| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei - Ihr Computer wurde gesperrt - ohne verschlüsselte DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.07.2012, 16:15
| #1 |
 |  Bundespolizei - Ihr Computer wurde gesperrt - ohne verschlüsselte Dateien Hallo liebe TB-Cracks, heute erhielt ich eine Meldung, dass mein Computer nun gesperrt sei, war auch so. Unterlegt war das ganze mit einer Zahlungsaufforderung (100 €) und einem Bundespolizeilogo. Die Meldung sah in etwa so aus wie bei Mitglied "itsme42" vom 24.06..Habe mich dann in einem anderen Konto eingeloggt und mbam laufen lassen. Hier das log: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Nino :: STEFFI-PC [limited] Protection: Enabled 06.07.2012 13:47:56 mbam-log-2012-07-06 (13-47-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 179221 Time elapsed: 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Steffi\0.8205128083309062.exe (Trojan.Agent.Gen) -> Delete on reboot. (end) Wieder in mein Konto - alles funktioniert wieder. Nochmaliges scannen mit mbam: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Steffi :: STEFFI-PC [Administrator] Schutz: Aktiviert 06.07.2012 14:12:21 mbam-log-2012-07-06 (14-12-21).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 433354 Laufzeit: 15 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Steffi\Downloads\dllcentral_d16586.exe (PUP.BundleInstaller.IQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Außerdem sind mir noch zwei Dinge aufgefallen: Eine Datei namens "czsuwjoensdagaa" ohne Dateinamenerweiterung und ein Ordner "wjonzjvnfenvuqi" mit dem Logo der Bundespolizei, weiteren Bildchen und einer html-Datei, etc. Beides natürlich von heute. Hier die otl-logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.07.2012 16:41:05 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Steffi\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 78,99% Memory free 15,99 Gb Paging File | 14,25 Gb Available in Paging File | 89,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,73 Gb Total Space | 1,83 Gb Free Space | 3,76% Space Free | Partition Type: NTFS Drive D: | 62,97 Gb Total Space | 32,98 Gb Free Space | 52,38% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 45,45 Gb Free Space | 93,08% Space Free | Partition Type: NTFS Drive H: | 100,22 Gb Total Space | 59,44 Gb Free Space | 59,31% Space Free | Partition Type: NTFS Drive I: | 931,51 Gb Total Space | 110,34 Gb Free Space | 11,85% Space Free | Partition Type: NTFS Computer Name: STEFFI-PC | User Name: Steffi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.06 16:21:27 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Steffi\Downloads\OTL.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- D:\Programme\Garmin\Lifetime Updater\GarminLifetime.exe PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.09.24 15:59:40 | 000,707,184 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe PRC - [2009.09.24 15:59:36 | 000,850,544 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe PRC - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE PRC - [2009.07.27 16:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Steffi\AppData\Roaming\Mobile Partner\ouc.exe PRC - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe ========== Modules (No Company Name) ========== MOD - [2012.06.14 20:25:22 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll MOD - [2012.06.14 20:25:12 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll MOD - [2012.06.14 20:25:10 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll MOD - [2012.06.14 20:25:06 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll MOD - [2012.06.14 20:25:05 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll MOD - [2012.05.10 15:19:21 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll MOD - [2012.05.10 15:19:21 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll MOD - [2012.05.10 15:03:53 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll MOD - [2012.05.10 15:02:44 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll MOD - [2012.05.10 15:02:42 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.10 15:02:40 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll MOD - [2012.05.10 15:02:39 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.10 15:02:35 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.09.24 15:59:50 | 000,255,384 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll MOD - [2009.09.24 15:59:40 | 000,707,184 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe MOD - [2009.09.24 15:59:36 | 000,850,544 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.16 15:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 09:20:04 | 000,088,064 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe -- (SDLService) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service) SRV - [2009.07.15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.30 18:19:32 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.12.24 11:48:38 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.12.23 09:48:28 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.07.27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.04.27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.04.13 