Home » Viren, Trojaner & Malware Forum » Spam Mail vom GMX Account an Adressbuch versandt » Themenansicht
Spam Mail vom GMX Account an Adressbuch versandt |
|
|---|---|
|
05.06.2013, 09:20
...neu hier
Beiträge: 6 |
|
 
|
|
|
05.06.2013, 09:27
Member
 Beiträge: 4730 |
#17
Hier: astrolantis.de
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
05.06.2013, 09:33
...neu hier
Beiträge: 6 |
#18
Gegoogelt..Kartenlegen-Zeug..Ist das dafür verantwortlich? Wie krieg ich das weg?
|
|
|
|
|
05.06.2013, 09:38
...neu hier
Beiträge: 6 |
#19
Hier die OTL:
OTL logfile created on: 05.06.2013 09:24:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sabine\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 82,56% Memory free 9,08 Gb Paging File | 7,65 Gb Available in Paging File | 84,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,85 Gb Total Space | 133,25 Gb Free Space | 71,31% Space Free | Partition Type: NTFS Drive D: | 537,60 Gb Total Space | 528,29 Gb Free Space | 98,27% Space Free | Partition Type: NTFS Drive F: | 185,75 Gb Total Space | 184,45 Gb Free Space | 99,30% Space Free | Partition Type: NTFS Drive G: | 1,90 Gb Total Space | 0,05 Gb Free Space | 2,86% Space Free | Partition Type: FAT32 Computer Name: xxxxxx | User Name: xxxxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013.06.05 08:38:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sabine\Desktop\OTL.exe PRC - [2013.05.25 16:27:12 | 000,510,520 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe PRC - [2013.05.25 16:27:12 | 000,358,968 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.15 10:29:07 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe PRC - [2013.03.15 10:29:07 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe PRC - [2012.10.31 14:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe PRC - [2012.10.26 16:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2012.10.24 17:02:32 | 001,196,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe PRC - [2012.10.17 21:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2012.10.05 17:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2012.10.03 18:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.03 11:29:46 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.14 15:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2012.08.31 21:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe PRC - [2012.08.24 19:17:14 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe PRC - [2012.08.24 19:17:10 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe PRC - [2012.08.22 11:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2012.07.24 20:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2012.07.17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.06.27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.06.25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.05.28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe PRC - [2012.03.28 20:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2011.03.09 15:21:54 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2010.07.06 18:21:34 | 000,336,560 | ---- | M] (Expert System S.p.A.) -- C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe PRC - [2010.06.27 22:02:22 | 010,165,456 | ---- | M] (Bibliographisches Institut GmbH) -- C:\Program Files (x86)\Duden\Duden-Bibliothek\dudenbib.exe PRC - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2009.11.13 13:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013.05.25 16:27:12 | 000,510,520 | ---- | M] () -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe MOD - [2012.08.24 19:17:08 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll MOD - [2011.03.09 15:21:56 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2011.03.09 15:21:48 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2010.06.07 17:18:24 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Duden\Duden Korrektor\MBControls.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:64bit: - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.20 16:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.05.25 16:27:12 | 000,358,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2013.05.24 19:49:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 05:59:32 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.15 10:29:07 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe -- (VideoDownloadConverter_4zService) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.11.02 09:19:54 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.10.05 17:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2012.10.03 18:27:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.03 11:29:46 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.06.27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.06.25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2011.11.21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.11.13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2013.05.25 16:25:55 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2013.05.25 16:25:55 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2013.05.25 16:25:55 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.11.02 