| |
| |||||||
Log-Analyse und Auswertung: Website kann nicht geöffnet werden TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.10.2012, 07:59
| #1 |
| |  Website kann nicht geöffnet werden Trojaner Hallo, Hab mir im Netzt wohl was eingefangen habe das Problem das mein PC nach dem hochfahren nur einen weißen Bildschirm mit " die Website kann nicht angezeit werden" anzeigt. Der Taskmanager funktioniert leider nicht. Wer kann mir helfen ?? Habe schon einen vollständigen scan mit Malwarebytes gemacht. Hier die Logs Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.01.03 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Matthias Schürmann :: MATTHIASSCHÜRMA [limitiert] Schutz: Deaktiviert 01.10.2012 15:15:47 mbam-log-2012-10-01 (15-15-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 178064 Laufzeit: 4 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 11 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\hblitesa (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 2ter Log Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.01.03 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Matthias Schürmann :: MATTHIASSCHÜRMA [limitiert] Schutz: Deaktiviert 01.10.2012 20:32:00 mbam-log-2012-10-01 (20-32-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 432196 Laufzeit: 1 Stunde(n), 8 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Löschen bei Neustart. C:\Users\Matthias Schürmann\AppData\Local\VirtualStore\Program Files (x86)\Registry Victor\RegistryVictor.bak (Rogue.RegistryVictor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Matthias Schürmann\AppData\LocalLow\FunWebProducts\Installr\Cache\0194F56D.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\emule incoming\MyWebFace.exe (PUP.FunWebProducts) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\emule incoming\SoftonicDownloader_fuer_magix-music-maker(1).exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\emule incoming\SoftonicDownloader_fuer_openoffice.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 3ter Log 2012/10/01 15:10:33 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Executing scheduled update: Daily 2012/10/01 15:10:34 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Database already up-to-date 2012/10/01 15:10:41 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Starting protection 2012/10/01 15:10:41 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Protection started successfully 2012/10/01 15:10:41 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Starting IP protection 2012/10/01 15:10:43 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE IP Protection started successfully 2012/10/01 15:46:26 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Starting protection 2012/10/01 15:46:27 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Protection started successfully 2012/10/01 15:46:27 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Starting IP protection 2012/10/01 15:46:32 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE IP Protection started successfully 4ter Log 2012/10/02 08:37:13 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Starting protection 2012/10/02 08:37:13 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Protection started successfully 2012/10/02 08:37:13 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE Starting IP protection 2012/10/02 08:37:17 +0200 MATTHIASSCHÜRMA Matthias Schürmann MESSAGE IP Protection started successfully |
|
02.10.2012, 14:31
| #2 |
| /// TB-Ausbilder   | Website kann nicht geöffnet werden Trojaner Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Hinweis: Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Alle Schritte bitte im abgesicherten Modus mit Netzwerkunterstützung durchführen! Schritt 1 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
03.10.2012, 18:19
| #3 |
| | Website kann nicht geöffnet werden Trojaner Hallo Matthias,
__________________vielen Dank für Deine schnelle Antwort. Als ich vorhin mein PC angeschaltet habe konnte ich nicht mehr in den abgesicherten Modus gehen. Windows hat sich dann repariert bzw. wiederhergestellt. Ich kann jetzt ohne Probleme wieder alles nutzen und Daten sind auch nicht verloren gegangen.Bin ich jetzt wieder clean ?? Oder soll ich die von Dir aufgeführten Schritte trotzdem durchführen. lg Maddes82 |
|
03.10.2012, 18:32
| #4 |
| /// TB-Ausbilder | Website kann nicht geöffnet werden Trojaner Servus, ob du sauber bist, kann ich dir ohne Logdateien nicht sagen. Daher schlage ich vor, dass du meine Schritte durchführst.  Wenn du der Meinung bist, dass du meine Hilfe nicht mehr benötigst, dann gib mir bitte dennoch kurz Bescheid, damit ich das Thema hier aus meinen Abos löschen kann. Vielen Dank.  |
|
04.10.2012, 16:37
| #5 |
