| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschaltenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.08.2012, 16:53
| #1 |
| |  Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten Hallo, wenn ich bei mir mit Google Chrome im Internet was suche und denn einen Link anklicke lande ich Gewinn und Spieleseiten. Das passiert nur bei Chrome. Im Internet Explorer geht das normal. Unten rechts im Desktop habe ich die Meldung (Fahne mit roten Kreuz) das das "Dienst Sicherheitscenter aktivieren". Beim Versuch das einzuschalten kommt "Der Windows Sicherheitsdienst kann nicht gestartet werden." Wenn ich das denn manuell in der Verwaltung starte geht das nach 15 sek. wieder aus. Ebenfalls der "Defender". Der Pfad bzw. Name wurde durch "***" ersetzt ! Nachtrag: Defogger brachte keinerlei Meldung Hier nun meine Dateien: 1. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.27.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-LAPTOP [Administrator] Schutz: Aktiviert 27.08.2012 16:13:51 mbam-log-2012-08-27 (16-13-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199225 Laufzeit: 4 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.08.2012 17:14:46 - Run 3 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 54,44% Memory free 8,00 Gb Paging File | 5,89 Gb Available in Paging File | 73,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 50,20 Gb Free Space | 43,11% Space Free | Partition Type: NTFS Drive D: | 334,67 Gb Total Space | 105,90 Gb Free Space | 31,64% Space Free | Partition Type: NTFS Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project) PRC - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project) ========== Modules (No Company Name) ========== MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll () MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () ========== Services (SafeList) ========== SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (uvnc_service) -- C:\Program Files\UltraVNC\winvnc.exe (UltraVNC) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe () SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SentinelProtectionServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc) SRV - (SentinelKeysServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.) SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe () SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\C259.tmp (Sophos Plc) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (mv2) -- C:\Windows\SysNative\drivers\mv2.sys (UVNC BVBA) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.) DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{24FFE2BD-6067-4A24-8BB6-95BF72CD7430}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{5467A077-83FD-4593-95B0-8369F9A0EF52}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{69DFA6BC-54D1-40BC-8577-4D8BFF4E0D11}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE423 IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{7A06B101-045B-4F6A-A503-29F9CA28E98D}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{B191C297-3134-46DC-8654-4238FD25D008}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: tbsortfolders@xulforum.org:1.0.1 FF - prefs.js..extensions.enabledItems: {8845E3B3-E8FB-40E2-95E9-EC40294818C4}:0.9.10.1 FF - prefs.js..extensions.enabledItems: {CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}:7.3.4.44 FF - prefs.js..extensions.enabledItems: {FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}:11.0.2.556 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.03 16:14:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.05.03 16:14:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.19 08:12:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.27 13:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.24 14:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.27 14:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.04.07 23:03:04 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2010.03.24 18:26:47 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2012.01.18 13:51:20 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2011.09.26 09:09:54 | 000,074,045 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.XPI [2012.07.19 08:13:09 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103} [2010.11.18 08:53:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG [2011.06.28 22:08:17 | 000,000,000 | ---D | M] (Manually sort folders) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\TBSORTFOLDERS@XULFORUM.ORG [2012.04.25 14:57:53 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI [2012.08.26 19:32:36 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}, CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - Extension: SEOquake = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.7_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: AT_AmericanApparel = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejbaacdckokghddlhgapklpmlfklfga\3_0\ CHR - Extension: Voice Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.0.11_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.69 81.173.194.77 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DC1A99F-6CD3-422F-A327-3CD423EA0F7D}: DhcpNameServer = 62.13.169.92 62.13.169.93 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FF6B35F-1E87-4122-A33B-71760F279CBF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{924943FB-53EB-4BC5-9209-B640EBA11CAF}: DhcpNameServer = 81.173.194.69 81.173.194.77 O18:64bit: - Protocol\Handler\gopher - No CLSID