewer 8 "TmNationsForever_is1" = TmNationsForever "Veetle TV" = Veetle TV "VMware_Workstation" = VMware Workstation "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Wireshark" = Wireshark 1.6.5 "WTA-097698c1-ac2b-4e3d-a584-f63e3f261045" = Agatha Christie - Death on the Nile "WTA-120799f0-decd-4f3f-857a-8bc7404ae492" = Wedding Dash "WTA-18abb06b-0abb-4d88-9c73-de3aadd15103" = Penguins! "WTA-198068e5-fa33-4f27-b2b8-8e9d7438b83e" = Plants vs. Zombies - Game of the Year "WTA-44391705-247a-493c-a4dd-88ea6450c175" = John Deere Drive Green "WTA-474ec203-5ddd-4a75-a64b-056bb519612d" = FATE "WTA-50a654fd-b1f8-4d05-a6e2-3f04ed31ec0a" = Torchlight "WTA-544ebf27-7649-426a-9c98-55f573341600" = Virtual Villagers 4 - The Tree of Life "WTA-74d60564-628e-4dee-98c8-3c381d2669ff" = Chuzzle Deluxe "WTA-797aedb6-f9fb-45f5-a323-ceab520450f7" = Zuma Deluxe "WTA-8ea8b43b-6a90-4f9d-937f-188d87e36658" = Crazy Chicken Kart 2 "WTA-b198e30f-f931-4a65-9b2e-eaf7229a5db8" = Jewel Match 3 "WTA-be3d23a3-2793-4792-a873-a0675508f340" = Jewel Quest Solitaire "WTA-cd76a674-7f8b-4b7b-867e-4143b820cb60" = Mystery of Mortlake Mansion "WTA-d7d8d478-27c9-4e67-87cc-ada6d6487503" = Bejeweled 2 Deluxe "WTA-da034eb0-f51a-4b04-bde2-1fe1e0d0111a" = Slingo Deluxe "WTA-ec963444-8ef3-469c-89bd-b3f7849e1def" = Final Drive: Nitro "WTA-f5a2092c-8af5-430b-a2d8-c2facd1c8f6c" = Polar Bowler "WTA-fe57456c-c679-493a-b16a-aaca21193f05" = Insaniquarium Deluxe ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22.06.2013 06:54:45 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0x164 Startzeit der fehlerhaften Anwendung: 0x01ce6f36e7c8219e Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 25a43149-db2a-11e2-9400-b870f487d6cf Error - 22.06.2013 06:55:46 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0x550 Startzeit der fehlerhaften Anwendung: 0x01ce6f370c089992 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 49f5c07d-db2a-11e2-9400-b870f487d6cf Error - 22.06.2013 06:56:46 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0x4f8 Startzeit der fehlerhaften Anwendung: 0x01ce6f37305b885a Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 6e3af372-db2a-11e2-9400-b870f487d6cf Error - 22.06.2013 06:57:48 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0x1170 Startzeit der fehlerhaften Anwendung: 0x01ce6f3755083133 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 92ee5324-db2a-11e2-9400-b870f487d6cf Error - 22.06.2013 06:58:49 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0x10c4 Startzeit der fehlerhaften Anwendung: 0x01ce6f37795357ae Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: b73274a5-db2a-11e2-9400-b870f487d6cf Error - 22.06.2013 06:59:50 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0x124c Startzeit der fehlerhaften Anwendung: 0x01ce6f379dab0179 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: db8d04aa-db2a-11e2-9400-b870f487d6cf Error - 22.06.2013 07:00:51 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0x63c Startzeit der fehlerhaften Anwendung: 0x01ce6f37c248b5f9 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 00233eff-db2b-11e2-9400-b870f487d6cf Error - 22.06.2013 07:01:52 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0xb30 Startzeit der fehlerhaften Anwendung: 0x01ce6f37e68a8d82 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 247172c6-db2b-11e2-9400-b870f487d6cf Error - 22.06.2013 07:02:53 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0x124c Startzeit der fehlerhaften Anwendung: 0x01ce6f380aeae9fd Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 48c7e40b-db2b-11e2-9400-b870f487d6cf Error - 22.06.2013 07:03:55 | Computer Name = Nico-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74ddc9f1 ID des fehlerhaften Prozesses: 0xc64 Startzeit der fehlerhaften Anwendung: 0x01ce6f3830057172 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 6dee046b-db2b-11e2-9400-b870f487d6cf [ System Events ] Error - 22.06.2013 06:58:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 06:59:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 07:00:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 07:01:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 07:02:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 07:03:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 07:04:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 07:05:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 07:06:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Error - 22.06.2013 07:07:00 | Computer Name = Nico-PC | Source = Service Control Manager | ID = 7023 Description = Anhang 56868 und gmer.exe nach bluescreen dies : Anhang 56869 Ich wäre froh wenn mir jemand helfen könnte. Vielen Dank schonmal im vorraus! |
24.06.2013, 08:43 | #2 |
/// the machine /// TB-Ausbilder | Echtzeitscanner meldet Problem: services.exe w32/patched.uc Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
24.06.2013, 13:39 | #3 |
| Echtzeitscanner meldet Problem: services.exe w32/patched.uc Erst einmal vielen Dank das du dir mein Problem annimmst
__________________Also FRST.txt ist folgende: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 Ran by Nico (administrator) on 24-06-2013 14:29:43 Running from C:\Users\Nico\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\system32\services.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe () C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe () C:\Users\Nico\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [CD- und DVD-Sharing] "C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe" [582256 2010-04-16] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated) HKCU\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKCU\...\Run: [AdobeBridge] [x] HKCU\...\Run: [Google Update] "C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-26] (Google Inc.) HKCU\...\Run: [Facebook Update] "C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-01-04] (Facebook Inc.) MountPoints2: {ba655669-f6a7-11e1-8ea2-b870f487d6cf} - G:\Autorun.exe HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129648 2011-09-23] (VMware, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] () AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{16cdf~1\browse~1.dll [2521552 2013-06-03] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com URLSearchHook: (No Name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No File URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=031012_ccp_4012_8&babsrc=SP_ss&mntrId=2cba4256000000000000d0df9a96774e SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=23B62FAA28623C9359D0A45077CD7277&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 C:\Windows\System32\socketspy.dll File Not found () Winsock: Catalog9 02 C:\Windows\System32\socketspy.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog9 12 mswsock.dll File Not found () Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.) Winsock: Catalog9 14 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.) Winsock: Catalog9 15 C:\Windows\System32\socketspy.dll File Not found () Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Winsock: Catalog9-x64 02 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Winsock: Catalog9-x64 03 mswsock.dll File Not found () Winsock: Catalog9-x64 04 mswsock.dll File Not found () Winsock: Catalog9-x64 05 mswsock.dll File Not found () Winsock: Catalog9-x64 06 mswsock.dll File Not found () Winsock: Catalog9-x64 07 mswsock.dll File Not found () Winsock: Catalog9-x64 08 mswsock.dll File Not found () Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Winsock: Catalog9-x64 11 mswsock.dll File Not found () Winsock: Catalog9-x64 12 mswsock.dll File Not found () Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.) Winsock: Catalog9-x64 14 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.) Winsock: Catalog9-x64 15 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Lavasoft Search Plugin - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF Extension: DVDVideoSoftTB DE - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} FF Extension: Yahoo! Toolbar - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= CHR Extension: () - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.14.250.13_0 CHR Extension: () - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\2.3.19.11_0 CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0 CHR Extension: (StumbleUpon) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-28] (Avira Operations GmbH & Co. KG) R2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [3085264 2013-06-03] () R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [39528 2011-01-18] (Acer Incorporated) R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-03-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) R2 StumbleUponUpdater; C:\Users\Nico\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-04] (Duplex Secure Ltd.) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-07-19] (Oracle Corporation) R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.) R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.) S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-24 14:20 - 2013-06-24 14:20 - 00000000 ____D C:\FRST 2013-06-24 14:19 - 2013-06-24 14:19 - 01931364 ____A (Farbar) C:\Users\Nico\Downloads\FRST64.exe 2013-06-23 13:01 - 2013-06-23 13:31 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar 2013-06-23 12:17 - 2013-06-23 21:54 - 93616457 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar.part 2013-06-23 11:21 - 2013-06-23 11:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{1D2962E8-3E0C-42C5-A949-111D92C99983} 2013-06-22 17:29 - 2013-06-22 17:29 - 00262144 ____A C:\Windows\Minidump\062213-26738-01.dmp 2013-06-22 13:45 - 2013-06-22 17:29 - 580052725 ____A C:\Windows\MEMORY.DMP 2013-06-22 13:45 - 2013-06-22 17:29 - 00000000 ____D C:\Windows\Minidump 2013-06-22 13:45 - 2013-06-22 13:45 - 00262144 ____A C:\Windows\Minidump\062213-29936-01.dmp 2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable 2013-06-22 12:29 - 2013-06-22 13:50 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus 2013-06-22 12:21 - 2013-06-23 12:16 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar 2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable 2013-06-21 14:19 - 2013-06-21 14:20 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe 2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-21 13:57 - 2013-06-24 14:16 - 00000616 ____A C:\Windows\setupact.log 2013-06-21 13:57 - 2013-06-21 13:57 - 00000000 ____A C:\Windows\setuperr.log 2013-06-21 13:56 - 2013-06-21 13:56 - 00000824 ____A C:\Windows\PFRO.log 2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd 2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico 2013-06-20 22:16 - 2013-06-20 22:30 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-06-20 22:15 - 2013-06-22 11:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc 2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN 2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe 2013-06-20 22:07 - 2013-06-20 22:42 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar 2013-06-20 20:02 - 2013-06-20 20:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\File Scout 2013-06-20 20:02 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe 2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe 2013-06-20 19:21 - 2013-06-20 19:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{F9859730-4A8B-4935-96F9-B5159219BD09} 2013-06-18 16:39 - 2013-06-18 16:39 - 00000000 ____D C:\Users\Nico\AppData\Local\{A3B9C5E6-D87F-4DB1-AA34-8258F0A6D317} 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008 2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS 2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982 2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\Program Files\iTunes 2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod 2013-06-14 14:31 - 2013-06-12 21:15 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo 2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk 2013-06-13 17:22 - 2013-06-13 21:27 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar 2013-06-12 15:53 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 15:53 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 15:53 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 15:53 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 15:53 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 15:53 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 15:53 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-12 15:53 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 15:53 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-12 15:53 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-12 15:53 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 15:53 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 15:53 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 15:53 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 15:53 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-12 15:53 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-12 15:53 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 15:53 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 15:53 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 15:53 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 15:53 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 15:53 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-12 15:53 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-12 15:53 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 15:53 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 15:53 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-12 15:53 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-12 15:53 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 15:53 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 15:53 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-12 