| | Website kann nicht geöffnet werden Trojaner Hi Matthias, so hier die Auswertungen von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 10/3/2012 7:12:49 PM - Run 1 OTL by OldTimer - Version 3.2.70.1 Folder = I:\emule incoming 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.87 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 57.75% Memory free 7.75 Gb Paging File | 6.05 Gb Available in Paging File | 78.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 230.88 Gb Total Space | 102.88 Gb Free Space | 44.56% Space Free | Partition Type: NTFS Drive H: | 465.65 Gb Total Space | 11.84 Gb Free Space | 2.54% Space Free | Partition Type: FAT32 Drive I: | 931.51 Gb Total Space | 483.75 Gb Free Space | 51.93% Space Free | Partition Type: NTFS Computer Name: MATTHIASSCHÜRMA | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/03 19:12:04 | 000,600,064 | ---- | M] (OldTimer Tools) -- I:\emule incoming\OTL.exe PRC - [2012/07/19 14:41:52 | 001,200,752 | ---- | M] (SPAMfighter) -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe PRC - [2012/07/19 13:59:12 | 000,815,680 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe PRC - [2012/07/19 13:59:12 | 000,236,320 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe PRC - [2012/07/03 14:40:34 | 001,454,184 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe PRC - [2012/01/23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe PRC - [2011/12/14 16:51:46 | 001,398,440 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/12/06 12:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe PRC - [2011/10/25 17:36:16 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE PRC - [2011/10/25 17:36:16 | 000,034,320 | ---- | M] (MyWebSearch.com) -- C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe PRC - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/12/28 21:36:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010/01/15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe PRC - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010/12/28 21:36:56 | 001,017,304 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010/10/20 17:08:14 | 000,122,720 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\OUTLCTL.DLL MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll MOD - [2009/02/20 06:53:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/07/19 13:59:12 | 000,815,680 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service) SRV - [2012/07/19 13:59:12 | 000,236,320 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service) SRV - [2012/01/23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service) SRV - [2011/10/25 17:36:16 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe -- (MyWebSearchService) SRV - [2011/06/08 14:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/04/01 12:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/28 12:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007/05/28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/19 13:59:12 | 000,013,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avfsfilter.sys -- (AVFSFilter) DRV:64bit: - [2012/06/26 21:38:28 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/11/24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011/08/17 10:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011/08/17 10:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011/08/17 10:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011/08/17 10:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/11/06 17:38:13 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2010/11/06 17:38:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2010/10/15 09:28:29 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010/10/14 15:21:40 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/02/24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2010/01/08 12:12:23 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009/11/05 23:15:00 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/08/13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/08/28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{37A569CB-59E6-4BAD-9636-BE37CB634E5B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{35AE05E3-4DE6-4D90-B90F-641BFE889C50}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Fujitsu Technology Solutions IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectd [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=d606761600000000000000199987c22b IE - HKCU\..\SearchScopes\{71EB228F-C714-4EA9-917C-2A3FC076895A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=f8b58e9f-ef3c-4346-814a-c39b138ffb41&apn_sauid=2C5FF117-46C9-4A92-8B30-FDF13BA5C3D7 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions [2012/10/03 19:46:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.329.0\firefox\extensions FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2012/10/03 19:46:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/21 10:02:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/21 10:02:07 | 000,000,000 | ---D | M] [2012/02/29 21:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2012/06/10 13:16:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010/09/30 18:28:16 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/10/01 17:59:41 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011/07/27 19:12:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012/01/07 10:08:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010/09/14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/02/29 21:01:59 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2010/09/14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010/09/14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/23 15:13:53 