value found O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0fe4479a-8c4d-11e0-b08a-e0cb4e820c95}\Shell - "" = AutoRun O33 - MountPoints2\{0fe4479a-8c4d-11e0-b08a-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{8c5e0e27-88b0-11df-a050-e0cb4e820c95}\Shell - "" = AutoRun O33 - MountPoints2\{8c5e0e27-88b0-11df-a050-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{e79d9956-3b28-11df-b230-e0cb4e820c95}\Shell - "" = AutoRun O33 - MountPoints2\{e79d9956-3b28-11df-b230-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e79d9959-3b28-11df-b230-e0cb4e820c95}\Shell - "" = AutoRun O33 - MountPoints2\{e79d9959-3b28-11df-b230-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f2a0d0bf-61b0-11df-ae73-e0cb4e820c95}\Shell - "" = AutoRun O33 - MountPoints2\{f2a0d0bf-61b0-11df-ae73-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f2a0d0c7-61b0-11df-ae73-e0cb4e820c95}\Shell - "" = AutoRun O33 - MountPoints2\{f2a0d0c7-61b0-11df-ae73-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fceddd9c-b97a-11df-bfc6-e0cb4e820c95}\Shell - "" = AutoRun O33 - MountPoints2\{fceddd9c-b97a-11df-bfc6-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fceddda7-b97a-11df-bfc6-e0cb4e820c95}\Shell - "" = AutoRun O33 - MountPoints2\{fceddda7-b97a-11df-bfc6-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.27 15:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.27 15:09:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.27 15:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.26 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.26 19:51:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.26 19:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.26 19:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownloadManager [2012.08.26 19:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012.08.26 19:32:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon [2012.08.26 19:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.08.26 10:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012.08.26 08:00:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2012.08.26 00:38:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.08.25 22:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.08.25 22:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.08.25 15:58:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GlarySoft [2012.08.25 15:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities [2012.08.25 15:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities [2012.08.23 10:36:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\GIZ-Akustik [2012.08.21 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\WNA Aschaffenburg [2012.08.18 19:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.18 19:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.18 19:15:31 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.08.18 19:15:31 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.16 07:17:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 07:17:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 07:17:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 07:17:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 07:17:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 07:17:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 07:17:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.16 07:17:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.16 07:17:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.16 07:17:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.16 07:17:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.16 07:17:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.16 07:17:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.16 07:13:00 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.16 07:12:55 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.16 07:12:55 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.16 07:12:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.16 07:12:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.16 07:12:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.16 07:12:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.16 07:12:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.15 17:11:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Mopa Assmann [2012.08.15 10:54:44 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neur. Reha Jaulousie [2012.08.14 14:03:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7BC2A712-4574-4F2A-922B-13134C1C5807} [2012.08.13 13:09:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\BA Güterverkehr [2012.08.11 09:15:08 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Feuerwache [2012.08.09 18:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.08.09 17:24:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neur. Reha [2012.07.31 11:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.07.31 11:37:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge [2012.07.31 11:37:42 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.07.31 11:37:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.07.31 11:37:41 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012.07.31 11:37:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.07.31 11:37:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.27 17:06:42 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 17:06:42 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.27 17:03:39 | 