| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.08.2012, 14:01
| #1 |
 |  GVU Trojaner Ich habe mir gestern den GVU Trojaner eingefangen. Nach meinen Internet-Recherchen habe ich von Kaspersky RescueDisc runtergeladen und auf eine CD gebrannt. Diese habe ich in den finzierten PC gelegt und von der CD gebootet. Es kam allerdings nicht die Software von Kaspersky, sondern der PC startete ganz normal Windows und der weiße Bildschirm mit der dem Text vom Trojaner wird nicht mehr angezeigt. Der kann doch nicht auf einmal weg sein, oder?  Ich führe gerade eine Systemprüfung mit Avira AntiVir durch. Irgendwo hatte ich gelesen, dass man einige Einträge in der Registry löschen bzw. erneuern soll. Danke für eure Hilfe  |
|
13.08.2012, 15:34
| #2 |
| /// Helfer-Team  | GVU Trojaner 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
14.08.2012, 12:41
| #3 | |
| | GVU Trojaner Hier ist der log von Malwarebytes:
__________________Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.08.2012 13:45:27 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Taschenlampe\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 64,41% Memory free 7,73 Gb Paging File | 6,15 Gb Available in Paging File | 79,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,87 Gb Total Space | 80,21 Gb Free Space | 17,48% Space Free | Partition Type: NTFS Drive D: | 458,87 Gb Total Space | 231,69 Gb Free Space | 50,49% Space Free | Partition Type: NTFS Drive E: | 264,40 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: Taschenlampe-PC | User Name: Taschenlampe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Taschenlampe\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\OEM\USBDECTION\USBS3S4Detection.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Windows\SysWOW64\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () SRV - (MsgPlusService) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe () SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvolwin7.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaywin7.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirwin7.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfswin7.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (usbscan) -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Taschenlampe\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.01 12:38:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 00:08:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.20 18:57:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.12 23:01:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 00:08:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.20 18:57:57 | 000,000,000 | ---D | M] [2010.05.31 12:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Extensions [2010.05.31 12:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.04 21:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions [2012.07.16 10:57:05 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.04.25 08:24:42 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2011.03.24 22:03:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.31 07:28:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Taschenlampe\AppData\Roaming\mozilla\Firefox\Profiles\dm7nx968.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.08.12 16:24:41 | 000,000,950 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin-1.xml [2010.07.24 20:43:04 | 000,000,950 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin-2.xml [2010.09.10 11:37:48 | 000,000,950 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin-3.xml [2011.03.03 13:13:18 | 000,000,950 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin-4.xml [2010.02.03 16:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Taschenlampe\AppData\Roaming\Mozilla\Firefox\Profiles\dm7nx968.default\searchplugins\icqplugin.xml [2012.04.29 09:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.14 14:41:00 | 000,012,128 | ---- | M] () (No name found) -- C:\USERS\Taschenlampe\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DM7NX968.DEFAULT\EXTENSIONS\{600452E8-6851-46DB-80FD-FA571B2DEAA7}.XPI [2012.07.19 00:08:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.12 19:41:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.06.18 19:34:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 19:34:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.18 19:34:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 19:34:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 19:34:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 19:34:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2010.05.10 16:27:59 | 000,001,345 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\Toolbar\WebBrowser: (no name) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Taschenlampe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Taschenlampe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D199494-D772-4AD0-B440-63AD0C313BD5}: DhcpNameServer = 130.149.7.7 193.174.75.142 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A31B4507-1C36-4DF5-A6F8-E2202D83664F}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6b3b74fc-7a36-11e0-bedf-90fba62c0a20}\Shell - "" = AutoRun O33 - MountPoints2\{6b3b74fc-7a36-11e0-bedf-90fba62c0a20}\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.13 20:11:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Taschenlampe\Desktop\OTL.exe [2012.08.13 20:08:01 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Roaming\Malwarebytes [2012.08.13 20:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.13 20:07:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.13 20:07:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.13 20:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.13 20:05:44 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Taschenlampe\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.12 23:40:28 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Roaming\Avira [2012.08.12 23:34:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.12 23:34:25 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.08.12 23:34:25 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.08.12 23:34:25 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.08.12 23:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.08.12 23:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.08.12 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{246893A9-A85E-4707-AF07-B8F8A2C14A14} [2012.08.12 16:22:54 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{476060C5-2638-4022-8C42-81EFEF75E37B} [2012.08.10 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{78003F7B-E04C-4BCC-BE8A-14DE41E896AF} [2012.08.10 16:56:57 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{60EAE8AF-EA01-477E-B83D-DD0A36BCE821} [2012.08.09 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener [2012.08.09 21:30:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winmail Opener [2012.08.09 18:53:45 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{EA5F5200-E849-4B29-A5A1-8AE75E9CA566} [2012.08.09 18:53:32 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{4A9B1041-A2BD-414F-B677-E852A61CE292} [2012.08.08 21:36:08 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{05074FE3-5C6E-478E-BAD5-97BD8C42128A} [2012.08.08 21:35:49 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{BFB25EA9-4073-4748-A32C-B894CEDEAFDB} [2012.08.07 20:58:35 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{209AAC11-9F31-41BB-A17A-956147663D2F} [2012.08.07 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{E6F1F129-5FF9-429C-9BEA-6CB64591EDB0} [2012.08.05 21:32:55 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{99008F22-B045-4592-A17F-12CE556AF0C8} [2012.08.05 09:32:29 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{BFEDD613-DB4C-4C3B-A863-FB96B3CE6692} [2012.08.05 09:32:17 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{42E4EA1B-6EA4-4BE5-AD53-F94EF8B63AD0} [2012.08.04 11:38:42 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{51C078FE-5219-41FD-810D-057D0FA7F0EF} [2012.08.04 11:38:27 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{60539D4D-2FC7-473B-A4CD-8E776808E670} [2012.08.03 19:13:17 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{87FD4097-84BE-4416-86AC-FE266BF98446} [2012.08.03 19:13:04 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{FD4F6646-6331-4A99-8B17-DD8B59A1F0DE} [2012.08.02 17:05:07 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{E697E1D0-3173-42B0-9809-63DD7F2A6285} [2012.08.02 17:04:54 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{69AAB778-3E6A-403C-A840-8B2C9A4BF2EE} [2012.08.01 19:46:17 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{EAAE31B3-8994-4EE9-9FED-8CDF57EA8FEE} [2012.08.01 19:46:06 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{97A76511-2827-4045-BC0E-84B0E1B87AD4} [2012.07.31 15:59:36 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{838328B5-3A5E-4951-93A0-A50A2462D818} [2012.07.31 15:59:22 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{18D1A8F4-16F6-4CCD-9F94-547E0E7BF260} [2012.07.30 12:53:08 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{3099DE27-E58D-44E3-B0A7-8D08C5F82B9D} [2012.07.30 12:52:55 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{D35690EA-E41F-4A3B-B033-B1CA4E335204} [2012.07.29 11:28:55 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{9FE3D0C1-E446-4A73-A9CB-4447EB9C0593} [2012.07.29 11:28:42 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{5B6BEB56-AD5B-44E5-B8EC-96C49642E833} [2012.07.26 10:20:50 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{5E4C3160-747E-4283-A3CC-B858C5D064A5} [2012.07.26 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{69867BAF-79BF-4F4A-9755-B9DB8DC8EC3D} [2012.07.25 11:34:43 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{2E56CDC2-4521-4818-B372-4D500049B55B} [2012.07.25 11:34:30 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{A55436FA-592A-4921-ABFC-108265314B67} [2012.07.24 10:32:31 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{87E5D320-077C-4E25-A4D7-A8487065ED48} [2012.07.24 10:32:13 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{5E6FE26D-DD9A-45C0-A741-B5AD83FFE068} [2012.07.23 13:20:01 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{AAFD030A-77F3-4329-BC91-E62635A27141} [2012.07.23 13:19:49 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{B16F8E58-BFE5-4380-A14F-3FFE09241375} [2012.07.22 12:13:54 