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src [2011/10/13 13:53:24 | 000,002,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2010/09/14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/09/14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com) O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Matthias Schürmann\AppData\Roaming\toolplugin\toolbar.dll File not found O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Program Files (x86)\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h File not found O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe (MyWebSearch.com) O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swprotray.exe (SPAMfighter) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.118 195.50.140.248 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C91BAF4-568C-4186-9B75-059C5292195A}: DhcpNameServer = 195.50.140.118 195.50.140.248 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5B92624-AE68-4BE5-80BD-93F87248383E}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\progra~2\wi3c8a~1\datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\iebho.dll) - c:\progra~2\wi3c8a~1\datamngr\iebho.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{794c6174-cc7c-11df-8443-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{794c6174-cc7c-11df-8443-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{794c6174-cc7c-11df-8443-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE O33 - MountPoints2\{794c6174-cc7c-11df-8443-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/10/01 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2012/10/01 14:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/10/01 14:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/10/01 14:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/10/01 14:38:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/10/01 14:38:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\MFAData [2012/10/01 14:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/10/01 14:38:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013 [2012/10/01 14:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\vllboijbcbupdfm [2012/09/27 09:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012/09/27 09:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center [2012/09/27 08:32:46 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012/09/22 05:34:42 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/09/22 05:34:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/09/22 05:34:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/09/22 05:34:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/09/22 05:34:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/09/22 05:34:36 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/09/22 05:34:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/09/21 10:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012/09/21 10:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/09/21 10:20:02 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012/09/21 10:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/09/21 10:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/09/21 10:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/09/21 10:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/09/21 10:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/09/21 10:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012/09/12 07:34:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012/09/12 07:34:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012/09/12 07:34:32 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012/09/12 07:34:32 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2012/05/31 14:34:15 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/03 18:55:41 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/03 18:55:41 | 000,009,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/03 18:54:37 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/10/03 18:54:32 | 000,707,316 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/10/03 18:54:32 | 000,660,934 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/10/03 18:54:32 | 000,152,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/10/03 18:54:32 | 000,125,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/10/03 18:47:44 | 000,515,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/10/03 18:47:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/10/03 18:47:27 | 3120,254,976 | -HS- | M] () -- C:\hiberfil.sys [2012/10/01 14:07:24 | 000,076,350 | ---- | M] () -- C:\ProgramData\opbgbvrokozaaqq [2012/09/29 21:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\Registry Victor Schedule.job [2012/09/28 19:14:18 | 001,648,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/09/27 09:05:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf [2012/09/27 08:41:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64k_01009.Wdf [2012/09/27 08:40:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2012/09/23 16:01:20 | 000,001,263 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk [2012/09/21 10:20:08 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/21 10:07:52 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/09/21 