001,521,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.27 17:03:39 | 000,662,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.27 17:03:39 | 000,623,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.27 17:03:39 | 000,133,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.27 17:03:39 | 000,109,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.27 16:58:19 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.08.27 16:58:05 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.27 16:57:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.08.27 16:57:54 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\Rqomy.job [2012.08.27 16:57:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.27 16:57:39 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys [2012.08.27 16:49:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.27 16:46:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1190083139-4152234109-3363923291-1001UA.job [2012.08.27 15:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.27 15:26:54 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.27 15:09:55 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.27 14:45:36 | 000,034,267 | ---- | M] () -- C:\Users\***\Desktop\rohde ab.pdf [2012.08.27 07:46:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1190083139-4152234109-3363923291-1001Core.job [2012.08.26 22:35:05 | 000,002,482 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012.08.26 22:35:05 | 000,002,047 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.08.26 22:05:36 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.26 19:32:56 | 000,000,317 | ---- | M] () -- C:\user.js [2012.08.26 08:44:18 | 000,849,747 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache [2012.08.26 08:38:03 | 000,127,426 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache [2012.08.26 08:06:03 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2012.08.26 00:33:34 | 000,122,997 | ---- | M] () -- C:\Users\***\Desktop\bookmarks_26.08.12.html [2012.08.25 15:52:47 | 000,001,032 | ---- | M] () -- C:\Users\***\Desktop\Glary Utilities.lnk [2012.08.25 14:28:27 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\migwizo.dll [2012.08.24 07:38:20 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.24 07:38:20 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.23 12:00:07 | 000,000,586 | ---- | M] () -- C:\Windows\tasks\pCon.update DataClient (***).job [2012.08.18 19:15:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.18 19:15:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.17 10:21:40 | 000,113,101 | ---- | M] () -- C:\Users\***\Desktop\spa-de.mo.mo [2012.08.16 07:27:31 | 000,449,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 14:04:27 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.08.14 14:03:20 | 000,001,262 | ---- | M] () -- C:\Users\Public\Desktop\pCon.planner 6 ME.lnk [2012.08.08 17:44:12 | 000,028,802 | ---- | M] () -- C:\Users\***\Desktop\prior.pdf [2012.07.30 14:16:48 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2012.07.30 14:16:16 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.27 15:26:54 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.27 15:09:55 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.27 14:45:36 | 000,034,267 | ---- | C] () -- C:\Users\***\Desktop\rohde ab.pdf [2012.08.26 22:03:49 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.26 19:33:51 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.08.26 19:33:51 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.08.26 19:33:51 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.08.26 19:32:54 | 000,000,317 | ---- | C] () -- C:\user.js [2012.08.26 08:44:18 | 000,849,747 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache [2012.08.26 08:38:03 | 000,127,426 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache [2012.08.26 08:06:03 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2012.08.26 00:33:34 | 000,122,997 | ---- | C] () -- C:\Users\***\Desktop\bookmarks_26.08.12.html [2012.08.25 15:52:53 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job [2012.08.25 15:52:47 | 000,001,032 | ---- | C] () -- C:\Users\***\Desktop\Glary Utilities.lnk [2012.08.25 14:28:27 | 000,118,784 | RHS- | C] () -- C:\Windows\SysWow64\migwizo.dll [2012.08.25 14:28:27 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\Rqomy.job [2012.08.17 10:23:23 | 000,113,101 | ---- | C] () -- C:\Users\***\Desktop\spa-de.mo.mo [2012.08.14 14:03:20 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\pCon.planner 6 ME.lnk [2012.08.08 17:44:11 | 000,028,802 | ---- | C] () -- C:\Users\***\Desktop\prior.pdf [2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.04.04 12:41:49 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.01.18 13:52:13 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.08.18 17:06:09 | 000,037,045 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2011.03.05 05:08:31 | 000,000,422 | ---- | C] () -- C:\Windows\SysWow64\MSST42.DLL [2011.01.24 09:50:13 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2010.11.14 13:18:45 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.02 22:35:03 | 000,007,625 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.03.31 09:00:49 | 000,013,030 | ---- | C] () -- C:\Users\***\AppData\Local\PDOXUSRS.NET [2010.01.11 14:36:44 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2010.03.26 08:43:38 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2011.05.09 17:20:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2011.01.19 14:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCOMP Software [2010.03.26 08:40:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Asus WebStorage [2010.03.31 08:32:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk [2012.08.26 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2012.07.26 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2012.05.06 14:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.03.05 05:39:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DocFetcher [2010.03.25 10:04:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EasternGraphics [2012.08.27 13:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.08.25 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Monitor for Google [2010.03.25 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole [2011.01.19 14:55:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.08.25 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft [2010.11.18 15:46:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.04.26 17:18:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg [2011.11.06 10:44:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySEOSolution_DB_Dir [2012.03.20 11:48:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2012.03.20 11:48:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2012.07.22 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2010.05.24 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.07.31 11:37:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2010.03.24 17:35:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\POV-Ray [2012.08.26 08:04:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.08.09 18:15:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.10.29 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator [2011.08.12 09:55:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.07.04 22:47:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp [2010.03.24 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.03.29 19:30:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2010.09.30 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Webocton - Scriptly [2011.10.20 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions [2012.08.27 16:58:19 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.08.23 12:00:07 | 000,000,586 | ---- | M] () -- C:\Windows\Tasks\pCon.update DataClient (***).job [2012.08.27 16:57:54 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\Rqomy.job [2011.02.15 07:00:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(8).TXT [2012.07.31 06:18:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8 < End of report > [/CODE] OTL Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.08.2012 17:14:46 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 54,44% Memory free
8,00 Gb Paging File | 5,89 Gb Available in Paging File | 73,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 50,20 Gb Free Space | 43,11% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 105,90 Gb Free Space | 31,64% Space Free | Partition Type: NTFS
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0434CF8F-98EA-4B5F-BA00-CAB296F6E28A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0803F13E-B482-47FF-A422-169450A97438}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0B3CEA1A-C757-4DDF-B96D-E9413C564F70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12AA3EF7-9107-47E8-9A1A-0858C62D21CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15519F8F-7C03-4EF6-8DF3-6F46C69E29EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{158464C9-EA1F-4F63-9A21-621F333CD83E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1F6BC554-A35E-46E6-8FC4-3425ECFBF954}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2AF6A072-1BB0-40C7-B354-E577BB39A527}" = lport=138 | protocol=17 | dir=in | app=system |
"{35019E6E-AC5D-4ABC-B724-F541DA4914AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D9AD91B-D8C1-48AC-8CD2-79303F9758D8}" = rport=137 | protocol=17 | dir=out | app=system |
"{3FF6D1DC-955F-4307-8388-962F05C76C88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{442CD261-F4F7-4EAB-8261-77FC65F1C3F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4861FC1B-2FCC-47E8-A619-70B2A3502D59}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{54FB92B3-72F2-4569-AF52-6179949A481E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{69C8AD40-FE33-4794-A750-4C6260D8AF03}" = lport=137 | protocol=17 | dir=in | app=system |
"{69E855DD-9AA9-4ED1-99BA-141E17C7ED8C}" = rport=139 | protocol=6 | dir=out | app=system |
"{724FB0FD-AAB3-482D-A2BF-ED3E50F99494}" = lport=445 | protocol=6 | dir=in | app=system |
"{767297C8-FBD3-4459-85A1-CC31FA2BC75B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E3F0B24-555A-4239-9B8B-43F78EE656C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80BB3CA9-3750-471D-936E-34996D7A400A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DDDC27B-2989-48CC-A711-76BD510EB36C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8DE7B81E-1E83-4C2E-BFF3-C1C144D4ED88}" = rport=138 | protocol=17 | dir=out | app=system |
"{ACC27F39-CBAE-4B3D-9FCE-953B78CF1ECA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C4A6A3F1-7B68-4C2B-BA84-2779746DD004}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DFFEA006-C43E-4F51-B9C5-0BF7C50C6386}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E0602666-7404-495F-8359-20D4CBFE8CFA}" = rport=445 | protocol=6 | dir=out | app=system |