16:08:04 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:64bit: - [2010.04.13 16:08:04 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:64bit: - [2010.04.13 16:08:00 | 000,340,008 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.11.20 13:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.11.20 13:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.15 13:43:30 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2012.07.06 14:36:01 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.01.21 07:23:28 | 000,017,392 | R--- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys -- (rtkio) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC A4 3C 1D 18 4B CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{D737D121-03B4-4743-98DC-D1BB06D17F74}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: d:\Programme\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: D:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: d:\Programme\SumatraPDF\npPdfViewer.dll (Simon Bünzli) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.19 23:25:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.06.20 12:25:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.09.24 10:03:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.20 12:17:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.06.22 12:45:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2012.06.20 12:25:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins [2010.09.24 10:03:55 | 000,000,000 | ---D | M] [2012.06.19 13:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions [2012.06.19 13:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.19 13:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\apjzir3v.default\extensions [2012.06.29 00:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\e5zmxj5s.default\extensions [2012.06.19 13:30:57 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\e5zmxj5s.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.06.19 13:30:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\e5zmxj5s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.19 13:30:57 | 000,000,000 | ---D | M] (Wortliste von hxxp://tkltrans.sf.net (alte und neue deutsche Rechtschreibung)) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\e5zmxj5s.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org [2012.06.19 13:30:57 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\e5zmxj5s.default\extensions\dictionary-switcher@design-noir.de [2012.06.19 13:30:57 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\e5zmxj5s.default\extensions\en-GB@dictionaries.addons.mozilla.org [2012.06.19 13:30:57 | 000,000,000 | ---D | M] (Dictionnaire français «Classique &amp; Réforme 1990») -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\e5zmxj5s.default\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org [2012.06.19 13:30:57 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\e5zmxj5s.default\extensions\personas@christopher.beard [2012.06.19 13:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffi\AppData\Roaming\mozilla\Firefox\Profiles\q2mk66j9.default\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = D:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = D:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = D:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = D:\Programme\VideoLAN\VLC\npvlc.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Steffi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011.07.01 12:47:07 | 000,000,592 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 wip4.adobe.com O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Garmin Lifetime Updater] D:\Programme\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [HW_OPENEYE_OUC_Mobile Partner] D:\Programme\Mobile Partner\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKCU..\Run: [Xvid] D:\Programme\Xvid\CheckUpdate.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13C4357C-E7DB-4879-A02A-5E46811691E2}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98633FEB-0FF4-4A5D-A394-80DEDCE7CF51}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\gopher - No CLSID value found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9a4d304b-a3d6-11e1-bd8c-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{9a4d304b-a3d6-11e1-bd8c-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b1154766-c71e-11df-b02a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b1154766-c71e-11df-b02a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{f4302ff3-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f4302ff3-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f430302d-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f430302d-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f430303a-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f430303a-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f430304c-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f430304c-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f4303086-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f4303086-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f4303090-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