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{1A0D6121-1B07-4A0D-9433-E8D224AE902F} [2012.07.22 12:13:42 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{AB4FEFE5-DC92-451F-A140-A0DE3A84A23A} [2012.07.21 21:16:11 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{549BACA7-AC00-4B25-B2D3-A75D747DB4D2} [2012.07.21 21:16:00 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{707E098E-279A-4F72-BCD3-0371BD969F15} [2012.07.21 09:15:22 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{B1897087-BB62-4CA7-ACFD-F3E40447D720} [2012.07.21 09:15:09 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{DFE1F7CC-34FE-4E62-BCCD-F7B12C7AC17D} [2012.07.19 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{EA3422A2-0D6D-420E-826B-C510EFABA6BB} [2012.07.19 17:19:06 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{79F533F7-07F5-436B-8B89-34F52BAADAC0} [2012.07.18 20:07:01 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{75BCB0D1-31EE-4F98-BF61-F060E6A64362} [2012.07.18 20:06:48 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{07053BE7-1192-4980-A08C-E57B4FE912D5} [2012.07.17 20:11:34 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{75E4D2B8-97DB-4E42-966B-51444A6AB122} [2012.07.17 20:11:08 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{81D4CE8B-4BA1-4E62-8DE3-03335BC7D5DD} [2012.07.16 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{B6B11DC3-31ED-46AB-AE92-3CEEAE17BD59} [2012.07.16 17:50:45 | 000,000,000 | ---D | C] -- C:\Users\Taschenlampe\AppData\Local\{6EBF90EF-ED7F-4265-88DB-79AB5F6D42EF} [2009.11.26 19:31:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [2009.06.27 18:06:16 | 000,178,176 | ---- | C] (privat) -- C:\Program Files\ClearProg.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.14 13:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.14 13:41:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.14 13:41:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.14 13:33:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.14 13:33:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.14 13:33:39 | 3113,558,016 | -HS- | M] () -- C:\hiberfil.sys [2012.08.13 20:11:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Taschenlampe\Desktop\OTL.exe [2012.08.13 20:07:50 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.13 20:06:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Taschenlampe\Desktop\mbam-setup-1.62.0.1300.exe [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.13 20:07:50 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.06 23:09:52 | 000,001,456 | ---- | C] () -- C:\Users\Taschenlampe\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.01.04 19:32:05 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.08 16:36:26 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.11.03 18:15:47 | 001,713,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.13 21:09:26 | 000,000,000 | ---- | C] () -- C:\Users\Taschenlampe\AppData\Local\{A7AC2D05-F118-42F3-844A-8FA9354E7F92} [2011.06.16 21:59:08 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\daspi32u.dll [2011.06.16 21:45:11 | 000,020,531 | -H-- | C] () -- C:\ProgramData\M33KI [2011.02.14 16:53:16 | 000,000,218 | ---- | C] () -- C:\Users\Taschenlampe\.recently-used.xbel [2010.11.27 20:53:06 | 000,000,169 | ---- | C] () -- C:\Windows\wininit.ini [2010.11.17 17:15:32 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.11.17 17:15:32 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.04.15 14:44:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.05 23:36:37 | 000,001,980 | ---- | C] () -- C:\Users\Taschenlampe\AppData\Roaming\wklnhst.dat [2010.02.18 16:02:37 | 000,065,536 | ---- | C] () -- C:\Users\Taschenlampes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.20 01:06:30 | 000,007,605 | ---- | C] () -- C:\Users\Taschenlampe\AppData\Local\Resmon.ResmonCfg ========== LOP Check ========== [2010.01.16 23:01:06 | 000,000,000 | -HSD | M] -- C:\Users\Taschenlampe\AppData\Roaming\.# [2011.01.10 22:22:01 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\.minecraft [2012.03.03 00:06:55 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Ahnenblatt [2011.02.09 22:15:03 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Ambient Design [2010.02.12 13:59:13 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Artweaver [2010.02.12 13:58:11 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Artweaver Plus [2010.04.25 19:43:20 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Audacity [2011.03.26 23:17:29 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\AV Bros Puzzle Pro 3.1 DEMO (64 Bit) [2011.02.09 22:18:20 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Bamboo Explore [2010.06.25 15:15:25 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Blender Foundation [2010.06.20 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Canon [2011.03.05 21:43:25 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.07.19 10:25:19 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2012.08.12 23:03:34 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Dropbox [2011.07.24 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\DVDVideoSoft [2011.03.24 22:03:18 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.20 