"{E2D9ECC3-F532-44BE-B873-C813CDE12A87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E968DCD5-DEE6-4925-884C-9A2D314C0513}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F15BA9FB-EA14-4D6E-91BD-90FD66ED019C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1649EC6-81B6-4375-A357-349CE35B8DB1}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04047D4A-B8A0-4DED-9EBD-64688E4A55AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{167799E2-0FCD-468B-AB8A-A0F26A12F303}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1D4D21D5-8CAD-4A0F-AB8E-A0D1F4354197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{207ABF3C-AB77-4875-91D8-67DC1B11AD54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2B1E0571-2441-433B-B16B-5182349C2F51}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2E334CD5-59EF-4BEC-8BDE-AA5E6862C5CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{356ABFC8-A87E-4C96-A462-56B5AC897520}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{3856AD38-0B93-46B4-A03D-AF1872FFC54B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{468E0C86-BE07-4BD3-9F21-AAD85C30BD4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4825AE6B-0F92-4668-9A03-291FBD08E8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{4EA2D8E9-5621-47ED-98E5-208E9FD26490}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4F0C7BA2-A894-40FD-B0D4-1F1B5660A08B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4FB74AF8-70DB-45C5-8597-4DF0785C05A6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{560AD9AE-C248-4E32-96C3-C4C3AB3F0809}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{737ED53D-8CBE-4EAB-9038-FE2327FAB91A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{73DA5FAA-A50E-4238-B25C-1F3D985D6A72}" = protocol=6 | dir=out | app=system |
"{7A937F06-9052-449F-BC2F-E64F116525C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81640FC1-AA18-4F3C-A719-44E128BE8630}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8290272F-BC8D-457A-AF6E-F6CB360E1AE9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82CEB741-7AEF-4A5F-A876-98272484E243}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{91B9BE51-A9CF-45A5-9EF7-A58252B2F243}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{96AEE296-3680-4023-862C-40E2CD5F1EAC}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A3C22C94-1FFD-40DC-9034-2B41EF82444D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A6B751EB-9594-4041-900D-B5C31A206D8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AD4E6509-7773-407E-933D-3BE849AE3029}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BAA30B4A-2C93-45F5-BC01-22B961BD0552}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{BC3903B3-8513-4CC9-8290-D2087DB7BC77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE2EC4BC-A703-4BB5-9994-C7143C5FA07F}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{BF28BCC5-ECFB-4E03-9B72-198D041AF5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C0330EB4-D3F6-471B-957B-85EC7CC1A669}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6F1B3E8-EDC7-4377-A089-E3B702145F9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD4FDBE9-731A-456A-96B3-A3E502C75E28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CD898B26-4C6B-4B0F-A3EC-C373DAA16940}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CED83883-FC4F-4619-A733-E876CECE633F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D82D8E0C-27EE-4927-9737-F23C9A074F3C}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe |
"{E28DC715-C11E-4041-8CAE-3B2BAFDC64BC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E5941391-47D4-46BD-91F8-E566B04534F8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe |
"{E6F1ED33-B211-45A1-B7E7-53B40CECCE83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3EAC1EC-3AC9-4576-BC28-B7D6CB8DA464}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F6A0D173-251C-43E3-B1CE-4EE82EF4FEF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8D6BFF5-4DAB-44DC-919E-535FE26BFCCF}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{FA8108ED-D72B-4937-B681-9D4FB95ED09A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC286918-AE38-4154-B013-45C44384E058}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{FD3AFF56-4602-4D26-B849-5F99750C2805}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe |
"{FD583676-F73C-4E89-8936-B442F68F65C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE057991-57EE-4C96-8EA8-51450D490CAA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"TCP Query User{0D722883-577B-4CB9-9384-1427564C145F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{2BFAB8BA-EC9C-491F-B161-1691848DE194}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{63103E8E-E66D-44DB-9712-EDCD8BAE1E07}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6A7B85A4-C04D-4F2D-B2C5-93A4FB771AA9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{0E190D16-B6DC-4A58-85DD-08A1A34FE911}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{8D8884F6-2DCC-46C0-A3CC-8FD0C2254E9D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{976546B2-086C-49D0-98E1-10E5E6C27E83}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{9E2DBFBC-B33C-4915-930A-5E19C2F3BDD8}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"sp6" = Logitech SetPoint 6.20
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{177148D6-71EB-4CD7-AADC-DCCA82800484}" = pCon.update DataClient 1.6.1 Patch 1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43DD5E98-BC5E-4A4C-B2D0-4107A643AE68}" = pCon.configurator Version 5.7 Patch 2
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{63957E05-BE20-4246-8E0A-2FC52FBC21B6}" = pCon.update Migration 1.4.3