f4303090-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f43030b5-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f43030b5-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f43030cd-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f43030cd-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f43030d7-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f43030d7-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f43030e9-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f43030e9-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f43030ec-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f43030ec-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f4303106-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f4303106-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{f4303114-a565-11e1-b5d0-6cf049ed8b76}\Shell - "" = AutoRun O33 - MountPoints2\{f4303114-a565-11e1-b5d0-6cf049ed8b76}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.06 15:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.06 13:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\wjonzjvnfenvuqi [2012.07.01 16:48:32 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\ParetoLogic [2012.07.01 16:48:32 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\DriverCure [2012.07.01 16:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2012.06.23 22:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.23 22:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.23 22:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.19 15:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin [2012.06.19 13:30:50 | 000,000,000 | R--D | C] -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.06.19 13:30:50 | 000,000,000 | R--D | C] -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.06.19 13:30:50 | 000,000,000 | R--D | C] -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.06.19 13:30:50 | 000,000,000 | R--D | C] -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Talkback [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\SharePod [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\OpenOffice.org [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\NVIDIA [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Windows Performance Toolkit [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Media Center Programs [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Macromedia [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kampfjets 3D [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Identities [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.06.19 13:30:50 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\DisplayTune [2012.06.18 16:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.06.16 13:44:14 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Roaming\SumatraPDF [2012.06.10 20:05:29 | 000,000,000 | ---D | C] -- C:\Users\Steffi\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.06 16:14:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.06 15:40:52 | 000,000,448 | ---- | M] () -- C:\Users\Steffi\Documents\cc_20120706_154048.reg [2012.07.06 15:40:05 | 000,000,705 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.06 14:43:05 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 14:43:05 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.06 14:40:15 | 001,492,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.06 14:40:15 | 000,651,996 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.06 14:40:15 | 000,614,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.06 14:40:15 | 000,129,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.06 14:40:15 | 000,105,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.06 14:37:25 | 000,000,460 | ---- | M] () -- C:\Users\Steffi\Documents\cc_20120706_143717.reg [2012.07.06 14:36:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.06 14:36:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.06 14:35:49 | 2145,550,335 | -HS- | M] () -- C:\hiberfil.sys [2012.07.06 13:42:07 | 000,000,051 | ---- | M] () -- C:\ProgramData\czsuwjoensdagaa [2012.07.03 13:00:40 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2012.07.03 12:58:10 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT [2012.07.02 11:38:15 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT [2012.07.01 18:52:28 | 000,002,560 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.07.01 18:52:28 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.07.01 16:59:16 | 000,000,202 | ---- | M] () -- C:\Users\Steffi\Documents\cc_20120701_165908.reg [2012.07.01 16:58:59 | 000,001,504 | ---- | M] () -- C:\Users\Steffi\Documents\cc_20120701_165853.reg [2012.07.01 16:58:34 | 000,192,892 | ---- | M] () -- C:\Users\Steffi\Documents\cc_20120701_165815.reg [2012.06.29 09:42:55 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.23 22:40:08 | 000,001,575 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.18 20:35:33 | 000,012,782 | ---- | M] () -- C:\Users\Steffi\Documents\Unbenannt2.JPG [2012.06.18 12:41:39 | 000,014,005 | ---- | M] () -- C:\Users\Steffi\Documents\Vollmacht i. S. Mehr Stefan (Vorfall vom 30.04.2012).pdf [2012.06.18 12:39:15 | 000,019,561 | ---- | M] () -- C:\Users\Steffi\Documents\Vollmacht i. S. Mehr Stefan (Vorfall vom 30.04.2012).rtf [2012.06.18 12:37:57 | 000,021,419 | ---- | M] () -- C:\Users\Steffi\Documents\Vollmacht i. S. Mehr Stefan (Vorfall vom 30.04.2012).odt [2012.06.16 13:14:16 | 002,530,574 | ---- | M] () -- C:\Users\Steffi\Documents\Garmin-Handbuch.pdf [2012.06.14 21:46:37 | 004,851,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.11 12:42:17 | 000,103,838 | ---- | M] () -- C:\Users\Steffi\Documents\Briefmarken.1Stk.11.06.2012_1238.tif ========== Files Created - No Company Name ========== [2012.07.06 15:40:50 | 000,000,448 | ---- | C] () -- C:\Users\Steffi\Documents\cc_20120706_154048.reg [2012.07.06 15:40:05 | 000,000,705 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.06 14:37:19 | 000,000,460 | ---- | C] () -- C:\Users\Steffi\Documents\cc_20120706_143717.reg [2012.07.06 13:42:03 | 000,000,051 | ---- | C] () -- C:\ProgramData\czsuwjoensdagaa [2012.07.01 18:49:14 | 000,002,560 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.07.01 18:49:14 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.07.01 16:59:10 | 000,000,202 | ---- | C] () -- C:\Users\Steffi\Documents\cc_20120701_165908.reg [2012.07.01 16:58:55 | 000,001,504 | ---- | C] () -- C:\Users\Steffi\Documents\cc_20120701_165853.reg [2012.07.01 16:58:17 | 000,192,892 | ---- | C] () -- C:\Users\Steffi\Documents\cc_20120701_165815.reg [2012.06.29 09:33:13 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.23 22:40:08 | 000,001,575 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.19 13:30:52 | 000,001,443 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.06.19 13:30:52 | 000,001,409 | ---- | C] () -- C:\Users\Steffi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.06.18 20:35:33 | 000,012,782 | ---- | C] () -- C:\Users\Steffi\Documents\Unbenannt2.JPG [2012.06.18 12:41:38 | 000,014,005 | ---- | C] () -- C:\Users\Steffi\Documents\Vollmacht i. S. Mehr Stefan (Vorfall vom 30.04.2012).pdf [2012.06.18 12:39:03 | 000,019,561 | ---- | C] () -- C:\Users\Steffi\Documents\Vollmacht i. S. Mehr Stefan (Vorfall vom 30.04.2012).rtf [2012.06.18 12:37:54 | 000,021,419 | ---- | C] () -- C:\Users\Steffi\Documents\Vollmacht i. S. Mehr Stefan (Vorfall vom 30.04.2012).odt [2012.06.16 13:25:57 | 002,530,574 | ---- | C] () -- C:\Users\Steffi\Documents\Garmin-Handbuch.pdf [2012.06.11 12:40:39 | 000,103,838 | ---- | C] () -- C:\Users\Steffi\Documents\Briefmarken.1Stk.11.06.2012_1238.tif [2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.06 00:17:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Widgets [2012.01.06 00:13:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\User Pictures [2012.01.06 00:13:55 | 000,000,000 | ---- | C] () -- C:\ProgramData\Piano Med [2011.10.10 09:14:41 | 000,000,000 | ---- | C] () -- C:\Users\Steffi\AppData\Local\{4FA275A7-7412-4AAD-8448-25A7FA34ED3F} [2011.06.22 16:04:44 | 000,269,919 | ---- | C] () -- C:\Users\Steffi\2freres07.jpg [2011.05.31 18:03:35 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.05.31 18:03:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.11.20 12:55:15 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2010.09.30 11:43:17 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2010.09.25 23:55:30 | 005,722,068 | ---- | C] () -- C:\Users\Steffi\boot_BASE+CSWITCH_1.cab [2010.09.25 23:55:20 | 044,040,192 | ---- | C] () -- C:\Users\Steffi\boot_BASE+CSWITCH_1.etl [2010.09.25 23:51:56 | 005,432,877 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_6.cab [2010.09.25 23:51:46 | 047,185,920 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_6.etl [2010.09.25 23:48:02 | 004,956,593 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_5.cab [2010.09.25 23:47:54 | 045,088,768 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_5.etl [2010.09.25 23:44:21 | 004,103,345 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_4.cab [2010.09.25 23:44:14 | 047,185,920 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_4.etl [2010.09.25 23:39:59 | 003,245,528 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_3.cab [2010.09.25 23:39:53 | 042,991,616 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_3.etl [2010.09.25 23:34:05 | 002,388,625 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_2.cab [2010.09.25 23:34:00 | 050,331,648 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_2.etl [2010.09.25 23:29:52 | 001,421,373 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_1.cab [2010.09.25 23:29:48 | 045,088,768 | ---- | C] () -- C:\Users\Steffi\bootPrep_BASE+CSWITCH_1.etl [2010.09.25 17:11:10 | 000,024,064 | ---- | C] () -- C:\Users\Steffi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.24 23:04:50 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.24 14:35:24 | 000,725,037 | ---- | C] () -- C:\Windows\unins000.exe [2010.09.24 14:35:24 | 000,026,020 | ---- | C] () -- C:\Windows\unins000.dat [2010.09.24 14:07:36 | 000,007,609 | ---- | C] () -- C:\Users\Steffi\AppData\Local\Resmon.ResmonCfg [2010.09.24 10:34:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\WebServer [2010.09.24 10:34:02 | 000,000,268 | -H-- | C] () -- C:\Users\Steffi\AppData\Roaming\User Pictures [2010.09.24 