15:53 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 15:53 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 14:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 14:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 14:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 14:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 14:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 14:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 14:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 14:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 14:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 13:55 - 2013-06-11 13:55 - 00000000 ____D C:\Users\Nico\AppData\Local\{4FC71047-D567-49F4-BF1A-EE9BEC968BA8} 2013-06-08 18:41 - 2013-06-08 18:41 - 00000000 ____D C:\Users\Nico\AppData\Local\{D8BDBDB0-6714-480D-91FC-2F101077576A} 2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk ==================== One Month Modified Files and Folders ======= 2013-06-24 14:30 - 2012-08-29 20:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-24 14:30 - 2012-08-26 15:03 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job 2013-06-24 14:29 - 2012-04-21 12:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype 2013-06-24 14:24 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-24 14:24 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-24 14:20 - 2013-06-24 14:20 - 00000000 ____D C:\FRST 2013-06-24 14:20 - 2011-08-18 13:46 - 00765954 ____A C:\Windows\System32\perfh007.dat 2013-06-24 14:20 - 2011-08-18 13:46 - 00174834 ____A C:\Windows\System32\perfc007.dat 2013-06-24 14:20 - 2009-07-14 07:13 - 01808082 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-24 14:19 - 2013-06-24 14:19 - 01931364 ____A (Farbar) C:\Users\Nico\Downloads\FRST64.exe 2013-06-24 14:16 - 2013-06-21 13:57 - 00000616 ____A C:\Windows\setupact.log 2013-06-24 14:16 - 2012-01-13 17:01 - 00000000 ____D C:\ProgramData\VMware 2013-06-24 14:16 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-23 21:54 - 2013-06-23 12:17 - 93616457 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar.part 2013-06-23 21:00 - 2012-08-26 15:03 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job 2013-06-23 20:51 - 2013-01-04 00:04 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job 2013-06-23 13:31 - 2013-06-23 13:01 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar 2013-06-23 13:24 - 2012-06-06 21:16 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify 2013-06-23 12:16 - 2013-06-22 12:21 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar 2013-06-23 11:48 - 2011-12-19 17:33 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-06-23 11:21 - 2013-06-23 11:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{1D2962E8-3E0C-42C5-A949-111D92C99983} 2013-06-22 17:29 - 2013-06-22 17:29 - 00262144 ____A C:\Windows\Minidump\062213-26738-01.dmp 2013-06-22 17:29 - 2013-06-22 13:45 - 580052725 ____A C:\Windows\MEMORY.DMP 2013-06-22 17:29 - 2013-06-22 13:45 - 00000000 ____D C:\Windows\Minidump 2013-06-22 13:50 - 2013-06-22 12:29 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus 2013-06-22 13:45 - 2013-06-22 13:45 - 00262144 ____A C:\Windows\Minidump\062213-29936-01.dmp 2013-06-22 13:33 - 2011-12-14 09:59 - 00000000 ____D C:\Users\Nico\AppData\Local\CrashDumps 2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable 2013-06-22 12:41 - 2011-12-08 15:43 - 00000000 ____D C:\users\Nico 2013-06-22 11:30 - 2013-06-20 22:15 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc 2013-06-22 11:18 - 2013-03-19 22:58 - 00629248 __ASH C:\Users\Nico\Desktop\Thumbs.db 2013-06-21 23:08 - 2013-01-04 00:03 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job 2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable 2013-06-21 14:20 - 2013-06-21 14:19 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe 2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-21 13:57 - 2013-06-21 13:57 - 00000000 ____A C:\Windows\setuperr.log 2013-06-21 13:56 - 2013-06-21 13:56 - 00000824 ____A C:\Windows\PFRO.log 2013-06-20 22:42 - 2013-06-20 22:07 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar 2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd 2013-06-20 22:30 - 2013-06-20 22:16 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico 2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN 2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe 2013-06-20 22:08 - 2012-01-12 19:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\BitTorrent 2013-06-20 20:02 - 2013-06-20 20:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\File Scout 2013-06-20 19:44 - 2012-01-12 19:09 - 00000000 ____D C:\Program Files (x86)\BitTorrent 2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe 2013-06-20 19:21 - 2013-06-20 19:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{F9859730-4A8B-4935-96F9-B5159219BD09} 2013-06-19 18:38 - 2012-06-06 21:17 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify 2013-06-19 15:31 - 2012-08-26 15:05 - 00002374 ____A C:\Users\Nico\Desktop\Google Chrome.lnk 2013-06-18 16:39 - 2013-06-18 16:39 - 00000000 ____D C:\Users\Nico\AppData\Local\{A3B9C5E6-D87F-4DB1-AA34-8258F0A6D317} 2013-06-18 15:50 - 2011-12-09 15:06 - 01786150 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-18 15:32 - 2012-03-26 20:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0 2013-06-18 15:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008 2013-06-17 21:28 - 2012-03-26 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS 2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982 2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iTunes 2013-06-17 18:08 - 2012-10-13 14:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod 2013-06-14 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk 2013-06-13 21:27 - 2013-06-13 17:22 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar 2013-06-12 21:15 - 2013-06-14 14:31 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo 2013-06-12 21:15 - 2013-02-06 22:32 - 00000341 ____A C:\Users\Nico\Downloads\www.goldesel.to - www.charts.to .txt 2013-06-12 21:15 - 2013-02-06 22:32 - 00000291 ____A C:\Users\Nico\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url 2013-06-12 21:15 - 2013-02-06 22:32 - 00000220 ____A C:\Users\Nico\Downloads\Goldesel.to - Die Seite fuer Direkt-Downloads aller Art.url 2013-06-12 18:30 - 2012-04-14 15:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 18:30 - 2011-07-25 12:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 15:51 - 2011-12-17 14:27 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 15:07 - 2013-01-24 18:29 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-12 15:07 - 2011-07-25 11:54 - 00000000 ____D C:\ProgramData\Skype 2013-06-11 13:55 - 2013-06-11 13:55 - 00000000 ____D C:\Users\Nico\AppData\Local\{4FC71047-D567-49F4-BF1A-EE9BEC968BA8} 2013-06-10 16:40 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-08 18:41 - 2013-06-08 18:41 - 00000000 ____D C:\Users\Nico\AppData\Local\{D8BDBDB0-6714-480D-91FC-2F101077576A} 2013-06-08 17:43 - 2011-12-15 23:13 - 00000616 ____A C:\Users\Nico\Documents\ax_files.xml 2013-06-07 13:44 - 2012-11-05 18:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Origin 2013-06-07 13:44 - 2012-11-05 18:07 - 00000000 ____D C:\Program Files (x86)\Origin 2013-06-05 15:46 - 2013-04-13 19:06 - 00000000 __SHD C:\Users\Nico\wc 2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk 2013-06-05 09:21 - 2012-10-06 16:46 - 00000000 ____D C:\ProgramData\Browser Manager 2013-06-03 17:21 - 2013-04-07 11:47 - 01130496 ____A C:\Users\Nico\Desktop\Schuppenat_Noel_09A (2).lpo 2013-05-28 15:05 - 2013-06-20 20:02 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe ZeroAccess: C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c} C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L\00000004.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L\76603ac3 C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\00000004.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\00000008.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\000000cb.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000000.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000032.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____N () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION! C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender LastRegBack: 2013-06-14 22:11 ==================== End Of Log ============================ und in der Addition.txt steht: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2013 Ran by Nico at 2013-06-24 14:31:16 Running from C:\Users\Nico\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? (x32 Version: 15.4.5722.2) ???? ??? Windows Live (x32 Version: 15.4.3502.0922) ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? (x32 Version: 15.4.5722.2) ???? Windows Live (x32 Version: 15.4.3502.0922) ?????? ??????? ?? Windows Live (x32 Version: 15.4.3502.0922) ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? (x32 Version: 15.4.5722.2) ??????? Windows Live Mesh ActiveX ??? (x32 Version: 15.4.5722.2) ???????? ?????????? Windows Live (x32 Version: 15.4.3502.0922) ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) (x32 Version: 15.4.5722.2) ?????????? Windows Live (x32 Version: 15.4.3502.0922) ??????????? ?? Windows Live (x32 Version: 15.4.3502.0922) 64 Bit HP CIO Components Installer (Version: 6.2.2) ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? (x32 Version: 15.4.5722.2) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (x32 Version: 15.4.5722.2) Adobe AIR (x32 Version: 1.5.3.9120) Adobe Community Help (x32 Version: 3.0.0) Adobe Community Help (x32 Version: 3.0.0.400) Adobe Creative Suite 5 Design Standard (x32 Version: 5.0) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Media Player (x32 Version: 1.8) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98) Age of Mythology - The Titans Expansion (x32) Age of Mythology (x32) AMD APP SDK Runtime (Version: 2.4.650.9) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36) ATI Catalyst Install Manager (Version: 3.0.829.0) Avira Free Antivirus (x32 Version: 13.0.0.3640) Battlefield 3™ (x32 Version: 1.6.0.0) Battlelog Web Plugins (x32 Version: 2.1.3) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95) BitTorrent (x32 Version: 7.8.0.29676) Bonjour (Version: 3.0.0.10) Browser Manager (x32) Call of Duty Modern Warfare 3 (c) Activision version 1 (x32 Version: 1) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2011.0524.2352.41027) Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027) Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027) Catalyst Control Center Profiles Mobile (x32 Version: 2011.0524.2352.41027) CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027) CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027) CCC Help Czech (x32 Version: 2011.0524.2351.41027) CCC Help Danish (x32 Version: 2011.0524.2351.41027) CCC Help Dutch (x32 Version: 2011.0524.2351.41027) CCC Help English (x32 Version: 2011.0524.2351.41027) CCC Help Finnish (x32 Version: 2011.0524.2351.41027) CCC Help French (x32 Version: 2011.0524.2351.41027) CCC Help German (x32 Version: 2011.0524.2351.41027) CCC Help Greek (x32 Version: 2011.0524.2351.41027) CCC Help Hungarian (x32 Version: 2011.0524.2351.41027) CCC Help Italian (x32 Version: 2011.0524.2351.41027) CCC Help Japanese (x32 Version: 2011.0524.2351.41027) CCC Help Korean (x32 Version: 2011.0524.2351.41027) CCC Help Norwegian (x32 Version: 2011.0524.2351.41027) CCC Help Polish (x32 Version: 2011.0524.2351.41027) CCC Help Portuguese (x32 Version: 2011.0524.2351.41027) CCC Help Russian (x32 Version: 2011.0524.2351.41027) CCC Help Spanish (x32 Version: 2011.0524.2351.41027) CCC Help Swedish (x32 Version: 2011.0524.2351.41027) CCC Help Thai (x32 Version: 2011.0524.2351.41027) CCC Help Turkish (x32 Version: 2011.0524.2351.41027) ccc-utility64 (Version: 2011.0524.2352.41027) CCleaner (Version: 4.01) CD- und DVD-Sharing (Version: 1.4.1.3) Chuzzle Deluxe (x32 Version: 2.2.0.95) Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2) Control ActiveX del Windows Live Mesh per a connexions remotes (x32 Version: 15.4.5722.2) Control ActiveX Windows Live Mesh pentru conexiuni la distan?a (x32 Version: 15.4.5722.2) Controle ActiveX do Windows Live Mesh para Conexões Remotas (x32 Version: 15.4.5722.2) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2) Crazy Chicken Kart 2 (x32 Version: 2.2.0.97) Crysis 3 Repack (x32) Crystal Reports for Visual Studio (x32 Version: 12.51.0.240) CyberLink MediaEspresso (x32 Version: 6.5.2113_41116) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Pro (x32 Version: 5.1.0.0333) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000) Dotfuscator Software Services - Community Edition - DEU (x32 Version: 5.0.2300.0) Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2500.0) DVDVideoSoftTB DE Toolbar (x32 Version: 6.9.0.16) ESN Sonar (x32 Version: 0.70.4) Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287) FATE (x32 Version: 2.2.0.97) Final Drive: Nitro (x32 Version: 2.2.0.95) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych (x32 Version: 15.4.5722.2) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922) Free YouTube to MP3 Converter version 3.11.37.1212 (x32 Version: 3.11.37.1212) FUSSBALL MANAGER 13 (x32 Version: 1.0.1.0) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922) Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922) Galeria fotografii uslugi Windows Live (x32 Version: 15.4.3502.0922) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Galerie foto Windows Live (x32 Version: 15.4.3502.0922) Google Chrome (HKCU Version: 27.0.1453.116) HomeMedia (x32 Version: 2.0.8920) Hotfix für Microsoft Team Foundation Server 2010-Objektmodell - DEU (KB2813041) (x32 Version: 1) Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2529927) (x32 Version: 1) Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2548139) (x32 Version: 1) Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2549864) (x32 Version: 1) Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2635973) (x32 Version: 1) Hotfix für Microsoft Visual Studio 2010 Professional - DEU (KB2813041) (x32 Version: 1) HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (Version: 14.0) iCloud (Version: 2.1.1.3) ICQ7.7 (x32 Version: 7.7) Identity Card (x32 Version: 1.00.3501) Insaniquarium Deluxe (x32 Version: 2.2.0.97) Intel(R) Display Audio Driver (x32 Version: 6.14.00.3074) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004) iTunes (Version: 11.0.4.4) JAP (x32 Version: 00.16.006) Java Auto Updater (x32 Version: 2.0.6.1) Java(TM) 6 Update 31 (x32 Version: 6.0.310) JDownloader 0.9 (x32 Version: 0.9) Jewel Match 3 (x32 Version: 2.2.0.97) Jewel Quest Solitaire (x32 Version: 2.2.0.95) John Deere Drive Green (x32 Version: 2.2.0.95) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kontrola Windows Live Mesh ActiveX za daljinske veze (x32 Version: 15.4.5722.2) Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2) Launch Manager (x32 Version: 5.1.7) Medal of Honor (TM) (x32 Version: 1.0.0.0) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000) Microsoft ASP.NET MVC 2 - DEU (x32 Version: 2.0.50331.0) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU (x32 Version: 2.0.50331.0) Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0) Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319) Microsoft Help Viewer 1.1 (Version: 1.1.40219) Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219) Microsoft IntelliPoint 8.2 (Version: 8.20.468.0) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Silverlight 3 SDK - Deutsch (x32 Version: 3.0.40818.0) Microsoft Silverlight 4 SDK - Deutsch (x32 Version: 4.0.50826.