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\e-academy Inc [2011.12.29 23:12:26 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\FileZilla [2010.01.16 22:49:24 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\GameConsole [2010.11.08 18:31:23 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\GetRightToGo [2011.05.18 21:48:30 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\GNU Solfege [2012.06.09 22:55:18 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Hobbyist Software [2011.02.22 18:32:33 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\ICQ [2010.06.24 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\inkscape [2012.03.25 10:24:42 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Internet Exprorer Add-on [2012.08.12 23:01:39 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\IrfanView [2011.06.26 15:38:16 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Lasersoft Imaging [2010.03.27 15:10:23 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\MAXON [2011.02.17 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\NeatImage SL [2010.07.01 00:04:57 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\net.tw.fotolia-desktop [2010.07.08 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\NetMedia Providers [2010.04.08 21:59:14 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Nik Software [2012.06.20 21:55:01 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Notepad++ [2011.12.29 23:20:01 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Nvu [2010.05.06 17:38:04 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\OpenOffice.org [2011.06.16 22:03:57 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\PIE [2010.01.17 23:25:30 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\PowerCinema [2010.07.08 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Publish Providers [2010.01.16 23:01:13 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\SoftDMA [2012.08.12 23:01:29 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\SoftGrid Client [2011.11.05 12:45:36 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Solveig Multimedia [2010.06.25 14:36:02 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.13 23:10:01 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Stella [2010.03.05 23:36:38 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Template [2010.05.31 12:56:24 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Thunderbird [2011.04.06 12:45:24 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\TIPP10 [2010.03.29 22:18:28 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Tobit [2012.06.20 21:37:39 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\TP [2011.02.09 21:39:45 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Wacom [2011.02.09 21:39:47 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2012.06.23 22:00:15 | 000,000,000 | ---D | M] -- C:\Users\Taschenlampe\AppData\Roaming\Windows Live Writer [2012.07.19 20:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C59E90A4 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0 < End of report > Und der zweite: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.08.2012 13:45:28 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Taschenlampe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 64,41% Memory free
7,73 Gb Paging File | 6,15 Gb Available in Paging File | 79,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 80,21 Gb Free Space | 17,48% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 231,69 Gb Free Space | 50,49% Space Free | Partition Type: NTFS
Drive E: | 264,40 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: Taschenlampe-PC | User Name: Taschenlampe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-1676260187-2342323063-2926789658-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Foto Meyer\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files (x86)\Foto Meyer\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Foto Meyer\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Meine CEWE FOTOWELT] -- "C:\Program Files (x86)\Foto Meyer\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0599AD3E-97B6-418E-BC38-4B67C6E2E533}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0EFEC10C-94A7-4699-8A33-5ADC00138145}" = rport=138 | protocol=17 | dir=out | app=system |
"{112E4A15-E002-428E-A364-BFD1F9EBC013}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16CC76F9-AC96-4237-9D25-18932F3253A6}" = rport=139 | protocol=6 | dir=out | app=system |
"{22FD9BF0-14E3-45B2-B687-7C15ADFC5F64}" = rport=445 | protocol=6 | dir=out | app=system |
"{238A19EF-217C-459A-B9F0-BFCC3CBF9992}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2DBBAD0C-1101-4AED-9BB4-E2EEF33CA9A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B9DEBC0-8BA3-4451-8E3E-7BAA1D918143}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{3E037A1B-CC8F-4CC1-80B4-975A51C9368E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FDE60BE-82C2-4C95-9E86-BF97B96BC32F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{52C0632F-185D-4DB4-84BF-F2A68BE3FFB3}" = lport=139 | protocol=6 | dir=in | app=system |
