| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs Trojaner - Rechnung von Pearlfection.deWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.06.2012, 20:58
| #1 | |||
| |  Verschlüsselungs Trojaner - Rechnung von Pearlfection.de Hallo liebe Community, ich habe ein Notebook von einem Bekannten in die Hand gedrückt bekommen, der von einem netten und für mich neue Art eines Trojaners befallen ist. Folgende Informationen habe ich von meinem Bekannten bekommen: Er hat eine E-Mail von Pearlfection.de über einen hohen 4 stelligen Betrag erhalten und hat vor schreck die Anlage geöffnet - das war eine "Rechnung" als zip Format. Nachdem er diese Rechnung geöffnet hatte wurden sämtliche Word Dateien etc. verschlüsselt und es wurde eine Textdatei erstellt auf dem Desktop mit Folgendem Inhalt: Zitat:
Ich habe erstmal alle Systemstarts deaktiviert (msconfig --> Systemstarts), alle Virenscanner deaktiviert und daraufhin einen vollen Scan mit Malwarebytes durchgeführt. (ich habe mich aus Unkenntnis mit dem Programm noch nicht getraut den Butonn "alles Löschen" zu drücken. Folgende Log habe ich erhalten: Zitat:
Zitat:
Da durchaus wichtige Daten auf dem PC sind habe ich noch keine weiteren Schritte eingeleitet. Ich bin zwar relativ Firm im Umgang mit PCs (FiSi) allerdings habe ich Angst, dass die Daten unwiederruflich zerstört sind. Könnt Ihr mich vlt auf meinen Schritten begleiten um meinen Bekannten von dem Befall zu befreien und die Daten zu behalten? Über jeden Tipp wäre ich Dankbar. Viele Grüße Thomas Hallo, habe nochmal OTL und fogger durchlaufen lassen. Fogger hat nichts gefunden. OTL.txt hat folgenden Inhalt Code:
ATTFilter OTL logfile created on: 15.06.2012 14:08:16 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christian\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 51,32% Memory free 7,36 Gb Paging File | 5,23 Gb Available in Paging File | 71,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 324,38 Gb Free Space | 71,66% Space Free | Partition Type: NTFS Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,64% Space Free | Partition Type: FAT32 Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2012.06.12 18:44:59 | 009,106,664 | ---- | M] (MediaGet LLC) -- C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe PRC - [2012.05.25 15:21:44 | 000,992,648 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.05.13 20:25:32 | 000,019,768 | ---- | M] (Smartbar) -- C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe PRC - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 16:15:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.03 20:20:08 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe PRC - [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.04.23 18:00:21 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2012.04.16 01:23:59 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.04.09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.03.31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.29 00:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.04.13 18:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.02.22 10:11:02 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.06.12 18:44:59 | 011,742,440 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtWebKit4.dll MOD - [2012.06.12 18:44:59 | 008,227,560 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtGui4.dll MOD - [2012.06.12 18:44:59 | 002,554,088 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtXmlPatterns4.dll MOD - [2012.06.12 18:44:59 | 002,430,184 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtDeclarative4.dll MOD - [2012.06.12 18:44:59 | 002,297,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtCore4.dll MOD - [2012.06.12 18:44:59 | 002,267,368 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\libvlccore.dll MOD - [2012.06.12 18:44:59 | 001,298,152 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtScript4.dll MOD - [2012.06.12 18:44:59 | 000,979,176 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtNetwork4.dll MOD - [2012.06.12 18:44:59 | 000,343,784 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtXml4.dll MOD - [2012.06.12 18:44:59 | 000,224,488 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qmng4.dll MOD - [2012.06.12 18:44:59 | 000,200,424 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qjpeg4.dll MOD - [2012.06.12 18:44:59 | 000,195,304 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\QtSql4.dll MOD - [2012.06.12 18:44:59 | 000,105,192 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\libvlc.dll MOD - [2012.06.12 18:44:59 | 000,030,440 | ---- | M] () -- C:\Users\Christian\AppData\Local\MediaGet2\imageformats\qgif4.dll MOD - [2012.05.13 20:26:22 | 000,016,184 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2012.05.13 20:26:18 | 000,024,888 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2012.05.13 20:26:16 | 000,019,256 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2012.05.13 20:26:12 | 000,013,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2012.05.13 20:26:08 | 000,067,896 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2012.05.13 20:26:06 | 000,331,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.FilesManager.dll MOD - [2012.05.13 20:26:06 | 000,034,616 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2012.05.13 20:26:02 | 000,015,672 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2012.05.13 20:26:00 | 000,078,648 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2012.05.13 20:25:54 | 000,018,232 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2012.05.13 20:25:52 | 000,054,584 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2012.05.13 20:25:42 | 000,011,576 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2012.05.13 20:25:40 | 000,028,472 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2012.05.13 20:25:38 | 000,013,112 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2012.05.13 20:25:38 | 000,012,088 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2012.05.13 20:25:34 | 001,218,360 