09:19:38 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.10.31 14:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP) DRV:64bit: - [2012.10.26 12:28:30 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.10.15 04:03:32 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.03 18:27:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.14 07:15:10 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.08.02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.24 20:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2012.07.02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.13 12:23:58 | 000,294,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR) DRV:64bit: - [2012.06.12 15:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.06.02 16:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2012.06.02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2012.06.02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress) DRV:64bit: - [2012.05.31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch) DRV - [2013.05.25 16:25:55 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2013.05.25 16:25:55 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2013.05.25 16:25:55 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2011.09.07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^HJ^xdm255^YY^de&ptb=DBDDF74A-8747-408E-9912-308666FBC82E&si=CJLZ496m_rUCFcJZ3godXx8ARg IE - HKCU\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.gmx.de/" FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: 4zffxtbr%40VideoDownloadConverter_4z.com:5.3.1.13727 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=DBDDF74A-8747-408E-9912-308666FBC82E&n=77fc6c55&ind=2013031509&p2=^HJ^xdm255^YY^de&si=CJLZ496m_rUCFcJZ3godXx8ARg&searchfor=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\sabine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2013.03.15 10:29:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.05 08:23:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.31 12:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sabine\AppData\Roaming\mozilla\Extensions [2013.05.31 12:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sabine\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.06.02 22:19:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sabine\AppData\Roaming\mozilla\Firefox\Profiles\jas48mcw.default\extensions [2013.03.22 13:14:42 | 000,000,000 | ---D | M] (VideoDownloadConverter) -- C:\Users\sabine\AppData\Roaming\mozilla\Firefox\Profiles\jas48mcw.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com [2013.02.22 08:06:00 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\sabine\AppData\Roaming\mozilla\firefox\profiles\jas48mcw.default\extensions\plugin@yontoo.com.xpi [2013.01.18 11:28:35 | 000,002,432 | ---- | M] () -- C:\Users\sabine\AppData\Roaming\mozilla\firefox\profiles\jas48mcw.default\searchplugins\babylon1.xml [2013.03.30 16:43:32 | 000,001,340 | ---- | M] () -- C:\Users\sabine\AppData\Roaming\mozilla\firefox\profiles\jas48mcw.default\searchplugins\gmx-suche.xml [2013.05.24 19:49:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 19:49:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll (MindSpark) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h File not found O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe (VER_COMPANY_NAME) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden Korrektor\DKtray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [Facebook Update] C:\Users\sabine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - HKCU..\Run: [Spotify] C:\Users\sabine\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\sabine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C62DE46-C655-465B-9BE0-57543A35384B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B77407F5-CB3E-4C5F-AA15-77EF9FF9F621}: DhcpNameServer = 192.168.43.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3145e5b3-c3b8-11e2-be88-998866001e3b}\Shell - "" = AutoRun O33 - MountPoints2\{3145e5b3-c3b8-11e2-be88-998866001e3b}\Shell\AutoRun\command - "" = "G:\.\Setup.exe" AUTORUN=1 O33 - MountPoints2\{3145e63e-c3b8-11e2-be88-998866001e3b}\Shell - "" = AutoRun O33 - MountPoints2\{3145e63e-c3b8-11e2-be88-998866001e3b}\Shell\AutoRun\command - "" = "G:\.\Setup.exe" AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013.06.05 09:23:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sabine\Desktop\OTL.exe [2013.06.05 08:47:41 | 000,000,000 | ---D | C] -- C:\Users\sabine\AppData\Roaming\Malwarebytes [2013.06.05 08:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.05 08:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.05 08:47:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.05 08:47:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.05 08:46:50 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sabine\Desktop\mbam-setup-1.75.0.1300.exe [2013.06.05 08:23:34 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.06.05 08:23:34 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.06.05 08:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.06.05 08:23:33 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.06.05 