"{54CBF3D5-F930-4B35-9603-18A3034D5644}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C6B23F5-239A-4823-B780-931A58E33CAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{736C1AD9-A137-4D9B-8E58-84C50010990C}" = rport=137 | protocol=17 | dir=out | app=system |
"{741342F1-2FEF-4A6E-9C90-66B7FD12AE90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{869F4315-F4D3-4597-A14E-7DA9D06D4B5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DDFA637-0406-42DF-A5B9-290BBC8E1FC9}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface |
"{959BBC14-9D62-449D-AD40-CD95E741AF64}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96A34203-3A0D-41F0-A515-B8C1EAF40495}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF5A2C9F-45F1-4BF0-A737-71BCCF004F45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B440B751-1832-4050-9500-B993D324FE86}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B969468C-1AF4-49C7-9C99-A8B03A8B78F4}" = lport=138 | protocol=17 | dir=in | app=system |
"{BAFDF161-4D55-4296-922C-C90110040E17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CBE36B81-9245-493C-A4ED-95227FAB2E6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E5430F5F-8F13-425D-A857-189227F78B51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED26FDB9-6B50-4B63-9409-2D7AE5D5F84B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EEACEAB7-7046-40C0-A9C6-47B92EDEC6AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F7025EAF-BAE6-48A6-A727-22F3E986D57E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9A68184-321D-4671-AA39-33CF1AA03AFA}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0125DD90-2839-45AA-80C9-3F52730BFCA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{04423C1C-0296-4381-9083-56D1E0FFBD2F}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\update_1df8.exe |
"{0D367C0B-6502-46A1-B0A6-EAD9EDA4B2B7}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\update_1df8.exe |
"{1311470B-2121-491B-910A-565418570AE6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A814056-BF74-45F4-8EC0-60A145E0AA60}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\downloads\flv_player_setup.exe |
"{1B1C3094-428F-4766-9A27-BF967AA42505}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{235276D3-63E9-46B9-AE1C-91A7854C348C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{23C4C344-CBD7-4C5F-9900-91808CE0FBF8}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{2999B480-04BC-4CC7-A7D4-5073AD5AB579}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{2A907008-9A2B-42F9-95C6-A00823FAAE0A}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\downloads\flv_player_setup.exe |
"{2F83989B-9985-4068-A1BD-44168B480785}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{30202B40-9D87-4344-B9CC-9EDCCF78AA6D}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe |
"{335FF696-C317-4F88-AF8A-4AE2AD8126CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33AA6A8D-7B72-4E17-BABD-FF56D3C40990}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe |
"{348FD22B-FEB3-490F-BD55-C4C24E12F86F}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{36E13E43-F685-4DD9-B5C6-CC36DE31B043}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{36EEF358-B611-4BFA-98AA-A85146151EA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{39E2635D-69F3-40A1-A846-F4624A5E068B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{40C73673-8167-4518-9FC3-0102364D6BCB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{53FFF210-346C-46C9-BD95-19D7BA39A6BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{56B2C510-808F-4DD3-9B5B-BB0417FEF727}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{58CD2BB7-3954-4E09-86B1-C6DA0176C0D4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{59211C92-2284-43DA-8541-CD9DE5F3A2E7}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\7zs285f\hppiw.exe |
"{5C820663-4E7E-484E-B5F8-71F8B799D1CF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5F27FAF0-99E8-4C0D-B52F-E045915C1DE1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{5FA792D5-886C-4515-B043-84D4776FE494}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\7zs285f\hppiw.exe |
"{619BCEFE-9115-467C-A272-914CF71315F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{6383900F-33C7-48DB-8281-6C35915028CE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{648A1C48-07E1-42C2-BEF3-F9EAA9BF6FF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{66DF81D7-2944-47E8-ABAE-761FC6D05CB1}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe |
"{6CD111E0-9A9E-420C-B150-1E49F97C4901}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E7B86F5-BED6-4607-AD5F-23FC68D28467}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{74D99B5A-8CD7-44DB-B673-F7AC6D48DDA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7623A4E6-9A54-4C67-AF41-C3FDD7BEBA2C}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{77EE1DCD-AD75-40CD-B3CE-481181CB7953}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79F00830-DD0B-4F0F-B8D0-7BAD37A7D230}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BC708CA-879E-4028-840C-908C83E7B725}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{7BD9F926-97C2-41E6-920E-FADEFDBCC041}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\update_4433.exe |