10:02:03 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/01 14:05:17 | 000,076,350 | ---- | C] () -- C:\ProgramData\opbgbvrokozaaqq [2012/09/27 09:05:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf [2012/09/27 08:41:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64k_01009.Wdf [2012/09/27 08:40:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf [2012/09/21 10:20:08 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/21 10:02:03 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/06/28 19:22:25 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_0_00_re.pad [2011/07/19 22:33:54 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2010/12/31 13:27:27 | 000,000,096 | ---- | C] () -- C:\Windows\DMI.INI [2010/12/17 09:33:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010/11/10 22:01:31 | 001,625,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/14 15:04:13 | 000,001,000 | -H-- | C] () -- C:\Windows\Brpfx04a.ini [2010/10/14 15:04:13 | 000,000,173 | -H-- | C] () -- C:\Windows\brpcfx.ini [2010/10/07 07:46:27 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/10/07 07:46:26 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll ========== ZeroAccess Check ========== [2011/11/17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Matthias Schürmann\AppData\Local\{817e791e-792d-76c7-dce0-b40193e4a772}\L [2012/08/17 12:58:27 | 000,000,000 | -HSD | M] -- C:\Users\Matthias Schürmann\AppData\Local\{817e791e-792d-76c7-dce0-b40193e4a772}\U [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FB1B13D8 < End of report > und nocht der extra report...OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10/3/2012 7:12:49 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = I:\emule incoming
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.87 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 57.75% Memory free
7.75 Gb Paging File | 6.05 Gb Available in Paging File | 78.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 230.88 Gb Total Space | 102.88 Gb Free Space | 44.56% Space Free | Partition Type: NTFS
Drive H: | 465.65 Gb Total Space | 11.84 Gb Free Space | 2.54% Space Free | Partition Type: FAT32
Drive I: | 931.51 Gb Total Space | 483.75 Gb Free Space | 51.93% Space Free | Partition Type: NTFS
Computer Name: MATTHIASSCHÜRMA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04CC684C-6312-4C87-B5D9-435B563A50BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{05A0314C-A974-4983-A6E4-9971644E04AA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{18D5C281-6B67-42F3-B11B-BB77A8A5204B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37D05398-35DF-420F-94F9-DBC5CF37B8E7}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A9DC0EC-6DF6-4F61-9A05-773A19D70997}" = lport=139 | protocol=6 | dir=in | app=system |
"{3EE709F4-F7B4-4E36-B43E-60CF26D60AC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{431E3D8F-DCFA-4099-A0A9-98C7CCD36D97}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{510CCB42-4A37-4F5C-8B17-6DF58D0C5C9F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53055B4C-3E74-4A70-AF87-8B7ACF64B9E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E574263-C315-401C-B896-CB9D29FC5366}" = rport=139 | protocol=6 | dir=out | app=system |
"{622A6717-256A-487B-B638-F4F21A1DEDED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8AFF3AA7-E7BD-4999-8048-8D979840B7B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8DF1C997-3DE6-4ADF-9789-521862274BCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93F3155F-03E4-4113-AB8C-08503A5B2155}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{945A0BFA-FD17-4E4C-B5CF-325E731AF6A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98599A5E-3B75-43C0-B2C7-DD2A0010C22C}" = lport=137 | protocol=17 | dir=in | app=system |
"{AF03F357-256C-4AA7-8A65-371B21866ED5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BC1CFAA4-4B7C-4FDA-A777-966318063024}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C0001F6F-94BE-4EC2-88FD-516A66CB524F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C308BF20-B010-47DF-BBE0-EBEEEF87F75D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C9096A59-6691-4A60-A10D-82D1F5544272}" = rport=445 | protocol=6 | dir=out | app=system |
"{CCBCABF0-7AA7-4FDF-8E4D-0C88103368B5}" = lport=445 | protocol=6 | dir=in | app=system |
"{D014B4A9-3A0E-4F57-A868-C05392AFC04F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D071C2B4-2492-44FD-B922-1E49F15AC835}" = rport=137 | protocol=17 | dir=out | app=system |