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2012.05.13 20:25:34 | 000,080,696 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2012.05.13 20:25:32 | 000,542,008 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2012.05.13 20:24:30 | 000,046,904 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\MACTrackBarLib.dll MOD - [2012.05.13 20:24:18 | 000,025,400 | ---- | M] () -- C:\Users\Christian\AppData\Local\Smartbar\Application\de\Smartbar.GUI.MainClient.resources.dll MOD - [2012.05.10 08:35:02 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll MOD - [2012.05.10 07:41:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll MOD - [2012.05.10 07:38:28 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\59a5af8e3ea07f7980e0476d2da234cd\System.Web.Services.ni.dll MOD - [2012.05.10 07:38:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll MOD - [2012.05.10 07:38:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.10 07:38:11 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012.05.10 07:38:10 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.05.10 07:38:09 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.10 07:37:25 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.10 07:37:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.10 07:36:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.10 07:36:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.10 07:36:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.10 07:36:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.03 20:20:08 | 020,101,120 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2012.05.03 20:20:08 | 000,932,528 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.04.02 15:36:52 | 000,910,648 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2012.04.02 15:36:50 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2012.04.02 15:36:49 | 000,145,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2010.11.18 02:28:15 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2010.06.29 00:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.25 15:12:54 | 000,785,344 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.08 16:15:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 16:15:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2012.02.08 23:10:36 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.12 18:06:48 | 004,700,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.11.17 18:09:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.10.27 22:02:56 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.29 00:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.13 18:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 16:15:31 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 16:15:31 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.24 15:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.10.28 04:06:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.07.09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.21 11:45:56 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.06.17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.04.20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.13 18:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.02.27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.09.17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2012.04.23 18:01:07 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry_nt IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes,DefaultScope = {2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101538&mntrId=eea245cd00000000000018f46a895e52 IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=CDS&o=16225&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=QQ&apn_dtid=YYYYYYYYDE&apn_uid=609ABE12-EA01-4ED9-91A6-0419BDB7AA96&apn_sauid=7C96F8C7-9005-489C-ADF8-1D79730BBAEC IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\SearchScopes\{2FC445CF-4FF0-4FF2-AE24-B85AADFCB61B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=81efd022-5f1e-4d46-8254-e1921adc5dd0&affid=110774&searchtype=hp&babsrc=lnkry" FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.0.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100009 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2011.03.03 23:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions [2011.03.03 23:00:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.22 21:46:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.22 21:46:40 | 000,000,000 | ---D | M] [2011.02.27 00:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2012.06.14 18:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions [2011.09.19 02:42:31 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\ffxtlbr@babylon.com [2012.06.14 18:43:11 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\helperbar@helperbar.com [2012.06.14 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\staged [2012.05.09 23:14:05 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\dxri1xm9.default\extensions\toolbar@ask.com [2012.02.01 23:00:50 | 000,002,572 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\askcom.xml [2012.05.12 00:47:24 | 000,002,468 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Linkury Smartbar Search.xml [2012.06.14 18:43:15 | 000,002,474 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\dxri1xm9.default\searchplugins\Web Search.xml [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.13 19:31:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.01.13 19:30:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.07.21 07:50:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.19 02:42:28 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.07.21 07:50:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.07.21 07:50:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.07.21 07:50:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.07.21 07:50:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! Deutschland (Enabled) CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=827316&p={searchTerms} CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.8\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [ClickPotatoLiteSA] "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" File not found O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [AutoStart PC Studio] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NewPCStudio.