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C6D541F-0B95-471E-B058-489620E682AF}" = pCon.planner Version 5.7 Patch 2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9AD14C90-4368-4774-811B-DD40A977B242}" = pCon.basket 1.8
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A237B036-EC82-468C-B7A6-982CC615A31D}" = pCon.basket Plugin ReportManager 2.8.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E566AA73-C47D-4535-9E6B-E5EF1BBA11D0}" = pCon.planner 6.4 ME
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED1B69CE-EB7B-429C-AF45-FD01918CEF79}_is1" = 3d office Version 5.4 SP6a
"{EDEF5AA2-C07D-4536-BA39-1A16A999C735}" = EGR-LicenseClient 1.1.6
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASUS_Screensaver" = ASUS_Screensaver
"BacklinkChecker" = BacklinkChecker 0.1.14.0
"CamStudio" = CamStudio
"DirSync" = DirSync 2.93
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exifer_is1" = Exifer
"FBDBServer_2_0_is1" = Firebird 2.0.0
"FormatFactory" = FormatFactory 2.60
"FotoBeschriften" = FotoBeschriften 4.1.1
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"Glary Utilities_is1" = Glary Utilities 2.48.0.1568
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Linktausch pro_is1" = Linktausch pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MozBackup" = MozBackup 1.4.10
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Paper 2 DXF 2" = Paper 2 DXF 2
"pCon.planner 6.4 ME" = pCon.planner 6.4 ME
"Picasa 3" = Picasa 3
"TeamViewer 7" = TeamViewer 7
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1190083139-4152234109-3363923291-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"FoxTab PDF Converter" = FoxTab PDF Converter
"FoxTab PDF Creator" = FoxTab PDF Creator
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2012 07:01:29 | Computer Name = ***-Laptop | Source = System Restore | ID = 8193
Description =
Error - 24.08.2012 07:22:54 | Computer Name = ***-Laptop | Source = System Restore | ID = 8193
Description =
Error - 25.08.2012 00:09:27 | Computer Name = ***-Laptop | Source = System Restore | ID = 8193
Description =
Error - 25.08.2012 05:19:02 | Computer Name = ***-Laptop | Source = System Restore | ID = 8193
Description =
Error - 25.08.2012 16:16:32 | Computer Name = ***-Laptop | Source = System Restore | ID = 8210
Description =
Error - 25.08.2012 16:29:37 | Computer Name = ***-Laptop | Source = System Restore | ID = 8210
Description =
Error - 26.08.2012 02:03:08 | Computer Name = ***-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fed2526 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xe06d7363 Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0xe48 Startzeit der fehlerhaften Anwendung: 0x01cd834ea1ea50a0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: b4c6eb00-ef43-11e1-85fb-e0cb4e820c95
Error - 26.08.2012 02:05:26 | Computer Name = ***-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fed2526 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e21213c Ausnahmecode: 0xe06d7363 Fehleroffset: 0x000000000000cacd
ID
des fehlerhaften Prozesses: 0x1048 Startzeit der fehlerhaften Anwendung: 0x01cd83509ff688e8
Pfad
der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 070f18b0-ef44-11e1-85fb-e0cb4e820c95
Error - 26.08.2012 03:40:58 | Computer Name = ***-Laptop | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.59.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: a20 Startzeit:
01cd835b2aa10270 Endzeit: 15 Anwendungspfad: C:\Users\***\Downloads\OTL.exe Berichts-ID:
55867491-ef51-11e1-85fb-e0cb4e820c95
Error - 27.08.2012 07:31:22 | Computer Name = ***-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel:
0x4626b2f4 Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4f2a7b96 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6f4aceee ID des fehlerhaften
Prozesses: 0x83c Startzeit der fehlerhaften Anwendung: 0x01cd84475e212782 Pfad der
fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{49EE5D43-3AF7-434C-B598-C470D1E14604}\ICQ7.exe
Pfad
des fehlerhaften Moduls: MoveIt.dll Berichtskennung: b9f9c1c2-f03a-11e1-8182-e0cb4e820c95
[ OSession Events ]
Error - 14.12.2010 03:01:19 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2010 01:45:10 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.02.2011 05:43:53 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.03.2011 06:38:39 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.05.2011 10:21:28 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.05.2011 10:23:08 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.05.2011 10:14:37 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.05.2011 09:42:54 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.07.2011 12:42:58 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.12.2011 05:26:41 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.08.2012 04:10:14 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 26.08.2012 05:04:17 | Computer Name = ***-Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\C259.tmp
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 26.08.2012 05:04:17 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 26.08.2012 05:21:07 | Computer Name = ***-Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\C259.tmp
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 26.08.2012 05:21:07 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error - 26.08.2012 16:34:13 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?08.?2012 um 22:32:41 unerwartet heruntergefahren.