10:34:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2010.09.24 10:34:00 | 000,000,268 | -H-- | C] () -- C:\Users\Steffi\AppData\Roaming\Utilities [2010.09.24 10:30:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Radio Sounds [2010.09.24 10:30:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Quartz Composer [2010.09.24 10:30:43 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Project Templates [2010.09.24 10:30:43 | 000,000,268 | -H-- | C] () -- C:\Users\Steffi\AppData\Roaming\PrintsService [2010.09.24 10:30:43 | 000,000,268 | -H-- | C] () -- C:\Users\Steffi\AppData\Roaming\PrintingModule [2010.09.24 10:30:43 | 000,000,268 | -H-- | C] () -- C:\Users\Steffi\AppData\Roaming\Printers [2010.09.24 10:30:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2010.09.24 10:30:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2010.09.24 10:30:43 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2010.09.24 10:30:43 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Screen Savers [2010.09.24 10:30:43 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sci-Fi [2010.09.24 10:30:43 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sampler Files [2010.09.24 10:23:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Pop Kit [2010.09.24 10:23:55 | 000,000,268 | -H-- | C] () -- C:\Users\Steffi\AppData\Roaming\Plug-Ins [2010.09.24 10:23:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.09.24 10:23:55 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Profiles [2010.09.24 10:17:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.09.23 18:54:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini ========== LOP Check ========== [2011.08.13 15:18:38 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.07.01 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.09.24 19:06:39 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\com.mypicturetown.myptuploader.F9C4985A082C78528AFA4529A49FFE7D3454A64B.1 [2012.06.19 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DisplayTune [2012.07.01 16:48:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\DriverCure [2012.04.08 17:03:13 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\elsterformular [2010.09.24 12:17:33 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Foxit [2010.09.24 10:06:14 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Foxit Software [2012.06.19 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Garmin [2012.02.29 18:22:29 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Klett [2012.07.06 14:09:07 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Mobile Partner [2012.07.06 14:09:07 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Nikon [2012.06.19 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Nvu [2012.06.19 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\OpenOffice.org [2012.07.01 16:48:32 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\ParetoLogic [2012.05.06 14:29:37 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\pdfforge [2012.06.19 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\SharePod [2012.06.16 13:44:33 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\SumatraPDF [2012.06.19 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Steffi\AppData\Roaming\Thunderbird [2012.05.15 08:37:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.07.2012 16:41:05 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Steffi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 78,99% Memory free
15,99 Gb Paging File | 14,25 Gb Available in Paging File | 89,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 1,83 Gb Free Space | 3,76% Space Free | Partition Type: NTFS
Drive D: | 62,97 Gb Total Space | 32,98 Gb Free Space | 52,38% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 45,45 Gb Free Space | 93,08% Space Free | Partition Type: NTFS
Drive H: | 100,22 Gb Total Space | 59,44 Gb Free Space | 59,31% Space Free | Partition Type: NTFS
Drive I: | 931,51 Gb Total Space | 110,34 Gb Free Space | 11,85% Space Free | Partition Type: NTFS
Computer Name: STEFFI-PC | User Name: Steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "D:\Programme\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C187650-45A6-4270-AE0E-3B8D8A5708C6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0FE77EFD-F357-498C-B20E-865B49181B1D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{100B31FF-BD6D-41DF-AF97-0344AFC70DFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14995D76-8D4B-42D1-891B-033AD08997AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1987ECF9-ACF8-4236-8B93-DD1EE4786F2F}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FECF2C7-BAD6-4DA0-BC71-14F2E7E1DED6}" = lport=138 | protocol=17 | dir=in | app=system |
"{31F2177A-AA65-44C3-824D-0E831A4CF2DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{34E003F1-61B6-4745-AC62-CF13DC4C98A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{46E2A7A7-E77E-49B6-8565-3F5F6DB40864}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4AFF6922-B034-4EEF-8ABA-AA388C1B0B8E}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E747E52-1DB0-4294-891C-F2080418261E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69742814-451E-499B-A68F-929C4E0B7F4D}" = rport=137 | protocol=17 | dir=out | app=system |