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Browser Infrastructure Helper] C:\Users\Christian\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Facebook Update] C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [MediaGet2] C:\Users\Christian\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2992331660-769414017-1188886519-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Christian\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE1FAC4-B916-448F-A747-E5A362D2FC66}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C44FE9DB-6136-40F9-9A08-059A7EF7DD50}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell - "" = AutoRun O33 - MountPoints2\{379747ed-6e79-11e1-8cb6-1c7508346bc0}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.15 14:07:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:40:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 18:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 18:39:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.14 18:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.14 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.14 18:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.05.26 13:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.05.20 11:21:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.18 04:29:48 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook ========== Files - Modified Within 30 Days ========== [2012.06.15 14:07:06 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2012.06.15 14:04:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.15 14:04:43 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.06.15 14:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.15 10:22:16 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.14 22:01:38 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.06.14 18:43:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 18:43:17 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 18:39:52 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:34 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 18:39:34 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 18:39:34 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 18:39:34 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 18:39:34 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.14 18:39:20 | 000,001,262 | ---- | M] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.14 18:34:08 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 18:33:41 | 2962,259,968 | -HS- | M] () -- C:\hiberfil.sys [2012.06.12 10:13:19 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.05 11:29:54 | 000,001,407 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.06.05 11:29:45 | 000,001,043 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk [2012.05.18 04:29:49 | 000,001,344 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk ========== Files Created - No Company Name ========== [2012.06.15 14:07:06 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2012.06.14 18:39:52 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.14 18:39:20 | 000,001,262 | ---- | C] () -- C:\Users\Christian\Desktop\Spybot - Search & Destroy.lnk [2012.06.05 08:35:31 | 000,001,407 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop_state.xml [2012.03.28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.02.01 23:36:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.07.21 08:09:13 | 000,937,001 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2011.03.03 23:02:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.03.03 23:02:22 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.02.27 00:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.25 19:58:17 | 001,527,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.30 11:45:41 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010.08.30 11:45:41 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010.08.30 11:45:41 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010.08.30 11:45:40 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010.08.30 11:45:39 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010.08.30 11:12:22 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.08.30 10:48:37 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2010.08.30 10:47:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe ========== LOP Check ========== [2011.09.19 02:42:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2011.10.09 07:25:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 [2011.04.08 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.02.13 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreePDF [2012.01.19 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2011.12.20 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Get LLC [2012.06.10 22:51:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nitro PDF [2012.04.02 15:23:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2011.12.25 23:14:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite [2012.04.02 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\pdfforge [2011.07.21 08:10:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\QuickScan [2012.04.23 23:49:44 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2011.03.03 23:00:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ShopperReports3 [2011.07.09 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Simfy [2012.06.14 14:05:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftGrid Client [2012.06.14 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2012.04.24 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Temp [2011.02.25 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TP [2012.06.15 10:22:16 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001Core.job [2012.06.15 14:04:43 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2992331660-769414017-1188886519-1001UA.job [2012.02.11 00:54:12 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.06.2012 14:08:16 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,68 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 51,32% Memory free