"{85375B04-0D94-4E97-8F1F-05E67A9C9E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8539AD18-C9F9-4AF5-B289-78650CAD5292}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe |
"{890010A8-E286-44C9-9CBA-031D0635615E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{8DFE587A-FF36-4312-A915-86AB7173EE7F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E73CFD5-2AE3-479F-B55B-B5DFBE128929}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{8E917D8B-1D58-4B96-A0E9-5C25B99406FF}" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe |
"{8EBAE748-C746-4EA0-AFEF-DFC6E683784A}" = protocol=6 | dir=out | app=system |
"{932CEB8D-4B10-4A3D-A7E8-0F16F1263889}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A8C62BC8-6B99-44CA-BC47-D32431E9CB98}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe |
"{AB1A2734-73FC-42AA-B36C-F6F8C154782B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACC1E371-2273-4EE4-AB75-73512BA92E5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD309413-15A1-4107-8CFE-4839AB96189E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B01D195E-7706-4FE8-947C-4DAE661DB3C7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B84D4A5D-FBDB-40CC-A245-7460BE013CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{B8A27DBC-030C-4FF5-A1C8-484483879FFA}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{BBEE3AB5-16E2-4824-B782-7749F183B647}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BCFA3819-D710-44AE-BF9C-7F5A0E197ED7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BDBFB3BB-C071-4DC5-B84E-2D2F5EC2DED5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C59E3F7D-C13E-4465-89F4-2041ABDB0271}" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\temp\update_4433.exe |
"{C60E0DE8-0D37-4E78-99AE-415669A59B6B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\aolload.exe |
"{DC2A25A0-348D-4F60-80E2-CE260CBA4F01}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{E0D0450F-52C5-49D4-852B-BF35513665E7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E4B014BA-7F0F-4850-8FA0-A70A138AAE97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4CFD87A-08CC-4B58-97FF-21C88FE14D55}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.1\icq.exe |
"{E738D99B-9532-45AD-A5C2-D0D8ADC082EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{E8E559CB-E1F0-4651-A42C-1A0F82E6A4FC}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{ECF1C00F-E3A6-400A-8057-214D798DAF07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5C5E6B7-2025-4BA4-8A9B-B9865327BB9E}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe |
"{F5C6E9C5-771F-463E-97F6-0C744B420FB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F791F725-8296-490F-9444-AFEC986C6C28}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{F947E8E3-7CE0-46A3-BB60-45A914FAC655}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"TCP Query User{12CC1008-579F-4862-A06A-EFF2F42C596E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{1B27FB40-6A3E-44CA-812E-CC064FF08F8C}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"TCP Query User{2331E7C8-3640-4C64-A97A-A28A9C83E75E}C:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe |
"TCP Query User{4034F782-E7DE-4615-9A93-1D3711898530}D:\trekstor\spiele\aoe2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\trekstor\spiele\aoe2\age2_x1\age2_x1.exe |
"TCP Query User{4B0BC3CD-7C91-4EDF-BF4F-E0D652B1BE32}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{503EC7A2-6AF9-4C9A-95FC-CC8065C0621F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{65B597E2-FAA3-45EC-B0C9-42230C936054}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{6E5C610B-BA71-415C-B318-7067E0B430B9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{748D0B93-9DAD-4A1B-BA2F-4736F6061EF4}C:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8B7496F8-651E-4AFA-AD22-832E7507FF4E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{9078B504-EF74-4C7D-95DE-D349AB57BEE3}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{F8D44452-C5E4-479A-BBFA-75473DC2E75E}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{3ECA2191-C46B-4177-AE41-62710237FE2B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{4BA045A7-AF2F-48CB-88E5-7237D843862A}C:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\local\akamai\netsession_win.exe |
"UDP Query User{873A0081-0A86-48F1-8C10-5FFADC838436}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{8ECBF4E5-FDD8-4BBE-A243-44688DBAF7F3}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{95F65215-A16F-449D-8168-CE9A722FF264}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{AA631377-C221-48EB-9BD2-3048DAFEA553}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C46CC357-4B1A-4DE8-96FB-82CA217A8511}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{C54813D6-4142-42EE-B13A-F8D21CF076A5}C:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe |
"UDP Query User{CE5D9942-11ED-49FF-99CA-B964483552D7}C:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\Taschenlampe\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E1543D8A-DAE2-40A8-9B5C-6F55B231A649}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{E445098D-C4DE-4894-8C25-9FE342669FCC}D:\trekstor\spiele\aoe2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\trekstor\spiele\aoe2\age2_x1\age2_x1.exe |