08:23:32 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.06.05 08:23:22 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.06.05 08:23:20 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.06.05 08:23:20 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.06.05 08:22:43 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.06.05 08:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.06.05 08:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.06.04 18:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013.06.02 20:44:44 | 000,000,000 | ---D | C] -- C:\Users\sabine\AppData\Roaming\Audacity [2013.06.02 20:43:54 | 000,000,000 | ---D | C] -- C:\Users\sabine\AppData\Local\Programs [2013.05.31 14:05:23 | 000,000,000 | ---D | C] -- C:\Users\sabine\AppData\Roaming\No23 [2013.05.31 12:55:19 | 000,000,000 | ---D | C] -- C:\Users\sabine\Documents\TomTom [2013.05.31 12:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom [2013.05.31 12:55:03 | 000,000,000 | ---D | C] -- C:\Users\sabine\AppData\Roaming\TomTom [2013.05.31 12:55:03 | 000,000,000 | ---D | C] -- C:\Users\sabine\AppData\Local\TomTom [2013.05.31 12:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [2013.05.31 12:54:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V [2013.05.31 12:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2 [2013.05.31 12:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom DesktopSuite [2013.05.25 16:26:05 | 000,000,000 | ---D | C] -- C:\Users\sabine\AppData\Roaming\ALDITALKVerbindungsassistent [2013.05.25 16:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI TALK Verbindungsassistent [2013.05.25 16:25:59 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysWow64\drivers\mod7700.sys [2013.05.25 16:25:59 | 000,138,752 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewusbnet.sys [2013.05.25 16:25:59 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewusbmdm.sys [2013.05.25 16:25:59 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_hwusbdev.sys [2013.05.25 16:25:59 | 000,091,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_jucdcacm.sys [2013.05.25 16:25:59 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_jubusenum.sys [2013.05.25 16:25:59 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_jucdcecm.sys [2013.05.25 16:25:59 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewdcsc.sys [2013.05.25 16:25:59 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_juextctrl.sys [2013.05.25 16:25:59 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_usbenumfilter.sys [2013.05.25 16:25:55 | 000,138,752 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys [2013.05.25 16:25:55 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.05.25 16:25:55 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.05.25 16:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ALDITALKVerbindungsassistent [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013.06.05 09:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.05 09:21:38 | 000,000,401 | ---- | M] () -- C:\Users\sabine\AppData\Roaming\sp_data.sys [2013.06.05 09:19:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.06.05 09:19:49 | 2480,914,431 | -HS- | M] () -- C:\hiberfil.sys [2013.06.05 08:59:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.05 08:50:15 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.05 08:50:15 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.05 08:50:15 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.05 08:50:15 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.05 08:50:15 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.05 08:47:30 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.06.05 08:38:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sabine\Desktop\OTL.exe [2013.06.05 08:23:34 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.05 08:23:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.05 08:11:36 | 117,478,104 | ---- | M] () -- C:\Users\sabine\Desktop\avast_free_antivirus_setup.exe [2013.06.05 08:00:16 | 000,089,088 | ---- | M] () -- C:\Users\sabine\Desktop\mbr.exe [2013.06.05 07:59:54 | 000,147,456 | ---- | M] () -- C:\Users\sabine\Desktop\catchme.exe [2013.06.05 07:58:05 | 000,000,512 | ---- | M] () -- C:\Users\sabine\Documents\MBR.dat [2013.06.05 07:33:18 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\sabine\Desktop\mbam-setup-1.75.0.1300.exe [2013.06.04 19:27:13 | 000,102,139 | ---- | M] () -- C:\ProgramData\1370365470.4292.bin [2013.06.04 19:27:13 | 000,076,929 | ---- | M] () -- C:\ProgramData\1370365470.2916.bin [2013.06.04 19:27:04 | 000,110,987 | ---- | M] () -- C:\ProgramData\1370365470.4788.bin [2013.06.04 19:27:04 | 000,003,005 | ---- | M] () -- C:\ProgramData\1370365470.4652.bin [2013.06.04 19:27:04 | 000,000,991 | ---- | M] () -- C:\ProgramData\1370365470.3820.bin [2013.06.04 19:25:07 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3792268278-802850821-327629580-1002UA.job [2013.06.04 19:25:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3792268278-802850821-327629580-1002Core.job [2013.06.04 19:05:49 | 000,006,729 | ---- | M] () -- C:\ProgramData\1370365470.4912.bin [2013.06.04 19:05:24 | 000,008,927 | ---- | M] () -- C:\ProgramData\1370365470.5148.bin [2013.06.04 19:05:15 | 000,014,796 | ---- | M] () -- C:\ProgramData\1370365470.2452.bin [2013.06.04 19:05:12 | 000,002,654 | ---- | M] () -- C:\ProgramData\1370365470.1112.bin [2013.06.04 19:05:12 | 000,000,739 | ---- | M] () -- C:\ProgramData\1370365470.5340.bin [2013.06.04 19:05:12 | 000,000,738 | ---- | M] () -- C:\ProgramData\1370365470.624.bin [2013.05.31 14:18:21 | 000,001,462 | ---- | M] () -- C:\Users\sabine\AppData\Local\RecConfig.xml [2013.05.25 17:07:08 | 000,057,281 | ---- | M] () -- C:\c2ddd199-4c8a-45d9-90e3-4c9ea4deb83b.dmp [2013.05.25 16:26:05 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk [2013.05.25 16:25:57 | 000,002,280 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2013.05.25 16:25:55 | 000,999,936 | ---- | M] (DiBcom SA) -- C:\Windows\SysWow64\drivers\mod7700.sys [2013.05.25 16:25:55 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewusbnet.sys [2013.05.25 16:25:55 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys [2013.05.25 16:25:55 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewusbmdm.sys [2013.05.25 16:25:55 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2013.05.25 16:25:55 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_hwusbdev.sys [2013.05.25 16:25:55 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys [2013.05.25 16:25:55 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_jucdcacm.sys [2013.05.25 16:25:55 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_jubusenum.sys [2013.05.25 16:25:55 | 000,055,296 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_jucdcecm.sys [2013.05.25 16:25:55 | 000,029,184 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_juextctrl.sys [2013.05.25 16:25:55 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysWow64\drivers\ew_usbenumfilter.sys [2013.05.25 16:25:54 | 000,029,696 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysWow64\drivers\ewdcsc.sys [2013.05.23 16:51:45 | 000,373,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.21 17:37:38 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013.06.05 08:47:30 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013.06.05 08:23:34 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.06.05 08:23:22 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.06.05 08:23:21 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.06.05 08:23:20 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.06.05 08:16:56 | 000,089,088 | ---- | C] () -- C:\Users\sabine\Desktop\mbr.exe [2013.06.05 08:16:32 | 000,147,456 | ---- | C] () -- C:\Users\sabine\Desktop\catchme.exe [2013.06.05 08:16:01 | 117,478,104 | ---- | C] () -- C:\Users\sabine\Desktop\avast_free_antivirus_setup.exe [2013.06.05 07:58:05 | 000,000,512 | ---- | C] () -- C:\Users\sabine\Documents\MBR.dat [2013.06.04 19:27:01 | 000,076,929 | ---- | C] () -- C:\ProgramData\1370365470.2916.bin [2013.06.04 19:05:12 | 000,014,796 | ---- | C] () -- C:\ProgramData\1370365470.2452.bin [2013.06.04 19:05:12 | 000,008,927 | ---- | C] () -- C:\ProgramData\1370365470.5148.bin [2013.06.04 19:05:12 | 000,003,005 | ---- | C] () -- C:\ProgramData\1370365470.4652.bin [2013.06.04 19:05:12 | 000,002,654 | ---- | C] () -- C:\ProgramData\1370365470.1112.bin [2013.06.04 19:05:12 | 000,000,991 | ---- | C] () -- C:\ProgramData\1370365470.3820.bin [2013.06.04 19:05:12 | 000,000,739 | ---- | C] () -- C:\ProgramData\1370365470.5340.bin [2013.06.04 19:05:12 | 000,000,738 | ---- | C] () -- C:\ProgramData\1370365470.624.bin [2013.06.04 19:04:56 | 000,102,139 | ---- | C] () -- C:\ProgramData\1370365470.4292.bin [2013.06.04 19:04:37 | 000,006,729 | ---- | C] () -- C:\ProgramData\1370365470.4912.bin [2013.06.04 19:04:30 | 000,110,987 | ---- | C] () -- C:\ProgramData\1370365470.4788.bin [2013.06.04 18:43:03 | 002,436,680 | ---- | C] () -- C:\Users\sabine\Desktop\bitdefender_isecurity.exe [2013.05.31 14:18:21 | 000,001,462 | ---- | C] () -- C:\Users\sabine\AppData\Local\RecConfig.xml [2013.05.25 17:07:08 | 000,057,281 | ---- | C] () -- C:\c2ddd199-4c8a-45d9-90e3-4c9ea4deb83b.dmp [2013.05.25 16:26:05 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk [2013.05.25 16:25:57 | 000,002,280 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2013.05.23 16:51:27 | 000,373,832 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.19 19:24:03 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.01.17 00:59:01 | 000,000,401 | ---- | C] () -- C:\Users\sabine\AppData\Roaming\sp_data.sys [2012.12.19 01:16:49 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.11.08 05:53:01 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.11.08 05:52:50 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.11.08 05:52:48 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.08.17 02:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe [2012.08.17 02:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.07.25 22:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013.05.25 19:12:57 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\ALDITALKVerbindungsassistent [2013.03.30 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\ASUS [2013.01.17 00:59:07 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\ASUS WebStorage [2013.06.02 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Audacity [2013.01.18 11:28:18 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Babylon [2013.02.23 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Duden [2013.03.15 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\elsterformular [2013.02.16 09:33:12 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Exma [2013.06.02 21:37:51 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\File Scout [2013.02.15 11:29:10 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Keob [2013.02.15 06:41:13 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Lyboah [2013.02.21 12:44:26 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Lyvi [2013.06.02 21:37:53 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\No23 [2013.02.04 10:14:47 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Opera [2013.02.22 08:05:25 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Orrjkfejpo [2013.01.18 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\PerformerSoft [2013.02.19 09:23:24 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Qyif [2013.06.02 22:08:57 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Spotify [2013.05.31 12:55:03 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\TomTom [2013.02.16 11:16:39 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Vuaceg [2013.02.20 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Xoup [color=#E56717]========== Purity Check ==========[/color] < End of report > |
|
|
|
|
05.06.2013, 09:39
...neu hier
Beiträge: 6 |
#20
Und die Extras.txt:
OTL Extras logfile created on: 05.06.2013 09:24:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sabine\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 82,56% Memory free 9,08 Gb Paging File | 7,65 Gb Available in Paging File | 84,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,85 Gb Total Space | 133,25 Gb Free Space | 71,31% Space Free | Partition Type: NTFS Drive D: | 537,60 Gb Total Space | 528,29 Gb Free Space | 98,27% Space Free | Partition Type: NTFS Drive F: | 185,75 Gb Total Space | 184,45 Gb Free Space | 99,30% Space Free | Partition Type: NTFS Drive G: | 1,90 Gb Total Space | 0,05 Gb Free Space | 2,86% Space Free | Partition Type: FAT32 Computer Name: xxxxxxx | User Name: xxxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4FE211F4-90C1-4307-8239-1188DF8807A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07FF6432-4E90-4394-9670-D3EB2C12A516}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{0B43E663-62E4-4462-A4C3-0E0C03EA6726}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{26B29F8F-A99A-4A02-A877-0C61B28A5F87}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{2CBE75A4-623D-4144-947B-DBC3C218798F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{33770D0B-96C7-48B8-B500-D531B1E12E75}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3BF8D822-0A9E-4F57-96EA-EBD3E0E73954}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{3D9098D9-400E-4060-92AB-2E09581177DA}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{4373D0E0-ADFA-4397-BA35-E06B952502B6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{506C51D6-453E-4BD1-8284-5BB23C695C2F}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{5189E447-5994-4C25-87B3-238225515ABA}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{555C1502-75C5-4F0D-BF6D-8EDCD86EE53C}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{5AC5B68A-FC05-4A89-B759-6232E191117D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{619DDADE-B28C-4F83-BA3A-0678F99D6292}" = dir=out | name=adera | "{63AC98E5-7837-4779-B971-37D841DBBA55}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{64BDF171-F5A1-4761-82DE-8058DF649D03}" = dir=out | name=microsoft solitaire collection | "{6C54F5E8-8A6D-4C08-8667-BF57E7214834}" = dir=out | name=wordament | "{77E0DDB6-C832-4F6A-A50C-40EFFEDAEC2D}" = dir=out | name=fresh paint | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{813F3792-6D68-4CBA-9DFE-7495E47DB18D}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{8226BC76-8A6F-4A61-8DB8-A7DE694452ED}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{8510E009-5C5D-4F69-840C-28A2213AFF13}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{8BD81671-A240-45C1-856F-C232DC902BD0}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{9645D17B-EA73-47CE-A576-8572640F0005}" = dir=out | name=taptiles | "{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 | "{A50F9B3F-DEEA-4B78-8769-84AD042B2D8C}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{BB6FD682-CD39-48A8-A46D-8DE32D0F7775}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{C25910E3-CF19-4135-8479-BAEDDB03F574}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{CBDCF7F8-84C6-4628-9C1D-D95FEF0E6F20}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{D0AB9B01-6453-4292-B232-2DD2DF0EF727}" = dir=in | name=skype | "{D12C95EE-C2B7-4896-BC2A-27CD7785E3E6}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{DD10103E-E4C5-48D1-AA8A-CF6C3CBCEF7E}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{E39B1CCA-1D7D-459C-ADDC-3B405CA46924}" = dir=in | app=c:\users\sabine\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E91A2D12-43D2-492A-AAFE-5B9B1BAEB7E1}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{F39C5635-5A55-4E32-AFDA-CE665A726B1C}" = dir=out | name=skype | "TCP Query User{AD414364-09D9-494A-BDBD-056D686EA6F8}C:\users\sabine\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sabine\appdata\roaming\spotify\spotify.exe | "TCP Query User{FD57F460-E56C-4BC3-B9ED-3A0A1FF21468}C:\users\sabine\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\sabine\appdata\roaming\spotify\spotify.exe | "UDP Query User{2AD291F0-F747-408E-BD22-E014892C355E}C:\users\sabine\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sabine\appdata\roaming\spotify\spotify.exe | "UDP Query User{925B3310-3C82-4443-9766-A3673228C5F6}C:\users\sabine\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\sabine\appdata\roaming\spotify\spotify.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 307.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client "C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148) "CCleaner" = CCleaner [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}" = Duden Korrektor PLUS "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture "{5172E572-C175-4F80-A6D5-5CB45826AD61}" = SceneSwitch "{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor "{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.2 "{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}" = NWZ-B170 WALKMAN Guide "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5 "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent "ASUS WebStorage" = ASUS WebStorage Sync Agent "avast" = avast! Free Antivirus "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Business 2010 "Picasa 3" = Picasa 3 "TomTom HOME" = TomTom HOME 2.7.3.1894 "VideoDownloadConverter_4zbar Uninstall" = VideoDownloadConverter Toolbar [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 25.05.2013 11:09:07 | Computer Name = Voiges | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_202.exe, Version: 11.7.700.202, Zeitstempel: 0x51801fef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00001a5 Fehleroffset: 0x008a49b0 ID des fehlerhaften Prozesses: 0x1104 Startzeit der fehlerhaften Anwendung: 0x01ce5959cd98414a Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0b61df04-c54d-11e2-be88-998866001e3b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 25.05.2013 11:09:09 | Computer Name = Voiges | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_202.exe, Version: 11.7.700.202, Zeitstempel: 0x51801fef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x65398482 ID des fehlerhaften Prozesses: 0x1104 Startzeit der fehlerhaften Anwendung: 0x01ce5959cd98414a Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0c6c504c-c54d-11e2-be88-998866001e3b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 25.05.2013 11:09:12 | Computer Name = Voiges | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_202.exe, Version: 11.7.700.202, Zeitstempel: 0x51801fef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00001a5 Fehleroffset: 0x00bc49b0 ID des fehlerhaften Prozesses: 0x410 Startzeit der fehlerhaften Anwendung: 0x01ce5959d0975d70 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0e4f44e8-c54d-11e2-be88-998866001e3b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 25.05.2013 11:09:15 | Computer Name = Voiges | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_202.exe, Version: 11.7.700.202, Zeitstempel: 0x51801fef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x65398482 ID des fehlerhaften Prozesses: 0x410 Startzeit der fehlerhaften Anwendung: 0x01ce5959d0975d70 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 0ff91e69-c54d-11e2-be88-998866001e3b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 25.05.2013 11:09:48 | Computer Name = Voiges | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_202.exe, Version: 11.7.700.202, Zeitstempel: 0x51801fef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00001a5 Fehleroffset: 0x00e049b0 ID des fehlerhaften Prozesses: 0xc44 Startzeit der fehlerhaften Anwendung: 0x01ce5959e5c0ece2 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 23779baa-c54d-11e2-be88-998866001e3b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 25.05.2013 11:09:49 | Computer Name = Voiges | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_202.exe, Version: 11.7.700.202, Zeitstempel: 0x51801fef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x65398482 ID des fehlerhaften Prozesses: 0xc44 Startzeit der fehlerhaften Anwendung: 0x01ce5959e5c0ece2 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 243258cc-c54d-11e2-be88-998866001e3b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 25.05.2013 11:09:57 | Computer Name = Voiges | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_7_700_202.exe, Version: 11.7.700.202, Zeitstempel: 0x51801fef Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc00001a5 Fehleroffset: 0x02a849b0 ID des fehlerhaften Prozesses: 0x1358 Startzeit der fehlerhaften Anwendung: 0x01ce5959eb0a5c7f Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 