7,36 Gb Paging File | 5,23 Gb Available in Paging File | 71,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,66 Gb Total Space | 324,38 Gb Free Space | 71,66% Space Free | Partition Type: NTFS
Drive D: | 3,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,86 Gb Total Space | 1,83 Gb Free Space | 98,64% Space Free | Partition Type: FAT32
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10857FF3-734D-45A3-80FA-F39369D04356}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{161E8734-C1CC-49AD-BD4E-735E71FF030A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{230DC425-49D3-404F-ABE4-307BBEE6004E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DDAB82D-A683-4241-AAF5-58FB6D7B8BA0}" = lport=138 | protocol=17 | dir=in | app=system |
"{41A3161B-8C48-4453-AD02-1F96928800BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{58180E4F-3503-4B2D-BFA2-4A323A700F48}" = rport=137 | protocol=17 | dir=out | app=system |
"{5FC2DFA1-60E4-436E-A573-3CB62F4E20C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{616173E2-BB5A-40B5-8715-B8E899E8944B}" = rport=138 | protocol=17 | dir=out | app=system |
"{66C86EE0-2D3A-4440-AACD-5BEB8542024B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6B4A0B2A-B75F-40CC-95AD-19F0483392B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BC72F9F-8EFC-4991-989D-1085EAA06BA8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{87FF08D8-1254-462F-8888-DC5D6192DE09}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{99A110CA-C174-4442-B06F-F50E82C12D56}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CFD2095-FE98-44EB-8993-E3764D9D1E53}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC16C13F-F71C-42BA-AE6A-79E0CCB5E27B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AEA86731-8348-4878-842C-869113AC646C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8E23DE0-53A5-4835-B2F8-FE7CDEDC8FA2}" = rport=139 | protocol=6 | dir=out | app=system |
"{B9E5EBD9-872F-4C79-852B-620A66E62ADC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C111084D-C3B3-4356-9FCF-F1ABB528A8EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C61E10A9-4960-4589-8FF7-21829547AC68}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CD6BE791-3401-474B-AB7F-FC97D9A13BC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9357A0B-53FC-4340-B1E8-865320AF9C2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{FA92B3BA-6F55-4025-BE79-B5A7909406EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEFAAC15-9DBF-4FFA-B2AB-FD66B09D1B1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF1CA649-B3BD-44A4-84A6-CFC7FC5E9CEA}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{090253AD-C4D0-4F79-8BFE-9F150D79839D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B084B26-9548-471A-9A37-0C6FC1FB475A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{0DDF194E-4DA1-4252-AB3E-345112F8A67A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{153D2E66-CCFB-4867-AF6A-E47BB1024F07}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{1F586E89-AB16-4F7C-B44E-5944766FB512}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2201BD05-0B95-4C03-9CF5-BCFC92E5B055}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B3DFD1C-48AF-46B8-B34D-175B4D37F2CC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{2DEB3814-A9A1-432C-A3C3-55F4A53237A4}" = protocol=6 | dir=in | app=d:\alicecd.exe |
"{2E9D5C3D-8D1A-4C80-AD17-6CAAF26351BB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{30C41EDF-8E61-4A8A-AE9A-9D0278FE3FCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{366DA055-E4B3-4AFC-BBC9-31BCD9EB0D67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3DA502C7-D292-4187-A459-33F98AC03664}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{4894F62B-2D64-4D39-AFF3-729623A69DF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48E38844-3920-40B9-A5A9-23E4205D0006}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CDB7983-D6E1-4779-898D-02FF7A90D2F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F8F5732-361F-450B-AEEA-6B370D7187E5}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{55AF4410-BF1B-4808-88FE-D594A0FF9AF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{57704688-837F-40C5-B443-872D98A16714}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5C397009-3C9F-4251-A9C3-A79E9D58DBDF}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"{692C4C03-65A6-4D72-92FD-9C13F2F4F5C7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C9ED932-089E-4C5E-917C-263D09B0D181}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73F8A36B-479B-4F36-A1BC-7F5FEBE31B28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74EA4FC4-773A-4831-A322-BD6CA06EBC02}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7909F012-F88B-4D59-8AA5-8E73869C202B}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{800465BA-73D0-446E-93ED-133F331606F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{87207D77-187C-4EE5-8663-B328072A40AA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8806DA4F-A918-4590-8DC7-E97F222B0456}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89282F1B-BDE9-4D13-A4FD-7CFEC92BDEE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{8947E538-D856-4512-B18A-692A75AC0389}" = dir=in | app=c:\users\christian\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9798C755-AAB4-42A8-878F-36C19447B809}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB03E752-067D-48CF-A59C-4F91299D6475}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"{AE010753-FBBE-43B1-9179-0603B15797FF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{B5B506DD-0D67-4843-98C1-4034D3FE1432}" = protocol=6 | dir=out | app=system |