"UDP Query User{F17EFEC0-E06A-4E8C-B719-4C78A88599D6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"doPDF 6 printer_is1" = doPDF 6.3 printer
"MAXOND23FFDAC" = CINEMA 4D Demo 11.530
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{354D00E0-C7C9-4BC1-BC12-08C4977AA827}" = SlimDX Redistributable (June 2010)
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3D3D1E03-D506-4163-B600-82EE27FC5A89}" = Microsoft Camera Codec Pack
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D20D7-AA12-4FC8-9A4A-AF722F430738}_is1" = EOS Camera Movie Record 0.2.1 Beta
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E41D2A5-C0DD-4139-8C7A-2F0E1F20ED24}" = CombineZP
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{90D161A3-7D26-11D8-AB0F-000374890932}" = Internet Software Pak
"{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94C1A41C-2A2D-4AF0-858E-924288245621}" = SlimDX Redistributable (August 2009)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9d5299f9-f94e-43ed-9632-a5e045b51f7d}" = Nero 9 Essentials
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE71A92-DF5D-5880-F8B0-7FF30CE49B44}" = myphotobook.de
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AD9E6AC8-27B4-326A-69D1-C8A3549DAC22}" = Bamboo Dock
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B455DA2A-531A-4456-BA1C-3534DD327EFE}" = CyberView X Multiple-Slides Scanner v1.18a
"{B46834CC-141E-11D5-A76F-0030AB007078}" = MA101 USB Adapter Configuration Utility
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B64B2351-10AE-4890-9D5E-F9BDC292801D}_is1" = Dietrich's AG PlanCAD-L
"{B9BD670E-E9BF-494A-9843-F20C13EE8C4C}" = ArtRage 2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA2B4016-343D-4564-BE1C-99D84BE9673D}" = AKVIS ArtWork
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.69
"Algebrus_is1" = Algebrus 3.1
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bamboo Dock" = Bamboo Dock 3.3
"Bamboo Explore" = Bamboo Explore
"Bamboo Scribe LanguagePack de_DE 3.2_is1" = Bamboo Scribe LanguagePack de_DE 3.2
"Bamboo Scribe Wacom 3.2_is1" = Bamboo Scribe Wacom 3.2
"Blender" = Blender (remove only)
"Box24" = Box 24
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"Dfine 2.0" = Dfine 2.0
"DivX Setup" = DivX-Setup
"druckstdu.de Designer 1.5.1_is1" = druckstdu.de Designer 1.5.1
"EuroGrand Casino" = EuroGrand Casino
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.5.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"GML Matting_is1" = GML Matting 0.3
"GNU Solfege_is1" = GNU Solfege 3.18.7
"Harry's Filters_is1" = Harry's Filters 3.01
"Hotkey Utility" = Hotkey Utility
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"ImageSkill Magic Enhancer Lite 1" = ImageSkill Magic Enhancer Lite 1 (Remove only)
"ImageSkillOutliner" = ImageSkill Outliner (remove only)
"Inkscape" = Inkscape 0.48.0
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"IrfanView" = IrfanView (remove only)
"Joyland Casino" = Joyland Casino
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OpenTTD" = OpenTTD 1.1.0
"Pen Tablet Driver" = Bamboo
"Pixum Fotobuch" = Pixum Fotobuch
"PRJPRO" = Microsoft Office Project Professional 2007
"RealAlt_is1" = Real Alternative 2.0.2
"RealPlayer 12.0" = RealPlayer
"S2TNG" = Die Siedler II - Die nächste Generation
"Slideroll Gallery AV_is1" = Slideroll Gallery AV 2.1.03b
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"TinyCAD" = TinyCAD 2.70.03
"TIPP10_is1" = TIPP10 Version 2.1.0
"TmNationsForever_is1" = TmNationsForever
"Tobit Radio.fx Server" = Radio.fx
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.1.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1676260187-2342323063-2926789658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
"Move Media Player" = Move Media Player
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.08.2012 19:08:20 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
Error - 12.08.2012 19:08:20 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
Error - 13.08.2012 02:44:43 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.08.2012 02:44:43 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27398611
Error - 13.08.2012 02:44:43 | Computer Name = Taschenlampe-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27398611
Error - 13.08.2012 03:24:43 | Computer Name = Taschenlampe-PC | Source = MsgPlusService | ID = 0
Description =
Error - 13.08.2012 03:24:43 | Computer Name = Taschenlampe-PC | Source = MsgPlusService | ID = 0
Description =
Error - 13.08.2012 08:35:26 | Computer Name = Taschenlampe-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0061-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 14.08.2012 03:27:12 | Computer Name = Taschenlampe-PC | Source = TabletServicePen | ID = 1
Description =
Error - 14.08.2012 07:44:57 | Computer Name = Taschenlampe-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.57.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12d4 Startzeit:
01cd7a11ebe6c195 Endzeit: 16 Anwendungspfad: C:\Users\Taschenlampe\Desktop\OTL.exe Berichts-ID:
[ Media Center Events ]
Error - 17.02.2010 05:12:33 | Computer Name = Taschenlampe-PC | Source = MCUpdate | ID = 0
Description = 10:12:33 - Fehler beim Herstellen der Internetverbindung. 10:12:33
- Serververbindung konnte nicht hergestellt werden..