Error - 27.08.2012 01:34:00 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2012 um 01:11:20 unerwartet heruntergefahren.
Error - 27.08.2012 07:36:05 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2012 um 13:34:50 unerwartet heruntergefahren.
Error - 27.08.2012 10:09:11 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2012 um 16:07:59 unerwartet heruntergefahren.
Error - 27.08.2012 10:57:46 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2012 um 16:55:02 unerwartet heruntergefahren.
< End of report >
[/CODE] Falls noch Infos fehlen bitte melden. Wäre toll wenn mir einer helfen könnte. LG Geändert von fillini (27.08.2012 um 17:08 Uhr) Grund: Hinweis auf Defogger |
|
27.08.2012, 18:46
| #2 |
| /// Malware-holic   | Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012.08.25 14:28:27 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\migwizo.dll
[2012.08.25 14:28:27 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\Rqomy.job
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: File-Upload.net - GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten.
__________________ |
|
27.08.2012, 20:01
| #3 |
| /// Malware-holic | Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten danke fürs hochladen, jetzt noch den inhalt der getinfo.txt posten
__________________
__________________ |
|
27.08.2012, 20:15
| #4 |
| /// Malware-holic | Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten nachfragen bitte hier im forum stellen versuche mal das angehangene getinfo.rar archiv, entpacken, getinfo.exe wie oben beschrieben ausführen und log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.08.2012, 20:21
| #5 |
| | Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten OK..so schein es geklappt zu haben: Code:
ATTFilter System volume information: dwHighDateTime = 0x1ca9252,dwLowDateTime = 0x5eec6260
System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0xe05dba60
|
|
27.08.2012, 20:34
| #6 |
| /// Malware-holic | Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten sehr gut lade 7zip 7-Zip instalieren, neustarten gehe auf start, ausführen, tippe regedit.exe enter klappe auf der linken seite alles zu dann auf datei, exportieren. suche einen ordner, den du leicht wiederfindest (zb desktop) und vergib einen namen, den du leicht findest. regedit schließen dann rechtsklick auf die neue datei, 7zip menü aufklappen, zu einem archiv hinzufügen wählen. einstellungen: format, 7z kompressionsstärke, ultra. verfahren: lzma2 wörterbuchgröße: 64 mb wortgröße: 273 größe solider blöcke: solide klicke ok. lade das neue 7z archiv bei: File-Upload.net - Ihr kostenloser File Hoster! hoch, sende mir den download link als private nachicht.
__________________ --> Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten |
|
27.08.2012, 21:07
| #7 |
| /// Malware-holic | Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten danke fürs hochladen Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.08.2012, 08:13
| #8 |
| | Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten Hallo Markusg (und das ganze Trojanerboerdteam), ich wollte mich auf diesem Wegen ganz ganz herzlich bei Dir bedanken. Ich hätte nicht gedacht, das man meinen Laptop nochmal "retten kann". Dank Eurer Hilfe und deinen verständlichen Anweisungen ist es DIR gelungen, das mein Laptop wieder richtung funktioniert (ist glaube ich ganz gut so, das ich quasi garnix verstanden habe was mein Laptop so mit deinen Anweisungen so gemacht hat :-)) Kann diesen Service nur weiter empfehlen und sagen macht bitte weiter so. Vielen vielen Dank Fillini |
|
| Themen zu Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten |
| avp.exe, bho, browser, converter, desktop, error, excel, firefox, flash player, gfnexsrv.exe, google, google earth, helper, home, homepage, iexplore.exe, install.exe, kaspersky, lightning, logfile, mozilla, office 2007, origin, plug-in, popup, realtek, registry, security, server, sicherheitscenter aktivieren, sketchup, software, svchost.exe, tarma, tastatur, usb 2.0, windows, yontoo |
Linear-Darstellung