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0) Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22) Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0) Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0) Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0) Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0) Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1750.9) Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1750.9) Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst (x32 Version: 10.50.1752.9) Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework (x32 Version: 10.50.1750.9) Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt (x32 Version: 10.50.1750.9) Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0) Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0) Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8) Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9) Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9) Microsoft SQL Server VSS Writer (Version: 10.1.2531.0) Microsoft Sync Framework Runtime v1.0 SP1 (x64) de (Version: 1.0.3010.0) Microsoft Sync Framework SDK v1.0 SP1 de (x32 Version: 1.0.3010.0) Microsoft Sync Framework Services v1.0 SP1 (x64) de (Version: 1.0.3010.0) Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de (Version: 2.0.3010.0) Microsoft Team Foundation Server 2010 Object Model - DEU (Version: 10.0.40219) Microsoft Team Foundation Server 2010-Objektmodell - DEU (Version: 10.0.40219) Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219) Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.40219) Microsoft Visual F# 2.0 Runtime Language Pack - DEU (x32 Version: 10.0.30319) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219) Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU (Version: 10.0.40219) Microsoft Visual Studio 2010 Professional - DEU (x32 Version: 10.0.30319) Microsoft Visual Studio 2010 Professional - DEU (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31007) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.31007) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (Version: 10.0.31007) Microsoft Visual Studio Macro Tools - DEU Language Pack (x32 Version: 9.0.30729) Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729) Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML4 Parser (x32 Version: 1.0.0) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98) Nero BackItUp 10 (x32 Version: 5.8.11000.8.100) Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700) Nero Control Center 10 (x32 Version: 10.6.12700.0.7) Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700) Nero Core Components 10 (x32 Version: 2.0.19900.9.11) Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100) Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000) Nero Express 10 (x32 Version: 10.6.10700.5.100) Nero Express 10 Help (CHM) (x32 Version: 10.6.10700) Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300) Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300) Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100) Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700) Nero StartSmart 10 (x32 Version: 10.2.11600.14.100) Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000) Nero Update (x32 Version: 1.0.10900.31.0) Network64 (Version: 140.0.215.000) Norton Online Backup (x32 Version: 2.1.17869) NVIDIA PhysX (x32 Version: 9.09.0203) Oracle VM VirtualBox 4.1.0 (Version: 4.1.0) Origin (x32 Version: 9.1.10.2728) Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení (x32 Version: 15.4.5722.2) Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (x32 Version: 15.4.5722.2) Packard Bell Games (x32 Version: 1.0.2.5) Packard Bell Power Management (x32 Version: 6.00.3007) Packard Bell Recovery Management (x32 Version: 5.00.3502) Packard Bell Registration (x32 Version: 1.04.3502) Packard Bell ScreenSaver (x32 Version: 1.1.1025.2010) Packard Bell Social Networks (x32 Version: 3.0.3106) Packard Bell Updater (x32 Version: 1.02.3502) PDF Settings CS5 (x32 Version: 10.0) Penguins! (x32 Version: 2.2.0.95) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95) Poczta uslugi Windows Live (x32 Version: 15.4.3502.0922) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922) Polar Bowler (x32 Version: 2.2.0.97) Pošta Windows Live (x32 Version: 15.4.3502.0922) Pro Evolution Soccer 2012 (x32 Version: 1.00.0000) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) PunkBuster Services (x32 Version: 0.991) PX Profile Update (x32 Version: 1.00.1.) PxMergeModule (x32 Version: 1.00.0000) QUICKfind server v1.1 (x32) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6329) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123) S?????? f?t???af??? t?? Windows Live (x32 Version: 15.4.3502.0922) Scan (x32 Version: 140.0.80.000) Schlag den Raab - Das 2. Spiel (x32 Version: 1.0) Secure Download Manager (x32 Version: 3.1.01) Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0) Sicherheitsupdate für Microsoft Visual Studio 2010 Professional - DEU (KB2645410) (x32 Version: 1) SimCity™ (x32 Version: 1.0.0.0) Skype™ 6.5 (x32 Version: 6.5.158) Slingo Deluxe (x32 Version: 2.2.0.95) SopCast 3.5.0 (x32 Version: 3.5.0) Spotify (HKCU Version: 0.9.1.53.g876fa9df) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0) St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? (x32 Version: 15.4.5722.2) Stronghold 2 Deluxe (x32 Version: 1.40.100) Synaptics Pointing Device Driver (Version: 15.1.6.0) TeamViewer 8 (x32 Version: 8.0.16642) TmNationsForever (x32) Toolbox (x32 Version: 140.0.428.000) tools-freebsd (x32 Version: 8.4.8.19539) tools-linux (x32 Version: 8.4.8.19539) tools-netware (x32 Version: 8.4.8.19539) tools-solaris (x32 Version: 8.4.8.19539) tools-windows (x32 Version: 8.4.8.19539) tools-winPre2k (x32 Version: 8.4.8.19539) Torchlight (x32 Version: 2.2.0.97) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0) Ufasoft SocksChain (Version: 4.214) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (Version: 10.1.2731.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update Installer for WildTangent Games App (x32) Urruneko konexioetarako Windows Live Mesh ActiveX kontrola (x32 Version: 15.4.5722.2) Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2) Veetle TV (x32 Version: 0.9.19) Video Web Camera (x32 Version: 1.5.2904.00) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97) Visual Studio 2010 Prerequisites - English (Version: 10.0.40219) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0) VLC media player 2.0.7 (Version: 2.0.7) VMware Workstation (x32 Version: 7.1.5.19539) WCF RIA Services V1.0 SP1 (x32 Version: 4.1.60114.0) Web Deployment Tool (Version: 1.1.0618) Wedding Dash (x32 Version: 2.2.0.95) Welcome Center (x32 Version: 1.02.3503) WildTangent Games App (Packard Bell Games) (x32 Version: 4.0.5.14) Windows Live ??? (x32 Version: 15.4.3502.0922) Windows Live ???? (x32 Version: 15.4.3502.0922) Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogaléria (x32 Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live Fotogalleri (x32 Version: 15.4.3502.0922) Windows Live Fotograf Galerisi (x32 Version: 15.4.3502.0922) Windows Live Fotótár (x32 Version: 15.4.3502.0922) Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922) Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz (x32 Version: 15.4.5722.2) Windows Live Meshin etäyhteyksien ActiveX-komponentti (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922) Windows Liven sähköposti (x32 Version: 15.4.3502.0922) Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922) WinPcap 4.1.2 (x32 Version: 4.1.0.2001) WinRAR 4.01 (64-Bit) (Version: 4.01.0) Wireshark 1.6.5 (x32 Version: 1.6.5) Zuma Deluxe (x32 Version: 2.2.0.95) ==================== Restore Points ========================= 17-06-2013 19:16:35 Windows Update 18-06-2013 12:55:21 Windows Update 19-06-2013 12:46:32 Windows Update 19-06-2013 17:45:09 Windows Update 20-06-2013 20:31:50 Avira Free Antivirus - 20.06.2013 22:31 21-06-2013 12:06:01 Avira Free Antivirus - 21.06.2013 14:05 ==================== Hosts content: ========================== # Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # # # 127.0.0.1 localhost # 127.0.0.1 adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 hl2rcv.adobe.com 127.0.0.1 adobeereg.com 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com There are more than 18 lines starting with "127.0.0.1" ==================== Scheduled Tasks (whitelisted) ============= Task: {0320B9DC-1004-423C-B96C-A22A55467142} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-09-13] (CyberLink) Task: {0E47BA5F-4A50-47B2-8705-6EEABE026B9B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {25D65487-8DFE-4383-98FB-A8DDD9629869} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core => C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.) Task: {2F29E746-6E94-4F7E-912D-389E4422908C} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {3996923F-9B0B-4727-875D-FC7B9C7C8E69} - System32\Tasks\{61E8812A-EB1C-4F10-95B4-4FB407A6F338} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-05-17] (Mozilla Corporation) Task: {3D1B8FA9-B468-4A8F-9D88-3F58670A827B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA => C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04] (Facebook Inc.) Task: {4013BD20-98CD-41B0-AA1A-2BAF129AE5A6} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {4559DF9B-0740-436E-9DE8-E5D82D3A133E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {46A1E049-7849-4E5C-8993-7F41C2253F2C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe No File Task: {4CBCFB91-1206-4F84-B46E-DE391327D07E} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-07-06] (Nero AG) Task: {5C090EA1-7DD6-47C5-AFE2-39CD5F741710} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {6F053358-D023-4DF9-8659-8DE8CFBFCBAC} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {93016C2D-1FBA-44A9-8CE7-DF1927D87375} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {A2E159C4-B334-433F-BF7C-33287588921E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core => C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04] (Facebook Inc.) Task: {A8C947F3-6654-4E67-87E8-E6059A991CB7} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-05-10] (Adobe Systems Incorporated) Task: {A94A3A7A-254A-4182-8DE9-B085414417E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {BEFFE672-36B3-4B9F-A66B-A377AE80D2CE} - System32\Tasks\{4FEE1FBB-A870-4ACC-9858-44AAF5FDBE45} => C:\Users\Nico\Downloads\Emergency4_Patch1.3DE.exe No File Task: {BFC9EEFF-9CA4-44C5-8E48-A3E4CEE57E95} - System32\Tasks\AdobeAAMUpdater-1.0-Nico-PC-Nico => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated) Task: {C0B63EBA-BB74-4053-AECD-5F436FED351B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {DE4761EE-E400-467B-9A5A-0B33CD7C84B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA => C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.) ==================== Faulty Device Manager Devices ============= Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SBRE Description: SBRE Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SBRE Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: VirtualBox Host-Only Ethernet Adapter Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet F4500 series Description: Deskjet F4500 series Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/24/2013 02:31:18 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0x14b0 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/24/2013 02:30:17 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0x7f8 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/24/2013 02:30:00 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e243 ID des fehlerhaften Prozesses: 0x115c Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (06/24/2013 02:29:16 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0xd94 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/24/2013 02:28:15 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0x1310 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/24/2013 02:27:14 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0xc10 