Error - 17.02.2010 05:13:10 | Computer Name = Taschenlampe-PC | Source = MCUpdate | ID = 0
Description = 10:13:03 - Fehler beim Herstellen der Internetverbindung. 10:13:03
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 12.08.2012 17:34:18 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler
beendet: %%126
Error - 13.08.2012 08:24:59 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 13.08.2012 08:27:28 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler
beendet: %%126
Error - 13.08.2012 08:39:27 | Computer Name = Taschenlampe-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A31B4507-1C36-4DF5-A6F8-E2202D83664F} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 13.08.2012 08:39:27 | Computer Name = Taschenlampe-PC | Source = NetBT | ID = 4321
Description = Der Name "Taschenlampe-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.2 registriert werden. Der Computer mit IP-Adresse 192.168.0.8
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 13.08.2012 08:39:28 | Computer Name = Taschenlampe-PC | Source = NetBT | ID = 4321
Description = Der Name "Taschenlampe-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.0.2 registriert werden. Der Computer mit IP-Adresse 192.168.0.8
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 14.08.2012 03:26:52 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.08.2012 03:29:18 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler
beendet: %%126
Error - 14.08.2012 07:33:56 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.08.2012 07:36:34 | Computer Name = Taschenlampe-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler
beendet: %%126
< End of report >
|
|
14.08.2012, 16:03
| #4 |
| /// Helfer-Team | GVU Trojaner Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - No CLSID value found
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1676260187-2342323063-2926789658-1000\..\Toolbar\WebBrowser: (no name) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b3b74fc-7a36-11e0-bedf-90fba62c0a20}\Shell - "" = AutoRun
O33 - MountPoints2\{6b3b74fc-7a36-11e0-bedf-90fba62c0a20}\Shell\AutoRun\command - "" = H:\autorun.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:C59E90A4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
[2012.08.14 13:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.14 13:33:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.01.16 23:01:06 | 000,000,000 | -HSD | M] -- C:\Users\Taschenlampe\AppData\Roaming\.#
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
14.08.2012, 16:52
| #5 | |
| | GVU Trojaner Ist das normal, dass der Firefox auf den Urzustand zurückgesetzt wird? Zitat:
|
|
15.08.2012, 09:12
| #6 |
| /// Helfer-Team | GVU Trojaner Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> GVU Trojaner |
|
15.08.2012, 21:37
| #7 | ||
| | GVU Trojaner Neuer logfile von Malwarebytes: Zitat:
Zitat:
|
|
15.08.2012, 22:14
| #8 |
| /// Helfer-Team | GVU Trojaner Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
16.08.2012, 12:25
| #9 | |||
| | GVU Trojaner Hier die neuen logfiles von adwcleaner und Emsisoft Anti-Malware: Zitat:
Zitat:
Zitat:
|
|
17.08.2012, 02:06
| #10 |
| /// Helfer-Team | GVU Trojaner Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
17.08.2012, 09:00
| #11 |
| | GVU Trojaner PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 14.0.1 ist aktuell Flash 11,3,300,257 ist veraltet! Aktualisieren Sie bitte auf die neueste Version! Java (1,7,0,6) ist aktuell. Adobe Reader 9,5,0,270 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 10,1,3 |
|
17.08.2012, 15:26
| #12 |
| /// Helfer-Team | GVU Trojaner Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
17.08.2012, 23:09
| #13 |
| | GVU Trojaner Muss man bei Firefox auch die Sicherheitszonen zurücksetzen ? |
|
18.08.2012, 14:51
| #14 |
| /// Helfer-Team | GVU Trojaner Nein, das im IE gilt global. |
|
28.08.2012, 20:38
| #15 |
| | GVU Trojaner Vielen Dank für die Hilfe |
|
| Themen zu GVU Trojaner |
| antivir, auf einmal, avira, avira antivir, bildschirm, einträge, erneuern, gelegt, gestern, inter, interne, kaspersky, löschen, nicht mehr, registry, runtergeladen, software, starte, systemprüfung, troja, trojaner, träge, weiße, windows |
Linear-Darstellung