"{BB324F12-C9EC-42BA-8DD1-77A9931FD381}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4D526F8-75EE-486D-B942-A11F6F7CD3D8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5BBE7EA-A202-4D5A-A458-F02EA18E1245}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFD5122F-7121-4863-8905-F423BC8F7F76}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{D0E60950-D502-4CEB-A84E-1563155E4304}" = protocol=17 | dir=in | app=d:\alicecd.exe |
"{DBD6C013-E052-461F-ACD9-6E7D5C91FD9F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCD63F58-6E99-4014-BD65-B8F3BFC5FDA6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DF0336BC-1153-408F-B4E6-345442BD020E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3C23806-6BC8-4BCA-9D15-327C8FA69E1C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E4CF0C95-001C-4EA0-834D-80C11CA996DC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{E8682BBF-184A-42D8-8573-3FFDC7A4BB63}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8D1073A-56E5-4F18-A34A-963726A2120D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA76791D-002D-46E5-9D9F-3850C58FBC4E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F02FA7F2-4E09-45D6-80F1-54D46C8D96B6}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{F67EFDD9-C325-4067-A362-5B6FCA3F8F7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{234E8396-93FA-4BF1-8B3D-270061E8BDCC}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe |
"TCP Query User{28E3FF6F-74C9-4839-8AE5-A6E87F819A09}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{4AC42749-0AC4-4DC2-A0A1-B7DE46DCCEF1}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"TCP Query User{C83B91B6-97AB-46B6-8D6A-93894832314C}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{FB14F227-49F0-45C0-8C10-EC7D3F62614B}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{0F366AE5-565D-43FB-B896-D85278CA9BBB}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1D42D6AC-F9E1-47BF-900A-8DDCCBDA1550}C:\program files (x86)\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\norton online backup\nobuclient.exe |
"UDP Query User{9B03173A-004B-4685-B427-337D54AD2417}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{C119244D-71C4-4C16-A51A-305E4164DF0E}C:\users\christian\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\mediaget2\mediaget.exe |
"UDP Query User{E8076A75-6353-4A55-ABC5-6073913403AE}C:\users\christian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{29D90A83-171E-4A78-B6DC-66B76FE52A2C}_is1" = ixPlayer 2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F1DE10B0-51C2-417F-A3EC-0B443243F1A1}" = Nitro Reader 2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Elantech" = ETDWare PS/2-x64 7.0.6.5_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2523DCE9-47C5-14E5-F315-496B75316B45}" = Zoosk Messenger
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon Camera WIA Driver
"{35AC562E-F11A-060C-CD06-70FB80113769}" = simfy
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5B2C4D32-A7CD-44B0-8619-4ADBE301B2D3}" = pdfforge Toolbar v5.8
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70D3EBFD-C613-49DB-A444-A4BD720DE1E9}" = Linkury Smartbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Canon RAW Codec" = Canon RAW Codec
"ClickPotatoLiteSA" = ClickPotato
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1" = Zoosk Messenger
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{31A57C3E-30DD-421F-B5C7-974DACB0D05F}" = Canon EOS Kiss REBEL 300D WIA-Treiber
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Simfy" = simfy
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2992331660-769414017-1188886519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"MediaGet" = Der Torrent-Client MediaGet
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2012 04:05:13 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften
Prozesses: 0x1914 Startzeit der fehlerhaften Anwendung: 0x01cd32715e72ee82 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
b22cfff5-9e64-11e1-bfcc-1c7508346bc0
Error - 15.05.2012 04:42:01 | Computer Name = Christian-PC | Source = .NET Runtime | ID = 1023
Description =
Error - 15.05.2012 04:42:02 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften
Prozesses: 0x24dc Startzeit der fehlerhaften Anwendung: 0x01cd327553aa5bdf Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
d719a000-9e69-11e1-bfcc-1c7508346bc0
Error - 16.05.2012 13:12:04 | Computer Name = Christian-PC | Source = .NET Runtime | ID = 1023
Description =
Error - 16.05.2012 13:12:06 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 18.0.1025.168,
Zeitstempel: 0x4f9b3c24 Name des fehlerhaften Moduls: coreclr.dll, Version: 4.1.10329.0,
Zeitstempel: 0x4f740d41 Ausnahmecode: 0x8013150a Fehleroffset: 0x0013d2a6 ID des fehlerhaften
Prozesses: 0x2624 Startzeit der fehlerhaften Anwendung: 0x01cd333c737b8224 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\coreclr.dll
Berichtskennung:
42a5b1bb-9f7a-11e1-bfcc-1c7508346bc0
Error - 17.05.2012 05:25:24 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.05.2012 06:42:14 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.05.2012 06:45:02 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 20.05.2012 06:09:55 | Computer Name = Christian-PC | Source = Application Hang | ID = 1002
Description = Programm spotify.exe, Version 0.8.3.222 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e58 Startzeit:
01cd2f3c79abc8fe Endzeit: 921 Anwendungspfad: C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe
Berichts-ID:
e6111019-a263-11e1-bfcc-1c7508346bc0
Error - 20.05.2012 10:38:14 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Nitro PDF\Reader\2.0\NitroPrinterInstallerx64.exe". Die abhängige Assemblierung
"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.05.2012 10:40:25 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
[ Media Center Events ]
Error - 11.02.2012 07:00:42 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 12:00:41 - Fehler beim Herstellen der Internetverbindung. 12:00:41
- Serververbindung konnte nicht hergestellt werden..