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/24/2013 02:26:12 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0x15d0 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/24/2013 02:25:12 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0x17ec Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/24/2013 02:24:11 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0x113c Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 Error: (06/24/2013 02:23:10 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f5c9f1 ID des fehlerhaften Prozesses: 0x1604 Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0 Pfad der fehlerhaften Anwendung: svchost.exe1 Pfad des fehlerhaften Moduls: svchost.exe2 Berichtskennung: svchost.exe3 System errors: ============= Error: (06/24/2013 02:31:30 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "Packard Bell" den Befehl "chkdsk" aus. Error: (06/24/2013 02:17:09 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/24/2013 02:16:55 PM) (Source: Service Control Manager) (User: ) Description: Heimnetzgruppen-AnbieterFunktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (06/24/2013 02:16:55 PM) (Source: Service Control Manager) (User: ) Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (06/24/2013 02:16:49 PM) (Source: Service Control Manager) (User: ) Description: SBRE Error: (06/24/2013 02:16:24 PM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Error: (06/24/2013 02:16:15 PM) (Source: Service Control Manager) (User: ) Description: Funktionssuche-Ressourcenveröffentlichung%%-2147024891 Error: (06/24/2013 02:16:15 PM) (Source: Service Control Manager) (User: ) Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE Error: (06/24/2013 02:16:09 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (06/23/2013 09:56:16 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Microsoft Office Sessions: ========================= Error: (06/24/2013 02:31:18 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f114b001ce70d6b96d1b80C:\Windows\SysWOW64\svchost.exeunknownf752a12e-dcc9-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:30:17 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f17f801ce70d69520203dC:\Windows\SysWOW64\svchost.exeunknownd2fa3411-dcc9-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:30:00 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e243115c01ce70d68b42a6e3C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dllc92853a2-dcc9-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:29:16 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f1d9401ce70d670c73defC:\Windows\SysWOW64\svchost.exeunknownaeb35366-dcc9-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:28:15 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f1131001ce70d64c705777C:\Windows\SysWOW64\svchost.exeunknown8a4d2a75-dcc9-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:27:14 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f1c1001ce70d62812ba27C:\Windows\SysWOW64\svchost.exeunknown65fe5a6c-dcc9-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:26:12 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f115d001ce70d603973426C:\Windows\SysWOW64\svchost.exeunknown417a48cb-dcc9-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:25:12 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f117ec01ce70d5df59a26dC:\Windows\SysWOW64\svchost.exeunknown1d40127f-dcc9-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:24:11 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f1113c01ce70d5bb170792C:\Windows\SysWOW64\svchost.exeunknownf8f16987-dcc8-11e2-89c3-b870f487d6cf Error: (06/24/2013 02:23:10 PM) (Source: Application Error)(User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c000000574f5c9f1160401ce70d596aee2caC:\Windows\SysWOW64\svchost.exeunknownd4a83ee3-dcc8-11e2-89c3-b870f487d6cf ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 8043.86 MB Available physical RAM: 6141.28 MB Total Pagefile: 16085.9 MB Available Pagefile: 13847.31 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:678.54 GB) (Free:540.37 GB) NTFS (Disk=0 Partition=3) Drive d: (DATA) (Fixed) (Total:698.63 GB) (Free:544.4 GB) NTFS (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 21A9ECAA) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 21A9EC9C) Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
24.06.2013, 14:00 | #4 |
/// the machine /// TB-Ausbilder | Echtzeitscanner meldet Problem: services.exe w32/patched.uc Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess: C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c} C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L\00000004.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L\76603ac3 C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\00000004.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\00000008.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\000000cb.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000000.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000032.@ C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION! DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
Und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.06.2013, 14:28 | #5 |
| Echtzeitscanner meldet Problem: services.exe w32/patched.uc Das geht ya schnell hier die FIXLOG Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2013 Ran by Nico at 2013-06-24 15:16:52 Run:1 Running from C:\Users\Nico\Downloads Boot Mode: Normal ============================================== "C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}" directory move: C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\@ => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\00000004.@ => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\00000008.@ => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\000000cb.@ => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000000.@ => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000032.@ => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000064.@ => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L\00000004.@ => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L\76603ac3 => Moved successfully. Could not move "C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}" directory. => Scheduled to move on reboot. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\@ => File/Directory not found. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U => Moved successfully. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L\00000004.@ => File/Directory not found. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\L\76603ac3 => File/Directory not found. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\00000004.@ => File/Directory not found. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\00000008.@ => File/Directory not found. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\000000cb.@ => File/Directory not found. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000000.@ => File/Directory not found. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000032.@ => File/Directory not found. C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c}\U\80000064.@ => File/Directory not found. C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully. Could not move C:\Windows\assembly\GAC_64\Desktop.ini. => Scheduled to move on reboot. C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION! => File/Directory not found. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. =========== Result of Scheduled Files to move =========== C:\Windows\Installer\{20a6a2c4-2d41-8ac0-88c9-738412720d8c} => Moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini => File moved successfully. ==== End of Fixlog ==== FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 Ran by Nico (administrator) on 24-06-2013 15:20:03 Running from C:\Users\Nico\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\system32\services.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe () C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe () C:\Users\Nico\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [CD- und DVD-Sharing] "C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe" [582256 2010-04-16] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated) HKCU\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x] HKCU\...\Run: [AdobeBridge] [x] HKCU\...\Run: [Google Update] "C:\Users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-26] (Google Inc.) HKCU\...\Run: [Facebook Update] "C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-01-04] (Facebook Inc.) MountPoints2: {ba655669-f6a7-11e1-8ea2-b870f487d6cf} - G:\Autorun.exe HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129648 2011-09-23] (VMware, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] () AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{16cdf~1\browse~1.dll [2521552 2013-06-03] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com URLSearchHook: (No Name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No File URLSearchHook: (No Name) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No File HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=031012_ccp_4012_8&babsrc=SP_ss&mntrId=2cba4256000000000000d0df9a96774e SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=23B62FAA28623C9359D0A45077CD7277&q={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9 01 C:\Windows\System32\socketspy.dll File Not found () Winsock: Catalog9 02 C:\Windows\System32\socketspy.dll File Not found () Winsock: Catalog9 03 mswsock.dll File Not found () Winsock: Catalog9 04 mswsock.dll File Not found () Winsock: Catalog9 05 mswsock.dll File Not found () Winsock: Catalog9 06 mswsock.dll File Not found () Winsock: Catalog9 07 mswsock.dll File Not found () Winsock: Catalog9 08 mswsock.dll File Not found () Winsock: Catalog9 09 mswsock.dll File Not found () Winsock: Catalog9 10 mswsock.dll File Not found () Winsock: Catalog9 11 mswsock.dll File Not found () Winsock: Catalog9 12 mswsock.dll File Not found () Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.) Winsock: Catalog9 14 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.) Winsock: Catalog9 15 C:\Windows\System32\socketspy.dll File Not found () Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog9-x64 01 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Winsock: Catalog9-x64 02 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Winsock: Catalog9-x64 03 mswsock.dll File Not found () Winsock: Catalog9-x64 04 mswsock.dll File Not found () Winsock: Catalog9-x64 05 mswsock.dll File Not found () Winsock: Catalog9-x64 06 mswsock.dll File Not found () Winsock: Catalog9-x64 07 mswsock.dll File Not found () Winsock: Catalog9-x64 08 mswsock.dll File Not found () Winsock: Catalog9-x64 09 mswsock.dll File Not found () Winsock: Catalog9-x64 10 mswsock.dll File Not found () Winsock: Catalog9-x64 11 mswsock.dll File Not found () Winsock: Catalog9-x64 12 mswsock.dll File Not found () Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.) Winsock: Catalog9-x64 14 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.) Winsock: Catalog9-x64 15 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Lavasoft Search Plugin - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF Extension: DVDVideoSoftTB DE - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} FF Extension: Yahoo! Toolbar - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= CHR Extension: () - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm\10.14.250.13_0 CHR Extension: () - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\2.3.19.11_0 CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0 CHR Extension: (StumbleUpon) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-03-28] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-03-28] (Avira Operations GmbH & Co. KG) R2 Browser Manager; C:\ProgramData\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [3085264 2013-06-03] () R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [39528 2011-01-18] (Acer Incorporated) R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-03-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) R2 StumbleUponUpdater; C:\Users\Nico\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-04] (Duplex Secure Ltd.) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-07-19] (Oracle Corporation) R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.) R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.) S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-24 14:20 - 2013-06-24 15:18 - 00000000 ____D C:\FRST 2013-06-24 14:19 - 2013-06-24 14:19 - 01931364 ____A (Farbar) C:\Users\Nico\Downloads\FRST64.exe 2013-06-23 13:01 - 2013-06-23 13:31 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar 2013-06-23 12:17 - 2013-06-24 15:17 - 93616457 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar.part 2013-06-23 11:21 - 2013-06-23 11:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{1D2962E8-3E0C-42C5-A949-111D92C99983} 2013-06-22 17:29 - 2013-06-22 17:29 - 00262144 ____A C:\Windows\Minidump\062213-26738-01.dmp 2013-06-22 13:45 - 2013-06-22 17:29 - 580052725 ____A C:\Windows\MEMORY.DMP 2013-06-22 13:45 - 2013-06-22 17:29 - 00000000 ____D C:\Windows\Minidump 2013-06-22 13:45 - 2013-06-22 13:45 - 00262144 ____A C:\Windows\Minidump\062213-29936-01.dmp 2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable 2013-06-22 12:29 - 2013-06-24 14:33 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus 2013-06-22 12:21 - 2013-06-23 12:16 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar 2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable 2013-06-21 14:19 - 2013-06-21 14:20 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe 2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-21 13:57 - 2013-06-24 15:17 - 00000672 ____A C:\Windows\setupact.log 2013-06-21 13:57 - 2013-06-21 13:57 - 00000000 ____A C:\Windows\setuperr.log 2013-06-21 13:56 - 2013-06-21 13:56 - 00000824 ____A C:\Windows\PFRO.log 2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd 2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico 2013-06-20 22:16 - 2013-06-20 22:30 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-06-20 22:15 - 2013-06-22 11:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc 2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN 2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe 2013-06-20 22:07 - 2013-06-20 22:42 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar 2013-06-20 20:02 - 2013-06-20 20:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\File Scout 2013-06-20 20:02 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe 2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe 2013-06-20 19:21 - 2013-06-20 19:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{F9859730-4A8B-4935-96F9-B5159219BD09} 2013-06-18 16:39 - 2013-06-18 16:39 - 00000000 ____D C:\Users\Nico\AppData\Local\{A3B9C5E6-D87F-4DB1-AA34-8258F0A6D317} 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008 2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS 2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982 2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\Program Files\iTunes 2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod 2013-06-14 14:31 - 2013-06-12 21:15 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo 2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk 2013-06-13 17:22 - 2013-06-13 21:27 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar 2013-06-12 15:53 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 15:53 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 15:53 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 15:53 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 15:53 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 15:53 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 15:53 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-12 15:53 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 15:53 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-12 15:53 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-12 15:53 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 15:53 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 15:53 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 15:53 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 15:53 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-12 15:53 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-12 15:53 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 15:53 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 15:53 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 15:53 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 15:53 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 15:53 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-12 15:53 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-12 15:53 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 15:53 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 15:53 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-12 15:53 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-12 15:53 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 15:53 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 15:53 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-12 15:53 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 15:53 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 14:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 14:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 14:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 14:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 14:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 14:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 14:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 14:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 14:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 13:55 - 2013-06-11 13:55 - 00000000 ____D C:\Users\Nico\AppData\Local\{4FC71047-D567-49F4-BF1A-EE9BEC968BA8} 2013-06-08 18:41 - 2013-06-08 18:41 - 00000000 ____D C:\Users\Nico\AppData\Local\{D8BDBDB0-6714-480D-91FC-2F101077576A} 2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk ==================== One Month Modified Files and Folders ======= 2013-06-24 15:18 - 2013-06-24 14:20 - 00000000 ____D C:\FRST 2013-06-24 15:18 - 2012-01-13 17:01 - 00000000 ____D C:\ProgramData\VMware 2013-06-24 15:17 - 2013-06-23 12:17 - 93616457 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar.part 2013-06-24 15:17 - 2013-06-21 13:57 - 00000672 ____A C:\Windows\setupact.log 2013-06-24 15:17 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-24 15:15 - 2012-04-21 12:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype 2013-06-24 14:33 - 2013-06-22 12:29 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus 2013-06-24 14:30 - 2012-08-29 20:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-24 14:30 - 2012-08-26 15:03 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job 2013-06-24 14:24 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-24 14:24 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-24 14:20 - 2011-08-18 13:46 - 00765954 ____A C:\Windows\System32\perfh007.dat 2013-06-24 14:20 - 2011-08-18 13:46 - 00174834 ____A C:\Windows\System32\perfc007.dat 2013-06-24 14:20 - 2009-07-14 07:13 - 01808082 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-24 14:19 - 2013-06-24 14:19 - 01931364 ____A (Farbar) C:\Users\Nico\Downloads\FRST64.exe 2013-06-23 21:00 - 2012-08-26 15:03 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job 2013-06-23 20:51 - 2013-01-04 00:04 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job 2013-06-23 13:31 - 2013-06-23 13:01 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar 2013-06-23 13:24 - 2012-06-06 21:16 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify 2013-06-23 12:16 - 2013-06-22 12:21 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar 2013-06-23 11:48 - 2011-12-19 17:33 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-06-23 11:21 - 2013-06-23 11:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{1D2962E8-3E0C-42C5-A949-111D92C99983} 2013-06-22 17:29 - 2013-06-22 17:29 - 00262144 ____A C:\Windows\Minidump\062213-26738-01.dmp 2013-06-22 17:29 - 2013-06-22 13:45 - 580052725 ____A C:\Windows\MEMORY.DMP 2013-06-22 17:29 - 2013-06-22 13:45 - 00000000 ____D C:\Windows\Minidump 2013-06-22 13:45 - 2013-06-22 13:45 - 00262144 ____A C:\Windows\Minidump\062213-29936-01.dmp 2013-06-22 13:33 - 2011-12-14 09:59 - 00000000 ____D C:\Users\Nico\AppData\Local\CrashDumps 2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable 2013-06-22 12:41 - 2011-12-08 15:43 - 00000000 ____D C:\users\Nico 2013-06-22 11:30 - 2013-06-20 22:15 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc 2013-06-22 11:18 - 2013-03-19 22:58 - 00629248 __ASH C:\Users\Nico\Desktop\Thumbs.db 2013-06-21 23:08 - 2013-01-04 00:03 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job 2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable 2013-06-21 14:20 - 2013-06-21 14:19 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe 2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-21 13:57 - 2013-06-21 13:57 - 00000000 ____A C:\Windows\setuperr.log 2013-06-21 13:56 - 2013-06-21 13:56 - 00000824 ____A C:\Windows\PFRO.log 2013-06-20 22:42 - 2013-06-20 22:07 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar 2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd 2013-06-20 22:30 - 2013-06-20 22:16 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico 2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN 2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe 2013-06-20 22:08 - 2012-01-12 19:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\BitTorrent 2013-06-20 20:02 - 2013-06-20 20:02 - 00000000 ____D C:\Users\Nico\AppData\Roaming\File Scout 2013-06-20 19:44 - 2012-01-12 19:09 - 00000000 ____D C:\Program Files (x86)\BitTorrent 2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe 2013-06-20 19:21 - 2013-06-20 19:21 - 00000000 ____D C:\Users\Nico\AppData\Local\{F9859730-4A8B-4935-96F9-B5159219BD09} 2013-06-19 18:38 - 2012-06-06 21:17 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify 2013-06-19 15:31 - 2012-08-26 15:05 - 00002374 ____A C:\Users\Nico\Desktop\Google Chrome.lnk 2013-06-18 16:39 - 2013-06-18 16:39 - 00000000 ____D C:\Users\Nico\AppData\Local\{A3B9C5E6-D87F-4DB1-AA34-8258F0A6D317} 2013-06-18 15:50 - 2011-12-09 15:06 - 01786150 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-18 15:32 - 2012-03-26 20:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0 2013-06-18 15:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008 2013-06-17 21:28 - 2012-03-26 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS 2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982 2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iTunes 2013-06-17 18:08 - 2012-10-13 14:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod 2013-06-14 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk 2013-06-13 21:27 - 2013-06-13 17:22 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar 2013-06-12 21:15 - 2013-06-14 14:31 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo 2013-06-12 21:15 - 2013-02-06 22:32 - 00000341 ____A C:\Users\Nico\Downloads\www.goldesel.to - www.charts.to .txt 2013-06-12 21:15 - 2013-02-06 22:32 - 00000291 ____A C:\Users\Nico\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url 2013-06-12 21:15 - 2013-02-06 22:32 - 00000220 ____A C:\Users\Nico\Downloads\Goldesel.to - Die Seite fuer Direkt-Downloads aller Art.url 2013-06-12 18:30 - 2012-04-14 15:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 18:30 - 2011-07-25 12:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 15:51 - 2011-12-17 14:27 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 15:07 - 2013-01-24 18:29 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-12 15:07 - 2011-07-25 11:54 - 00000000 ____D C:\ProgramData\Skype 2013-06-11 13:55 - 2013-06-11 13:55 - 00000000 ____D C:\Users\Nico\AppData\Local\{4FC71047-D567-49F4-BF1A-EE9BEC968BA8} 2013-06-10 16:40 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-08 18:41 - 2013-06-08 18:41 - 00000000 ____D C:\Users\Nico\AppData\Local\{D8BDBDB0-6714-480D-91FC-2F101077576A} 2013-06-08 17:43 - 2011-12-15 23:13 - 00000616 ____A C:\Users\Nico\Documents\ax_files.xml 2013-06-07 13:44 - 2012-11-05 18:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Origin 2013-06-07 13:44 - 2012-11-05 18:07 - 00000000 ____D C:\Program Files (x86)\Origin 2013-06-05 15:46 - 2013-04-13 19:06 - 00000000 __SHD C:\Users\Nico\wc 2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk 2013-06-05 09:21 - 2012-10-06 16:46 - 00000000 ____D C:\ProgramData\Browser Manager 2013-06-03 17:21 - 2013-04-07 11:47 - 01130496 ____A C:\Users\Nico\Desktop\Schuppenat_Noel_09A (2).lpo 2013-05-28 15:05 - 2013-06-20 20:02 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2009-07-14 01:19] - [2009-07-14 03:39] - 0329216 ____N () D41D8CD98F00B204E9800998ECF8427E C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION! C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-14 22:11 ==================== End Of Log ============================ |
24.06.2013, 15:10 | #6 | |
/// the machine /// TB-Ausbilder | Echtzeitscanner meldet Problem: services.exe w32/patched.ucCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Echtzeitscanner meldet Problem: services.exe w32/patched.uc |
24.06.2013, 18:39 | #7 |
| Echtzeitscanner meldet Problem: services.exe w32/patched.uc Hier die ComboFix.log: Code:
ATTFilter ComboFix 13-06-24.01 - Nico 24.06.2013 18:46:16.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8044.6340 [GMT 2:00] ausgeführt von:: c:\users\Nico\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-24 bis 2013-06-24 )))))))))))))))))))))))))))))) . . 2013-06-24 16:57 . 2013-06-24 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-24 12:20 . 2013-06-24 13:18 -------- d-----w- C:\FRST 2013-06-21 12:15 . 2013-06-21 12:15 -------- d-----w- c:\users\Nico\AppData\Local\Programs 2013-06-20 20:28 . 2013-06-20 20:28 -------- d-----w- c:\windows\Profiles 2013-06-20 20:16 . 2013-06-20 20:16 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll 2013-06-20 20:16 . 2013-06-20 20:30 -------- d-----w- c:\program files (x86)\x264 Video Codec 2013-06-20 20:15 . 2013-06-22 09:30 -------- d-----w- c:\users\Nico\AppData\Roaming\vlc 2013-06-20 20:15 . 2013-06-20 20:15 -------- d-----w- c:\program files\VideoLAN 2013-06-20 18:02 . 2013-05-28 13:05 163328 ----a-w- c:\windows\SysWow64\FlashPlayerUpdateService.exe 2013-06-20 18:02 . 2013-06-20 18:02 -------- d-----w- c:\users\Nico\AppData\Roaming\File Scout 2013-06-17 19:27 . 2013-06-17 19:27 -------- d-----w- c:\programdata\VS 2013-06-17 19:25 . 2013-06-17 19:25 -------- d-----w- C:\fbabd28d772111eec99e8982 2013-06-17 16:07 . 2013-06-17 16:07 -------- d-----w- c:\program files\iPod 2013-06-17 16:07 . 2013-06-17 16:08 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 16:07 . 2013-06-17 16:08 -------- d-----w- c:\program files\iTunes 2013-06-12 12:50 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-19 18:10 . 2012-03-26 18:52 2391136 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll 2013-06-12 16:30 . 2012-04-14 13:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 16:30 . 2011-07-25 10:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 13:51 . 2011-12-17 12:27 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 18:10 . 2012-01-10 17:39 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-13 05:49 . 