"{72E0C8CD-2599-47FE-8267-9A8EDECDE8D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{77B5ABED-7912-48FA-A432-8D00B516BA19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B4E76D6-55D5-4993-AF78-BD7B62CDB8E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81AB6976-573F-4EB2-BD23-64A8FD6A5A11}" = rport=138 | protocol=17 | dir=out | app=system |
"{8EE2415E-53D5-46D1-9689-F2B0793A8746}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9542591C-802D-4F1B-B866-EB05819844F0}" = lport=445 | protocol=6 | dir=in | app=system |
"{A811D272-6EE1-4339-B319-ED960C76F2A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C50C17FA-6D70-4816-B8AA-B0E770C8D153}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C813C299-4839-4767-9A52-E11DCD25C9F5}" = lport=137 | protocol=17 | dir=in | app=system |
"{C87DF6D4-DCB2-4D35-B879-970E25784516}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB029C32-7AAE-4E13-AAA0-3FF5A7108B6A}" = lport=139 | protocol=6 | dir=in | app=system |
"{D2F29011-BFFE-4A84-A486-2012A60AFD2F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20324C75-42BF-46C8-8BBB-D946D4A135FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2402EC7C-FDBA-4B08-86EC-D7E749244FAB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2BB80E39-0EFD-4350-8CB3-D61E5F1419FA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{34770E80-CF87-4F78-8C69-F1B7A1CBD727}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47387074-060F-4097-BA9B-3A66ED78D206}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FAC377C-D63A-434D-8DA3-76761D9459BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{531BD2A7-FBE2-4682-87B7-4C20371500DD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5709E223-D760-485F-A32A-36C1B3A8D2AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A065B65-2557-491E-8132-DD422FEB4931}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{721B4E95-5130-470D-8BC0-00C7F4A9CF13}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{73F7643B-B6C1-45AF-9D79-C2E9C54C471F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7456B36E-4CB5-4679-9247-C58503A3F142}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7FD06397-BA57-420B-AF0A-09058D76CEE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84F7C99F-F2FA-452E-9ACD-55B765A4F851}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88CAADD0-8206-4318-AFDE-3B79574246E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{999E83D1-15CF-40A7-A669-1938F800AABB}" = dir=out | app=d:\programme\adobe\adobe photoshop cs5.1 (64 bit)\photoshop.exe |
"{A645CEC3-7A8D-423E-A3C3-0788E7CBB3D1}" = protocol=6 | dir=out | app=system |
"{B376CE7A-E2F4-493D-AB9A-A96474204AD9}" = dir=out | app=d:\programme\adobe\adobe illustrator cs5.1\support files\contents\windows\illustrator.exe |
"{BE6493EB-8AB1-4D7F-B322-E31F3F472CE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE7F23E2-9062-4B9E-95F3-4412DE0A8074}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C0A6F9F1-A1E7-4778-888F-D1B3BEFA67DF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C42C4D45-DBE9-4512-B5C3-CBE2A2661040}" = dir=in | app=d:\programme\skype\phone\skype.exe |
"{C50C9428-B9AE-4CDE-8C46-34799B1F3F31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4812A0E-E710-4FB4-9371-F462E83FD66B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D72101A2-303D-488A-B2C7-25691DE0BD35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8E4131C-08CD-496C-A443-9801EF1326F6}" = dir=in | app=d:\programme\itunes\itunes.exe |
"{EE30523A-3D38-4711-9A1A-1A029F11958E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF8DD6CC-B85F-43E6-A8D9-383CB78ACC3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{D888C6D8-347D-4E56-A07C-A2D386B5A3D5}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{FD43B92E-88F2-4372-9784-BF4B2647D354}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{5F5C3336-4D2C-4B15-B815-108287582DCE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{76F40EA5-AC90-47A4-B745-06C7218EA936}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4653CB40-DF74-3770-8FB0-24472395D885}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
"{5ba298a9-47dd-4c81-b0e2-3f2823d34339}.sdb" = nikon-config
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7298E5E5-90A7-3785-AAFA-AC335DA3178F}" = Microsoft Windows SDK for Windows 7 Common Utilities (40715)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A216DF4A-28D1-3D94-ADA6-3AE50E42742D}" = Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8ED63AE-B171-3D63-8C35-40B82C4A5FBA}" = Microsoft Windows SDK for Windows 7 (7.0)
"{B96F81BB-EFE4-46DE-BBD9-04DC87211805}" = FastPictureViewer 1.2 (64-bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SDKSetup_7.0.7600.16385.40715" = Microsoft Windows SDK for Windows 7 (7.0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{36D3FD7C-A497-8DE1-8932-2CF519CE2F13}" = my Picturetown Uploader
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E4B4330-1CE8-4725-9C7F-BD4CC995FF54}" = Garmin City Navigator Europe (Unicode) NT 2013.10 Update
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider: The Angel Of Darkness
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B862B671-59FD-7457-AFA0-C738FB7ABD60}" = Windows SDK Intellidocs