28c1324b-c54d-11e2-be88-998866001e3b Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error - 28.05.2013 04:33:32 | Computer Name = Voiges | Source = SideBySide | ID = 16842761 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein. Error - 28.05.2013 04:33:54 | Computer Name = Voiges | Source = SideBySide | ID = 16842761 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll.Manifest" in Zeile 2. Das Stammelement der Manifestdatei muss assembliert sein. Error - 28.05.2013 12:33:32 | Computer Name = Voiges | Source = ESENT | ID = 489 Description = taskhostex (6336) Versuch, Datei "C:\Users\sabine\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. [ System Events ] Error - 05.04.2013 02:51:20 | Computer Name = Voiges | Source = Ntfs | ID = 55 Description = In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. Die genaue Art der Beschädigung ist unbekannt. Die Dateisystemstrukturen müssen online überprüft werden. Error - 13.04.2013 12:43:14 | Computer Name = Voiges | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst iphlpsvc erreicht. Error - 13.04.2013 12:43:44 | Computer Name = Voiges | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 13.04.2013 12:44:14 | Computer Name = Voiges | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Appinfo erreicht. Error - 13.04.2013 12:44:14 | Computer Name = Voiges | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Anwendungsinformationen" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 14.04.2013 02:54:35 | Computer Name = Voiges | Source = Ntfs | ID = 55 Description = In der Dateisystemstruktur auf Volume "OS" wurde eine Beschädigung erkannt. In einer Indexstruktur des Dateisystems wurde eine Beschädigung gefunden. Die Dateireferenznummer ist 0x10000000021fe. Der Name der Datei ist "\Windows\System32\DriverStore\FileRepository". Das Attribut des beschädigten Indexes ist ":$I30:$INDEX_ALLOCATION". Error - 04.05.2013 14:04:41 | Computer Name = Voiges | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 10.05.2013 02:21:41 | Computer Name = Voiges | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 19.05.2013 13:15:17 | Computer Name = Voiges | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 23.05.2013 10:51:57 | Computer Name = Voiges | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?23.?05.?2013 um 11:50:13 unerwartet heruntergefahren. < End of report > |
|
|
|
|
05.06.2013, 12:46
...neu hier
Beiträge: 6 |
|
|
|
|
|
05.06.2013, 23:34
Member
Beiträge: 4730 |
#22
Nein, das sollte nur heißen, dass man wahrsagerische Fähigkeiten benötigt, um mit der dürftigen Beschreibung zu Anfang irgendwas anfangen zu können. Danke für die Logs, die bringen ein wenig Licht ins Dunkle.
Du hast zwar ein bisschen Spyware auf Deinem PC (Yontoo - vermutlich über den VideoDownloadConverter auf Deinen PC gekommen - das alles mal deinstallieren!), aber ernste Anzeichen für eine Infektion gibt es nicht. Ein bisschen merkwürdig kommt mir noch "Facebook Update" vor. An welches Adressbuch wurde gesendet? Das Adressbuch auf Deinem PC? Oder das Adressbuch bei GMX? Das musst Du schon etwas genauer sagen, damit man Dir helfen kann. __________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
05.06.2013, 23:53
Member
 Beiträge: 5291 |
#23
@Gool
Ich glaub das hat er/sie am Anfang genannt: Zitat Die Emails werden an Adressen ausm GMX Adressbuch versendet und von einer Yahoo Mail Adresse.Aber was heißt das schon, außer das der Account vielleicht kompromitiert worden ist... Entweder war mal Malware auf seinem PC und die Passwörter wurden ausgelesen? Oder das Passwort ist auf anderem Wege Publik geworden? @k2themax Wie genau rufst du deine E-Mails ab, über den Browser? Oder auch mit einem lokalen E-Mail Programm (Windows Mail (früher Outlook Express), Outlook, Thunderbird, etwas anderes?). Warst du in letzter Zeit an anderen PCs da E-Mails abrufen? Sicherlich erstmal das GMX Passwort ändern, sofern das nicht schon erfolgt ist. __________ E-Mail: therion at ninth-art dot de IRC: megatherion @ Freenode |
|
|
|
|
06.06.2013, 09:54
Member
Beiträge: 4730 |
#24
Ah F***... ich hab gar nicht gesehen, dass es eine erste Seite gibt und dass ich hier auf Seite zwei bin. Ich entschuldige mich vielmals! Bitte alles ignorieren, was ich geschrieben habe.
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
06.06.2013, 12:00
Member
Beiträge: 5291 |
#25
Zitat Gool posteteSo Schlimm ist das nicht, k2themax hat in der 1. Seite nur auf den eigentlichen etwas eingestaubten Thread geantwortet. (Letzter Post) __________ E-Mail: therion at ninth-art dot de IRC: megatherion @ Freenode |
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
www.malwarebytes.org
Datenbank Version: v2013.04.04.07
Windows 8 x64 FAT32
Internet Explorer 10.0.9200.16580
xxxxxx :: XXXXXX [Administrator]
Schutz: Aktiviert
05.06.2013 09:10:55
MBAM-log-2013-06-05 (09-16-39).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230187
Laufzeit: 3 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1968 -> Keine Aktion durchgeführt.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
Infizierte Dateien: 2
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.
(Ende)