2013-05-15 06:40 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 06:40 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 06:40 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 06:40 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 06:40 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 06:40 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 13:15 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-15 06:40 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 06:40 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 06:40 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-03-29 11:39 . 2013-03-24 20:28 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-03-29 11:39 . 2013-03-24 08:33 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-03-29 11:33 . 2013-03-24 08:33 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-03 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-09-23 129648] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~3\browse~1\261339~1.144\{16cdf~1\browse~1.dll c:\progra~3\browse~1\261339~1.144\{16cdf~1\browsemngr.dll "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x] R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x] R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe;c:\programdata\Browser Manager\2.6.1339.144\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] S2 StumbleUponUpdater;StumbleUpon Updater;c:\users\Nico\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe;c:\users\Nico\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 13:05] . 2013-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job - c:\users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-03 22:03] . 2013-06-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job - c:\users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-03 22:03] . 2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 13:03] . 2013-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job - c:\users\Nico\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 13:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-05-10 1831528] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CD- und DVD-Sharing"="c:\program files\CD- und DVD-Sharing\ODSAgent.exe" [2010-04-16 582256] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Zusätzlicher Suchlauf ------- . uStart Page = google.de uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://packardbell.msn.com mStart Page = hxxp://packardbell.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Free YouTube to MP3 Converter - c:\users\Nico\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKCU-Run-AdobeBridge - (no file) Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\schtasks.exe c:\program files (x86)\Launch Manager\LMworker.exe c:\program files (x86)\Launch Manager\LMutilps32.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\vmnat.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-06-24 19:07:08 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-06-24 17:07 . Vor Suchlauf: 11 Verzeichnis(se), 581.491.396.608 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 580.964.814.848 Bytes frei . - - End Of File - - 5FFFBBA9DF4E836694338C7B15F91528 D41D8CD98F00B204E9800998ECF8427E |
24.06.2013, 18:50 | #8 |
/// the machine /// TB-Ausbilder | Echtzeitscanner meldet Problem: services.exe w32/patched.uc Reboote mal, immer noch? Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.06.2013, 20:01 | #9 |
| Echtzeitscanner meldet Problem: services.exe w32/patched.uc Ich habe immer noch kein Internet, auch nicht nach mehrmaligen rebooten... AdwCleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 24/06/2013 um 20:02:59 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Nico - NICO-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Nico\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Browser Manager Gestoppt & Gelöscht : StumbleUponUpdater ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\END Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data Datei Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\bprotector_extensions.sqlite Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\bprotector_prefs.js Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Uninstall.exe Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\bprotector_extensions.sqlite Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\bprotector_prefs.js Datei Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\searchplugins\Babylon.xml Gelöscht mit Neustart : C:\ProgramData\Browser Manager Gelöscht mit Neustart : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\Nico\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhphemoobgnikcoofkgackkaimpfmenm Ordner Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl Ordner Gelöscht : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg Ordner Gelöscht : C:\Users\Nico\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Nico\AppData\LocalLow\DVDVideoSoftTB_DE Ordner Gelöscht : C:\Users\Nico\AppData\LocalLow\StumbleUpon Ordner Gelöscht : C:\Users\Nico\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Nico\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Nico\AppData\Roaming\file scout Ordner Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\jetpack Ordner Gelöscht : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} Ordner Gelöscht : C:\Users\Nico\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~3\BROWSE~1\261339~1.144\{16CDF~1\BROWSE~1.DLL Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~3\BROWSE~1\261339~1.144\{16CDF~1\browsemngr.dll Schlüssel Gelöscht : HKCU\Software\1ClickDownload Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\filescout Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\StumbleUpon Schlüssel Gelöscht : HKCU\Software\59558c88b03ee947 Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\59558c88b03ee947 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bhphemoobgnikcoofkgackkaimpfmenm Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{498C5B96-E281-4804-81C7-CC0415A1CFD7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C03D1A9-46DE-4EB1-AC4F-B454319400D3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar Schlüssel Gelöscht : HKU\S-1-5-21-4147683108-3158561192-3553953681-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}] Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16490 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js Gelöscht : user_pref("pttl.menu-search-groups-tab", false); Gelöscht : user_pref("pttl.menu-search-groups-win", false); Gelöscht : user_pref("browser.search.selectedEngine", "blekko"); Datei : C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v27.0.1453.116 Datei : C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [9598 octets] - [24/06/2013 20:02:59] ########## EOF - C:\AdwCleaner[S1].txt - [9658 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Nico on 24.06.2013 at 20:07:20,02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\browser manager" Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{01EBE53D-52F7-45BF-B1A8-6FD14455D5D1} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{02E6BBB4-669F-4E39-A3F6-72CF34739CA5} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{037257E9-DCC1-465A-8961-A788B83B5301} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{03AE1076-79FE-4B2F-A0CA-1901C679F2D2} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{047912A4-D5D3-4CA5-BACD-AA40BAABE114} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{0D6AF066-CA60-4533-A71E-85FF675A8470} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{0E23AFFF-335A-4ABF-8C65-7D80DC8B5674} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{0F47E5C8-1DDE-4DF6-AD11-CBAC8A91D4AB} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{15386968-E8EF-41EB-9819-1369E36053E7} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{156D18F7-7BDC-4A5E-9520-51F6BDFC79B1} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{1591575B-C81A-4A9A-AD32-289DEE6E3833} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{1753E0C8-2B13-441D-8EFC-497F86CA5178} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{1A5F0B37-CD5C-4776-BD1E-C94F37ED8331} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{1D2962E8-3E0C-42C5-A949-111D92C99983} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{1DBF5012-8A5A-4CD2-9551-E860CBCD0A76} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{1EEDE0F9-56F6-41A1-9D45-6EB9B3E1B611} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{2614D05B-120E-4957-9AB6-47E75C374EA5} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{2702E585-7EE5-4A60-9186-A2AD1128F779} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{288BDC8C-F06E-48D3-9B6B-CEB0584BB219} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{2BDAEEF9-17D4-42F4-98C4-37B15FAE936C} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{2C13E42A-9B64-4AF7-BDE8-9F501163A828} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{2DE91B77-39DF-42EA-AB59-3F0E1CBA2BBA} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{2DF0B75A-CC77-4BDB-A9C2-B3783AD63DDF} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{2F1B950D-6759-46E9-BB84-43576785E2F3} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{30001609-4380-4909-AC72-353A184D919E} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{314CA933-6DF9-4CE7-8930-5446B484F6E6} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{321086D4-DD72-434C-B677-958C4C46B7AB} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{3272F80F-95A2-40A8-9F0F-26BD2A62B648} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{3510C0C9-5DA4-4AD0-AA9C-E52BB5FF7FAB} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{37F50EE5-9ADC-42B5-8CC9-BE0A11946C43} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{3CB60814-A551-4D06-AB3F-BD3D9327D453} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{3DF2C66D-8A1B-4F2F-A0A7-C09A68A3644F} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{41810BFD-2E05-49B6-9528-ABB80D005A2A} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4345CAC0-10F4-4900-8092-B95DA873373B} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{46684BCF-6A14-49AA-B27D-836C99FB78A6} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{476718A3-B104-4087-AC53-02E96F81A5F0} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{47B5E902-1A83-4E05-A9B4-7AA0D6BDAC26} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4B1F0E74-1A1D-47C5-B7B0-BE32F8D9027E} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4B5718E3-03CC-4E36-931C-C54F0221A295} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4B62601C-42A7-4805-8B7E-3507DFC6FB2F} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4CABD8F5-D16E-4AA5-8A39-1CD5F610A3B9} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4D374E6D-7095-4273-95B8-AB3E04E1314B} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4DDAFA8B-38CC-49BE-AD2D-6CE12AF3777C} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4F9CC9AD-155F-4D7D-8C6F-97F76FA3B8CB} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{4FC71047-D567-49F4-BF1A-EE9BEC968BA8} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{51CAD761-A4BE-4158-88A3-04F5989631DD} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{541142D7-14DF-4A3A-B7B4-FE0BAB078C75} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{54BA7195-F7DA-4C1B-8FBD-876A3EE4425C} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{56F3C4E4-3FE5-43E7-9105-EA9FA28E6CAA} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{5C5DAE84-6AAE-4170-9870-2303EE6DF141} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{5F085D98-226E-43C9-8603-D0439B8F9173} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{5FF4C74B-2090-4C2A-A3DC-E0F4D88A20A3} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{61D8E345-5945-4694-8B3D-D59714F6115C} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{638E48D2-191B-477A-80E2-1465A8D58A69} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{647AE599-E642-4BFD-AF5B-E958879EC067} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{66653932-703E-4245-BC9B-A343A033EE6C} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{66AB0421-08A0-4D9D-BC6A-FDB9A4173B89} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{6B36B864-E4BD-4EB7-9A29-4933FDC5AEC6} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{6D944F31-376E-48A0-A105-3B8C5CD998E1} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{71E9D03E-2E0D-43A7-B846-D75060741525} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{78880806-B50A-4DAA-B1E4-BDF91EC99361} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{78A1709A-EF51-4D22-AED1-A778E056F562} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{78FB168C-A3F7-4003-9C49-6D25AA6E6265} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{7A02E4FB-3889-4B8F-871B-06F42DCAB1CD} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{7A2F6DE5-CBAA-4B8A-89BE-2DACFF433C79} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{7F2828CD-F61D-4A78-847E-448D87FB5D46} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{83372C36-C73B-4A59-BAB2-918DF5F29A93} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{84102022-3D35-4475-AE16-FFCB62A22BBD} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{84119013-A6E0-4C4A-B0D2-453773257D70} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{864A6DA4-5DCC-40B5-AFC0-AF7BA04BA752} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{866F08E0-85C9-43DA-BB6D-986EDC88A1AD} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{868D3521-5C24-4E5E-B2B8-36FCBC7AA71D} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{86D5FA29-A0C7-4C23-BB22-41033CF5804B} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{873AD60F-2FDC-4321-8F21-AC924F1B4909} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{8DF46C0C-F220-479A-9BFA-F6706C0AA355} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{92288302-9D7F-462D-A6E9-AD64A0B1DC57} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{981988B6-376D-4909-9B51-C9516D53CF57} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{99FE690E-36B7-44B5-8