"{C054E561-E47E-409C-ABA1-230AA85C5120}" = FastPictureViewer WIC Codec Pack 1.66
"{C8616041-2802-4DE2-B3BD-6285AAD65C2A}" = Nikon RAW Codec
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB238A00-FB43-49C8-8955-6F1F430944B7}" = Smart Dual Lan
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete NX2" = Color Efex Pro 3.0 Complete for Capture NX 2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.mypicturetown.myptuploader.F9C4985A082C78528AFA4529A49FFE7D3454A64B.1" = my Picturetown Uploader
"DivX Setup" = DivX-Setup
"Elevated Shortcut" = Elevated Shortcut
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{93656878-FF8B-4935-99BB-F3F260037C57}" = Lara Croft Tomb Raider: The Angel Of Darkness
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Klett Lernsoftware Mathematik - Lambacher Schwei~F1920F00_is1" = Klett Lernsoftware Mathematik - Lambacher Schweizer (1. Lernjah
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SumatraPDF" = SumatraPDF
"Tomb Raider II" = Tomb Raider II
"Tomb Raider II Gold" = Tomb Raider II Gold
"Tomb Raider: Legend" = Tomb Raider: Legend 1.0
"VLC media player" = VLC media player 1.1.7
"Xvid Video Codec 1.3.1" = Xvid Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.07.2012 03:30:49 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
Error - 05.07.2012 03:30:49 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
Error - 05.07.2012 03:30:50 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.07.2012 03:30:50 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5007
Error - 05.07.2012 03:30:50 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5007
Error - 05.07.2012 10:00:02 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.07.2012 10:00:02 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999
Error - 05.07.2012 10:00:02 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
Error - 05.07.2012 10:00:03 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 05.07.2012 10:00:03 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1997
Error - 05.07.2012 10:00:03 | Computer Name = Steffi-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1997
Error - 06.07.2012 06:52:24 | Computer Name = Steffi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version: 4.1.1.805,
Zeitstempel: 0x4c5a5003 Name des fehlerhaften Moduls: COMCTL32.dll, Version: 6.10.7601.17514,
Zeitstempel: 0x4ce7b71c Ausnahmecode: 0xc0000409 Fehleroffset: 0x000ab772 ID des fehlerhaften
Prozesses: 0x11d4 Startzeit der fehlerhaften Anwendung: 0x01cd5b5b9c5e8c45 Pfad der
fehlerhaften Anwendung: D:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
Berichtskennung:
aae0d8c7-c758-11e1-b99d-6cf049ed8b76
Error - 06.07.2012 06:52:55 | Computer Name = Steffi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Foxit Reader.exe, Version: 4.1.1.805,
Zeitstempel: 0x4c5a5003 Name des fehlerhaften Moduls: COMCTL32.dll, Version: 6.10.7601.17514,
Zeitstempel: 0x4ce7b71c Ausnahmecode: 0xc0000409 Fehleroffset: 0x000ab772 ID des fehlerhaften
Prozesses: 0xa20 Startzeit der fehlerhaften Anwendung: 0x01cd5b6579100012 Pfad der
fehlerhaften Anwendung: D:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
Berichtskennung:
bd357f7e-c758-11e1-b99d-6cf049ed8b76
[ System Events ]
Error - 06.07.2012 07:48:58 | Computer Name = Steffi-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 06.07.2012 07:51:47 | Computer Name = Steffi-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.07.2012 07:51:47 | Computer Name = Steffi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 06.07.2012 08:11:59 | Computer Name = Steffi-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.07.2012 08:11:59 | Computer Name = Steffi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 06.07.2012 08:13:17 | Computer Name = Steffi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800700c1 fehlgeschlagen: Windows Update Core
Error - 06.07.2012 08:38:03 | Computer Name = Steffi-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.07.2012 08:38:03 | Computer Name = Steffi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 06.07.2012 08:52:40 | Computer Name = Steffi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800700c1 fehlgeschlagen: Windows Update Core
Error - 06.07.2012 09:50:47 | Computer Name = Steffi-PC | Source = bowser | ID = 8003
Description =
< End of report >
. Wie soll ich nun weiter vorgehen? Ich gehe davon aus, dass außer den zwei auffälligen Dateien bzw. Ordnern noch irgend etwas versteckt ist, sonst wäre es wohl zu einfach. Im Voraus vielen Dank für die Hilfe! Gruß Stefan Geändert von 123click (06.07.2012 um 16:32 Uhr) |
| Themen zu Bundespolizei - Ihr Computer wurde gesperrt - ohne verschlüsselte Dateien |
| 7-zip, adobe, autorun, bho, bonjour, browser, bundespolizei trojaner entfernen, computer, computer gesperrt, cpu-z, error, explorer, firefox, flash player, format, gesperrt, google earth, heuristiks/extra, heuristiks/shuriken, install.exe, langs, logfile, microsoft office word, nvidia update, photoshop, plug-in, realtek, registry, rundll, searchscopes, server, software, strafe zahlen, svchost.exe, system, trojan.agent.ge, trojaner, udp, updates, usb, usb 3.0 |
Baum-Darstellung