Error - 11.02.2012 07:00:47 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 12:00:47 - Fehler beim Herstellen der Internetverbindung. 12:00:47
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 16:08:38 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:08:38 - Fehler beim Herstellen der Internetverbindung. 21:08:38
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 16:08:48 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 21:08:43 - Fehler beim Herstellen der Internetverbindung. 21:08:43
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 17:25:56 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 22:25:56 - Fehler beim Herstellen der Internetverbindung. 22:25:56
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 17:26:03 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 22:26:01 - Fehler beim Herstellen der Internetverbindung. 22:26:01
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 18:26:11 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:26:11 - Fehler beim Herstellen der Internetverbindung. 23:26:11
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2012 18:26:18 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:26:16 - Fehler beim Herstellen der Internetverbindung. 23:26:16
- Serververbindung konnte nicht hergestellt werden..
Error - 07.03.2012 18:12:02 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:12:02 - Fehler beim Herstellen der Internetverbindung. 23:12:02
- Serververbindung konnte nicht hergestellt werden..
Error - 07.03.2012 18:12:08 | Computer Name = Christian-PC | Source = MCUpdate | ID = 0
Description = 23:12:07 - Fehler beim Herstellen der Internetverbindung. 23:12:07
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11.06.2012 12:42:59 | Computer Name = Christian-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 904.
Error - 11.06.2012 17:59:26 | Computer Name = Christian-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 904.
Error - 12.06.2012 12:49:33 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?06.?2012 um 18:47:09 unerwartet heruntergefahren.
Error - 12.06.2012 12:50:57 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SSDP-Suche erreicht.
Error - 12.06.2012 12:50:57 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 12.06.2012 12:51:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 12.06.2012 12:51:48 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 12.06.2012 12:54:19 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description =
Error - 14.06.2012 12:37:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Rapid Storage Technology erreicht.
Error - 14.06.2012 12:37:08 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
< End of report >
Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.15.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 15.06.2012 14:23:53 mbam-log-2012-06-15 (14-23-53).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410692 Laufzeit: 57 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 28 HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDic (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.CntntDisp (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.Stock (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ShopperReports.Stock.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.0.517.0 (Adware.HotBar) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790777B076545430AB92 (Malware.Trace) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ClickPotatoLiteSA (Adware.ClickPotato) -> Daten: "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Daten: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 19 C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christian\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\plugins (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 20 C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\CntntCntr.dll (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReportsUninstaller.exe (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christian\AppData\Local\Temp\zodqtnwyxy.pre (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\About Us.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\Customer Support.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports\ShopperReports Uninstall Instructions.lnk (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ea180e3de878d9408249c1c91e8db8e3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-15 03:57:42
# local_time=2012-06-15 05:57:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 12937568 12937568 0 0
# compatibility_mode=5893 16776573 100 94 1355 91400456 0 0
# compatibility_mode=8192 67108863 100 0 151 151 0 0
# scanned=192671
# found=9
# cleaned=0
# scan_time=5256
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Christian\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Christian\AppData\Local\Temp\7052DBBF-BAB0-7891-B3C2-7D38BE0A4DA8\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Christian\AppData\Local\Temp\7052DBBF-BAB0-7891-B3C2-7D38BE0A4DA8\Setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\f54e34b.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
 Anscheinend hat mein Bekannter den Verschlüsselungstrojaner 2.00.11 - Die eMail stimmt nahezu überein, die Textdatei auf dem Desktop ebenfalls und die Dateien sind augenscheinlich nicht umbenannt worden. - Hoffe das hilft weiter  //diesmal habe ich den "edit" Button gefunden - anderer Post war wohl zu alt :/Viele Grüße Thomas |
| Themen zu Verschlüsselungs Trojaner - Rechnung von Pearlfection.de |
| administrator, adware.clickpotato, adware.hotbar, adware.hotbar.cp, adware.questbrowse, adware.seekmo, adware.shopperreports, anlage, autostart, babylon toolbar, babylontoolbar, bingbar, candy, canon, dateien, dateisystem, e-mail, explorer, heuristiks/extra, heuristiks/shuriken, install.exe, launch, limited.com/facebook, locker, löschen, malware.trace, microsoft office starter 2010, mozilla, mywinlocker, nvpciflt.sys, opencandy, pdfforge toolbar, plug-in, programm, richtlinie, safer networking, searchscopes, security scan, shopperreports, smartbar, spotify web helper, temp, trojan.agent, update, usb 2.0, user agent, version=1.0, virus, wichtige daten, win32/toolbar.babylon |
Baum-Darstellung