020-62CBC089519F} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{9DC79AA1-E744-43CD-8669-A14F4663E466} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{9EA3890D-1765-4BE0-9A96-DDF85F7B2973} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{9F7A3AEF-A96A-456A-A5E2-6FB80983C6AF} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{A0AA6669-4F5D-44C9-9D89-C85AD9CBD5C5} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{A3B9C5E6-D87F-4DB1-AA34-8258F0A6D317} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{A4097610-706F-4F65-9095-7B1CF22EECF4} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{A473CEA6-62FA-46AA-A651-FDA95B1CFE19} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{A8D35E27-30D4-45D1-B1F5-38C37E90233B} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{A911D062-FDE2-4B0F-9213-F18ABB6AB403} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{A9ACDF43-09CD-4D58-83D7-2810A2D901CD} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{A9EC708F-3324-4859-A758-3FF1345398C6} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{AE1FD881-9B91-44EA-B104-0CC7C1817D7E} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{B01731E7-D514-4A8E-AA21-89F1722A492B} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{B192C236-1DE9-4892-B7E0-6105E0E7A11E} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{B2B50102-15B5-4696-8EB7-0590465704FC} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{B3ACCC8B-AD1D-4CBC-A936-AC4A903163D0} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{B53858E7-273C-49D4-949E-13DACB2853D3} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{B8338E88-AA64-4BAB-8DCA-7A98B825855E} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{BD094525-8D7E-4569-A01E-6A9496953540} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{BEBA1EC2-5BDF-46A9-875D-D9C6CEDF3BB7} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{BF8901B1-79C1-495A-A003-C5B6E1D37D50} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{BFEB08CC-993C-456C-8C08-B6045F978476} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{C42C2A4E-7B79-403D-B1FA-A593F6805CD9} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{C59E23D9-574C-4E8C-800E-7D9559667CA1} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{C64745CA-9B03-43DA-8F61-68716C6BA498} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{C69681ED-320F-4230-8006-D046F24F3B78} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{C6D40B7A-91D5-48D2-92C3-E3FF28133A72} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{C97274E7-F488-4093-92C8-01702A9A25CD} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{CA6D5D2B-1570-4EE5-9C70-0B3298B621E4} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{CB08A2DB-F897-44B1-AEB0-71B920475D0F} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{CE1799F7-E234-4427-AF6E-4629597E9686} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D010C017-665A-4BED-9C20-504AD174049A} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D0E22335-93FB-47B6-903A-2E72B6117C45} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D132D63F-3BBE-44FE-9052-D9CC7CB4DB17} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D170BC73-B8DF-4E13-9EA6-36738972179D} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D1828E64-9D1F-4EE9-BAD0-DE22E8F25CEC} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D28B7ADB-8FF6-4208-AA85-D39FC5DDB5C6} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D321C03A-591E-4B4B-91E9-5026B8E08CBC} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D69C65B1-9D41-496E-B2F6-255D1EBD53A6} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D7BB6A2F-C3F8-4CE7-AC78-4991C2FA9188} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{D8BDBDB0-6714-480D-91FC-2F101077576A} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{DA5C2700-2051-4CCC-81C6-75AFC24FA9D9} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{DC7270AF-0143-4D3D-8A9C-F7FAB03DEEAA} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{DD04D806-6230-43DF-9327-CD38E4582F3A} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{DD2D3A62-EE14-4A66-B5D3-55B6F4EB884F} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{DEA2B9C4-50CB-46E8-A446-296826719D53} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E1BDB5C9-E5B3-4180-9C6F-A8122BE51BD1} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E2139376-C05A-4C81-BDA6-55431AD58FDD} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E2BD4F9E-4004-40DB-BBE7-BC51B98D7F1A} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E47E2920-90EB-4708-8932-98B88356FD38} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E6590DC6-33D1-4793-B878-18D6E04772C8} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E78ABC4C-29C2-41B9-A205-402E44EE7F22} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E7A6AB95-8438-4084-B3AF-3CEDDAC825B8} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E82131B8-59A0-49B5-877A-BBB1DDB98AEC} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E8B02BD7-A8D8-4802-8C95-9A2CC80AC981} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{E9A8A265-3C75-4062-A3EE-40FB5FA1523B} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{EADBE752-5CA8-4C14-B3B6-685823CDB1DC} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{EAE1ACE6-07ED-4BE8-90C5-99132C9550F4} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{ECFB0ED4-6612-405D-9466-26DD8950BD07} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{ED65F898-9809-4085-AE8F-3A0E4AD61075} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{EE33A63D-0053-436F-850F-A7536BD73CCA} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{EF16CD45-997A-4403-925C-59CDD7FBF937} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{F21B4F83-737A-49DE-9EBD-C0D2AE5B1672} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{F2768FFF-5D99-464F-A897-3947B18A044D} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{F515E7BC-316C-4F28-AF3B-F84A2244F70F} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{F80160CB-D818-4A8B-95B6-9BB9EDC35F10} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{F93C549F-379D-4D67-84AD-0F234B6459AE} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{F9859730-4A8B-4935-96F9-B5159219BD09} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{FA6853ED-B40E-44E3-916C-A79F626E5318} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{FACDC9C9-975E-4E06-825A-1832B1F308FF} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{FC09B251-EC2C-4EAB-8661-E65D55C3F587} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{FE4E77AA-B286-4FE8-A804-A232CEED92D8} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{FEA91367-07F7-4512-89A7-56A3340735D6} Successfully deleted: [Empty Folder] C:\Users\Nico\appdata\local\{FF864D3B-82FC-4FFB-BFBC-D10DBB5072EF} ~~~ FireFox Successfully deleted: [File] C:\Users\Nico\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\invalidprefs.js Successfully deleted: [Folder] C:\Users\Nico\AppData\Roaming\mozilla\firefox\profiles\JonDoFox\extensions\jid1-yZwVFzbsyfMrqQ@jetpack Successfully deleted: [Folder] C:\Users\Nico\AppData\Roaming\mozilla\firefox\profiles\uhmxne3e.Normales surfen\extensions\jid1-yZwVFzbsyfMrqQ@jetpack Emptied folder: C:\Users\Nico\AppData\Roaming\mozilla\firefox\profiles\uhmxne3e.Normales surfen\minidumps [207 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24.06.2013 at 20:14:41,04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2013 Ran by Nico (administrator) on 24-06-2013 20:56:35 Running from C:\Users\Nico\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated) HKLM\...\Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [CD- und DVD-Sharing] "C:\Program Files\CD- und DVD-Sharing\ODSAgent.exe" [582256 2010-04-16] () HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated) HKCU\...\Run: [Facebook Update] "C:\Users\Nico\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-01-04] (Facebook Inc.) HKCU\...\Policies\system: [disableregistrytools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-24] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [129648 2011-09-23] (VMware, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [154144 2010-07-29] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.de HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.) Winsock: Catalog9 14 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736] (VMware, Inc.) Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog9-x64 01 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Winsock: Catalog9-x64 02 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.) Winsock: Catalog9-x64 14 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576] (VMware, Inc.) Winsock: Catalog9-x64 15 C:\Windows\System32\socketspy-64.dll [450048] (Ufasoft) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Yahoo! Toolbar - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} FF Extension: Adblock Plus - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: No Name - C:\Users\Nico\AppData\Roaming\Mozilla\Firefox\Profiles\uhmxne3e.Normales surfen\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Nico\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Nico\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Nico\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0 ==================== Services (Whitelisted) ================= R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated) R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [39528 2011-01-18] (Acer Incorporated) S2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-03-24] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.) ==================== Drivers (Whitelisted) ==================== R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-04] (Duplex Secure Ltd.) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2011-07-19] (Oracle Corporation) R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.) R2 vstor2-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2010-08-19] (VMware, Inc.) S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-24 20:14 - 2013-06-24 20:14 - 00017316 ____A C:\Users\Nico\Desktop\JRT.txt 2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\Windows\ERUNT 2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\JRT 2013-06-24 20:02 - 2013-06-24 20:03 - 00009721 ____A C:\AdwCleaner[S1].txt 2013-06-24 20:00 - 2013-06-24 20:05 - 00000112 ____A C:\Windows\setupact.log 2013-06-24 20:00 - 2013-06-24 20:00 - 00000000 ____A C:\Windows\setuperr.log 2013-06-24 19:59 - 2013-06-24 19:59 - 00648201 ____A C:\Users\Nico\Desktop\adwcleaner.exe 2013-06-24 19:57 - 2013-06-24 19:58 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Nico\Desktop\JRT.exe 2013-06-24 19:28 - 2013-06-24 19:28 - 00000000 ___SD C:\ComboFix 2013-06-24 18:42 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe 2013-06-24 18:42 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe 2013-06-24 18:42 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-06-24 18:42 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-06-24 18:42 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-06-24 18:42 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe 2013-06-24 18:42 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe 2013-06-24 18:42 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe 2013-06-24 18:38 - 2013-06-24 20:09 - 00040422 ____A C:\Windows\WindowsUpdate.log 2013-06-24 18:33 - 2013-06-24 18:33 - 02092792 ____A C:\Users\Nico\Downloads\avira_free_antivirus(1).exe 2013-06-24 18:24 - 2013-06-24 18:25 - 00000075 ____A C:\Users\Nico\Desktop\test.bat 2013-06-24 18:24 - 2013-06-24 18:24 - 00000069 ____A C:\Users\Nico\Desktop\test.cmd.txt 2013-06-24 18:21 - 2013-06-24 19:28 - 00000000 ____D C:\Qoobox 2013-06-24 18:21 - 2013-06-24 19:04 - 00000000 ____D C:\Windows\erdnt 2013-06-24 18:16 - 2013-06-24 18:17 - 05082330 ____R (Swearware) C:\Users\Nico\Desktop\ComboFix.exe 2013-06-24 14:20 - 2013-06-24 15:18 - 00000000 ____D C:\FRST 2013-06-24 14:19 - 2013-06-24 14:19 - 01931364 ____A (Farbar) C:\Users\Nico\Desktop\FRST64.exe 2013-06-23 13:01 - 2013-06-23 13:31 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar 2013-06-23 12:17 - 2013-06-24 16:49 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar 2013-06-22 13:45 - 2013-06-24 19:29 - 00000000 ____D C:\Windows\Minidump 2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable 2013-06-22 12:29 - 2013-06-24 15:22 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus 2013-06-22 12:21 - 2013-06-23 12:16 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar 2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable 2013-06-21 14:19 - 2013-06-21 14:20 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe 2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd 2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico 2013-06-20 22:16 - 2013-06-20 22:30 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-06-20 22:15 - 2013-06-22 11:30 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc 2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN 2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe 2013-06-20 22:07 - 2013-06-20 22:42 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar 2013-06-20 20:02 - 2013-05-28 15:05 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe 2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008 2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS 2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982 2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 18:07 - 2013-06-17 18:08 - 00000000 ____D C:\Program Files\iTunes 2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod 2013-06-14 14:31 - 2013-06-12 21:15 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo 2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk 2013-06-13 17:22 - 2013-06-13 21:27 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar 2013-06-12 15:53 - 2013-05-17 06:05 - 17824768 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-12 15:53 - 2013-05-17 05:27 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-12 15:53 - 2013-05-17 05:09 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 15:53 - 2013-05-17 05:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 15:53 - 2013-05-17 05:02 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-12 15:53 - 2013-05-17 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-12 15:53 - 2013-05-17 05:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-12 15:53 - 2013-05-17 04:58 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 15:53 - 2013-05-17 04:56 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-12 15:53 - 2013-05-17 04:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-12 15:53 - 2013-05-17 04:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 15:53 - 2013-05-17 04:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 15:53 - 2013-05-17 04:53 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-12 15:53 - 2013-05-17 04:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-12 15:53 - 2013-05-17 04:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-12 15:53 - 2013-05-17 04:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-12 15:53 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-12 15:53 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-12 15:53 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 15:53 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 15:53 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-12 15:53 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-12 15:53 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-12 15:53 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 15:53 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 15:53 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-12 15:53 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-12 15:53 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 15:53 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-12 15:53 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-12 15:53 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-12 15:53 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 14:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 14:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 14:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 14:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 14:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 14:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 14:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 14:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 14:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 14:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 14:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk ==================== One Month Modified Files and Folders ======= 2013-06-24 20:30 - 2012-08-29 20:45 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-24 20:30 - 2012-08-26 15:03 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job 2013-06-24 20:14 - 2013-06-24 20:14 - 00017316 ____A C:\Users\Nico\Desktop\JRT.txt 2013-06-24 20:13 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-24 20:13 - 2009-07-14 06:45 - 00016752 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-24 20:10 - 2011-08-18 13:46 - 00765954 ____A C:\Windows\System32\perfh007.dat 2013-06-24 20:10 - 2011-08-18 13:46 - 00174834 ____A C:\Windows\System32\perfc007.dat 2013-06-24 20:10 - 2009-07-14 07:13 - 01808082 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-24 20:09 - 2013-06-24 18:38 - 00040422 ____A C:\Windows\WindowsUpdate.log 2013-06-24 20:09 - 2013-01-04 00:04 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000UA.job 2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\Windows\ERUNT 2013-06-24 20:07 - 2013-06-24 20:07 - 00000000 ____D C:\JRT 2013-06-24 20:05 - 2013-06-24 20:00 - 00000112 ____A C:\Windows\setupact.log 2013-06-24 20:05 - 2012-01-13 17:01 - 00000000 ____D C:\ProgramData\VMware 2013-06-24 20:05 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-24 20:03 - 2013-06-24 20:02 - 00009721 ____A C:\AdwCleaner[S1].txt 2013-06-24 20:00 - 2013-06-24 20:00 - 00000000 ____A C:\Windows\setuperr.log 2013-06-24 19:59 - 2013-06-24 19:59 - 00648201 ____A C:\Users\Nico\Desktop\adwcleaner.exe 2013-06-24 19:58 - 2013-06-24 19:57 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Nico\Desktop\JRT.exe 2013-06-24 19:34 - 2013-03-19 22:58 - 00691712 __ASH C:\Users\Nico\Desktop\Thumbs.db 2013-06-24 19:30 - 2012-08-26 15:03 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job 2013-06-24 19:29 - 2013-06-22 13:45 - 00000000 ____D C:\Windows\Minidump 2013-06-24 19:29 - 2012-09-04 17:44 - 00000000 ____D C:\Users\Nico\AppData\Roaming\DAEMON Tools Pro 2013-06-24 19:29 - 2012-01-12 19:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\BitTorrent 2013-06-24 19:29 - 2011-12-14 09:59 - 00000000 ____D C:\Users\Nico\AppData\Local\CrashDumps 2013-06-24 19:28 - 2013-06-24 19:28 - 00000000 ___SD C:\ComboFix 2013-06-24 19:28 - 2013-06-24 18:21 - 00000000 ____D C:\Qoobox 2013-06-24 19:04 - 2013-06-24 18:21 - 00000000 ____D C:\Windows\erdnt 2013-06-24 19:00 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini 2013-06-24 18:33 - 2013-06-24 18:33 - 02092792 ____A C:\Users\Nico\Downloads\avira_free_antivirus(1).exe 2013-06-24 18:25 - 2013-06-24 18:24 - 00000075 ____A C:\Users\Nico\Desktop\test.bat 2013-06-24 18:24 - 2013-06-24 18:24 - 00000069 ____A C:\Users\Nico\Desktop\test.cmd.txt 2013-06-24 18:17 - 2013-06-24 18:16 - 05082330 ____R (Swearware) C:\Users\Nico\Desktop\ComboFix.exe 2013-06-24 16:49 - 2013-06-23 12:17 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part7.rar 2013-06-24 16:49 - 2012-04-21 12:08 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Skype 2013-06-24 15:22 - 2013-06-22 12:29 - 00000000 ____D C:\Users\Nico\Desktop\Gegen Virus 2013-06-24 15:18 - 2013-06-24 14:20 - 00000000 ____D C:\FRST 2013-06-24 14:19 - 2013-06-24 14:19 - 01931364 ____A (Farbar) C:\Users\Nico\Desktop\FRST64.exe 2013-06-23 13:31 - 2013-06-23 13:01 - 89977796 ____A C:\Users\Nico\Downloads\D.DX.12.13.part8.rar 2013-06-23 13:24 - 2012-06-06 21:16 - 00000000 ____D C:\Users\Nico\AppData\Roaming\Spotify 2013-06-23 12:16 - 2013-06-22 12:21 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part4.rar 2013-06-23 11:48 - 2011-12-19 17:33 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-06-22 12:41 - 2013-06-22 12:41 - 00000392 ____A C:\Users\Nico\defogger_reenable 2013-06-22 12:41 - 2011-12-08 15:43 - 00000000 ____D C:\users\Nico 2013-06-22 11:30 - 2013-06-20 22:15 - 00000000 ____D C:\Users\Nico\AppData\Roaming\vlc 2013-06-21 23:08 - 2013-01-04 00:03 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4147683108-3158561192-3553953681-1000Core.job 2013-06-21 14:21 - 2013-06-21 14:21 - 00000000 ____D C:\Users\Nico\Downloads\SpybotPortable 2013-06-21 14:20 - 2013-06-21 14:19 - 57524944 ____A (PortableApps.com) C:\Users\Nico\Downloads\SpybotPortable_2.1.paf.exe 2013-06-21 14:14 - 2013-06-21 14:14 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Nico\Downloads\mbam-setup-1.75.0.1300.exe 2013-06-20 22:42 - 2013-06-20 22:07 - 104857600 ____A C:\Users\Nico\Downloads\D.DX.12.13.part3.rar 2013-06-20 22:39 - 2013-06-20 22:39 - 00000019 ____A C:\Users\Nico\Desktop\in 1,5 aus.cmd 2013-06-20 22:30 - 2013-06-20 22:16 - 00000000 ____D C:\Program Files (x86)\x264 Video Codec 2013-06-20 22:28 - 2013-06-20 22:28 - 00000000 ____D C:\Windows\Profiles\Nico 2013-06-20 22:15 - 2013-06-20 22:15 - 00000000 ____D C:\Program Files\VideoLAN 2013-06-20 22:12 - 2013-06-20 22:12 - 23229256 ____A C:\Users\Nico\Downloads\vlc-2.0.7-win64.exe 2013-06-20 19:44 - 2012-01-12 19:09 - 00000000 ____D C:\Program Files (x86)\BitTorrent 2013-06-20 19:41 - 2013-06-20 19:41 - 01125456 ____A (BitTorrent Inc.) C:\Users\Nico\Downloads\BitTorrent.exe 2013-06-19 18:38 - 2012-06-06 21:17 - 00000000 ____D C:\Users\Nico\AppData\Local\Spotify 2013-06-19 15:31 - 2012-08-26 15:05 - 00002374 ____A C:\Users\Nico\Desktop\Google Chrome.lnk 2013-06-18 15:50 - 2011-12-09 15:06 - 01786150 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-18 15:32 - 2012-03-26 20:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0 2013-06-18 15:32 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\MSBuild 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008 2013-06-18 15:22 - 2013-06-18 15:22 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008 2013-06-17 21:28 - 2012-03-26 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs 2013-06-17 21:27 - 2013-06-17 21:27 - 00000000 ____D C:\ProgramData\VS 2013-06-17 21:25 - 2013-06-17 21:25 - 00000000 ____D C:\fbabd28d772111eec99e8982 2013-06-17 18:08 - 2013-06-17 18:08 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-17 18:08 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iTunes 2013-06-17 18:08 - 2012-10-13 14:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files\iPod 2013-06-14 22:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-14 14:30 - 2013-06-14 14:30 - 00000466 ____A C:\Users\Nico\Desktop\DATA (D) - Verknüpfung.lnk 2013-06-13 21:27 - 2013-06-13 17:22 - 731594045 ____A C:\Users\Nico\Downloads\342fdsfssmo5.rar 2013-06-12 21:15 - 2013-06-14 14:31 - 00000101 ____A C:\Users\Nico\Downloads\ind-scary.nfo 2013-06-12 21:15 - 2013-02-06 22:32 - 00000341 ____A C:\Users\Nico\Downloads\www.goldesel.to - www.charts.to .txt 2013-06-12 21:15 - 2013-02-06 22:32 - 00000291 ____A C:\Users\Nico\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url 2013-06-12 21:15 - 2013-02-06 22:32 - 00000220 ____A C:\Users\Nico\Downloads\Goldesel.to - Die Seite fuer Direkt-Downloads aller Art.url 2013-06-12 18:30 - 2012-04-14 15:21 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 18:30 - 2011-07-25 12:15 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 15:51 - 2011-12-17 14:27 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 15:07 - 2013-01-24 18:29 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-12 15:07 - 2011-07-25 11:54 - 00000000 ____D C:\ProgramData\Skype 2013-06-10 16:40 - 2009-07-14 07:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-08 17:43 - 2011-12-15 23:13 - 00000616 ____A C:\Users\Nico\Documents\ax_files.xml 2013-06-07 13:44 - 2012-11-05 18:14 - 00000000 ____D C:\Users\Nico\AppData\Local\Origin 2013-06-07 13:44 - 2012-11-05 18:07 - 00000000 ____D C:\Program Files (x86)\Origin 2013-06-05 15:46 - 2013-04-13 19:06 - 00000000 __SHD C:\Users\Nico\wc 2013-06-05 15:41 - 2013-06-05 15:41 - 00001036 ____A C:\Users\Nico\Desktop\ILS-SimV4.exe - Verknüpfung.lnk 2013-06-03 17:21 - 2013-04-07 11:47 - 01130496 ____A C:\Users\Nico\Desktop\Schuppenat_Noel_09A (2).lpo 2013-05-28 15:05 - 2013-06-20 20:02 - 00163328 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerUpdateService.exe ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-24 20:31 ==================== End Of Log ============================ --- --- --- |
25.06.2013, 07:47 | #10 |
/// the machine /// TB-Ausbilder | Echtzeitscanner meldet Problem: services.exe w32/patched.uc Komisch. Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.06.2013, 08:12 | #11 |
| Echtzeitscanner meldet Problem: services.exe w32/patched.uc Ich muss allerdings dazu sagen, dass ich zur Zeit auf der Arbeit bin und nicht testen kann ob das Netzwerk wieder geht. Code:
ATTFilter Farbar Service Scanner Version: 16-06-2013 Ran by Nico (administrator) on 25-06-2013 at 08:58:45 Running from "C:\Users\Nico\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Attempt to access Local Host IP returned error: Localhost is blocked: Other errors There is no connection to network. Attempt to access Google IP returned error. Other errors Attempt to access Google.com returned error: Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2013-06-12 14:50] - [2013-05-08 08:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll [2013-06-12 14:50] - [2013-05-13 07:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** habe mit dem Handy nen Hotspot errichtet, aber immer noch kien internet! Geändert von tha619 (25.06.2013 um 08:21 Uhr) |
25.06.2013, 08:18 | #12 |
/// the machine /// TB-Ausbilder | Echtzeitscanner meldet Problem: services.exe w32/patched.uc Definier mal bitte es geht kein Internet.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.06.2013, 08:46 | #13 |
| Echtzeitscanner meldet Problem: services.exe w32/patched.uc Kriege zwar eine 192. IP , aber komme nicht mal auf die Weboberfläche des Routers. Geschweigedenn irgendwelche Internetseiten, auch Avira kann keinen Kontakt ins Netz herstellen. WLAN ist verbunden, auch muss der Kontak zum Router da sein, da ich ja eine IP bekomme. habe gerade gesehen das ich noch einen Systemwiderherstellungspunkt vom 19.06 habe, also ein tag bevor ich mir den gefangen habe, kann ich den auswählen oder bestehen da jetzt komplikationen? |
25.06.2013, 13:57 | #14 |
/// the machine /// TB-Ausbilder | Echtzeitscanner meldet Problem: services.exe w32/patched.uc Nee lass das mit dem SWH-Punkt. Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini
Windows-taste+R, schreibe netsh winsock reset ipconfig /flushdns und drück nach jeder Zeile enter. Immer noch kein Inet?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.06.2013, 15:47 | #15 |
| Echtzeitscanner meldet Problem: services.exe w32/patched.uc Leider noch kein Internet , die andere Log Datei kommt gleich oder heute Abend ! |
Themen zu Echtzeitscanner meldet Problem: services.exe w32/patched.uc |
avira, avira echtzeitscanner, bluescreen, browser, converter, desktop, entfernen, error, excel, filescout.exe, flash player, google, home, install.exe, launch, logfile, mozilla, mp3, origin, packard bell, problem, realtek, registry, rojaner gefunden, scan, security, server, software, svchost.exe, trojaner, usb, virtualbox, visual studio, w32/patched.uc' [virus] in 'c:\windows\system32\services.exe, windows |