"{D431EB84-E308-44AE-B773-696AA500144F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E77950C1-72CD-4230-A77D-4DB9B6191BDA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED8A80CB-A376-42F1-9A2F-53561763BED5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE1515B3-2DB3-4391-8302-6B2FC5F24407}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4BACF0A-EA3A-4E8C-87C6-2C0420F51C38}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FEA7492E-CBC0-48EF-B12B-0AAD8705F2C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A4C987-ACD2-4759-9805-E904EB3AD72A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0A673761-0567-4C59-8101-A837E7B150DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{157BAF88-A77B-4770-ADB5-79AAA1727FB8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2051209D-7ACE-4123-8A28-93AAC01B6FB5}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{2122F424-761D-4212-868A-CC169516C7D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{23118412-F648-4B64-88F4-FE85AA2F5D07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DBDF3D1-704C-42FA-8EA3-FC992510455F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{382FBFD3-7A4C-49E2-B16B-DF3A13726CBC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3C8ED06E-AFD1-451A-B6A3-8A752562526E}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{593657E8-869E-43AC-83CF-3269B41A3F2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5DD3924F-11A0-4B52-A23A-B45E4654DA4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67D6DFDC-249C-4035-9086-4D7F9D834DC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7400BA64-A3F5-47AF-AA73-A84026FDEF87}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79E416C4-FA6C-4427-AAFF-5087DAFF26CE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{81845CC3-8E02-4BB4-9377-138724C456E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{875BB083-9047-4F7C-9A70-FABF9244B993}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{8B21A8B2-DE0F-467B-87B3-18B95D9D7D2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E421801-05B2-4339-AC1A-CC7860823AC1}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{90C8FA64-CDD6-4A58-B763-CD040201118B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9DD201C5-8D1C-47DF-8E8A-B235F717B86F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A0953D0D-1D7C-4063-8D2D-94E5EA40A158}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A9903D4F-AEEA-4611-9491-870A14851763}" = protocol=6 | dir=out | app=system |
"{B8DCB6B9-7038-4690-8599-7D07ECAED92D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B90F9FA8-B880-4393-AB19-919A16C3A9DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB5FCE3B-352F-446A-8F71-3FD59D2D1161}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BCEE33D3-94AA-452E-AEFC-BD405606EA33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C528E010-DAE8-4923-BA95-9C7D541EC12E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C7B28566-2D61-4C86-88C1-12F3E617CAEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7DA4EEE-8D86-4491-A924-698BCB364329}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA3E56B1-356C-41CC-88EE-BD9E19E237D6}" = protocol=17 | dir=in | app=c:\users\matthias schürmann\appdata\roaming\dropbox\bin\dropbox.exe |
"{DFC89B64-0D42-45F3-8CBC-CD4789DE7359}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E2231992-1B86-4CA4-BEE8-DB7D238D8288}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E935EA29-63D6-4B97-B980-96B74A655FF0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF55B724-7258-4B0B-BC67-86218FD6DF59}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EF93E16A-E880-4C61-B3A4-268CFED61BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{F756AD88-57BE-4E74-9D8B-FCABAC31B6C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9D2E879-AA0A-4BA1-BF49-B45CDD22ACE8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FC095E07-F1A3-46E8-A6E1-814449E45F11}" = protocol=6 | dir=in | app=c:\users\matthias schürmann\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{166FA806-43C8-469E-895C-064866BC082E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{3D0A00FA-AFDB-451C-9FB4-D71A7BDFD65F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{66259CDA-5402-4A62-87D3-522F66414713}C:\users\matthias schürmann\desktop\eigene dateien\dreamboxtools.v4.0\dcce2_120\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\matthias schürmann\desktop\eigene dateien\dreamboxtools.v4.0\dcce2_120\dcc_e2.exe |
"TCP Query User{77FE1116-9BD6-4351-8763-0DF39334C059}C:\users\matthias schürmann\appdata\roaming\raamb\ywku.exe" = protocol=6 | dir=in | app=c:\users\matthias schürmann\appdata\roaming\raamb\ywku.exe |
"TCP Query User{7E78AA18-1B02-4D91-AA7B-5583219ACFF4}C:\users\matthias schürmann\desktop\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\matthias schürmann\desktop\dcc_e2.exe |
"TCP Query User{C0898468-5D7D-468E-AD5A-2801CEA8A9AE}C:\users\matthias schürmann\desktop\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\matthias schürmann\desktop\dcc_e2.exe |
"TCP Query User{DC03E931-3171-40EB-B12E-7248B64BDAC6}C:\users\matthias schürmann\desktop\eigene dateien\dcc.exe" = protocol=6 | dir=in | app=c:\users\matthias schürmann\desktop\eigene dateien\dcc.exe |
"TCP Query User{FD731017-03F9-4DB0-BA14-C40B28BE6264}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3882F1E8-FB86-4235-B097-B6EEB7EB5431}C:\users\matthias schürmann\desktop\eigene dateien\dcc.exe" = protocol=17 | dir=in | app=c:\users\matthias schürmann\desktop\eigene dateien\dcc.exe |
"UDP Query User{3F759BF2-04B7-4AF3-A450-396B6E38039E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3F9D9AB8-E8D8-4B59-BB3D-4A973843A535}C:\users\matthias schürmann\desktop\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\matthias schürmann\desktop\dcc_e2.exe |
"UDP Query User{A40B29D0-912F-4D83-8816-07E5BB1C810D}C:\users\matthias schürmann\appdata\roaming\raamb\ywku.exe" = protocol=17 | dir=in | app=c:\users\matthias schürmann\appdata\roaming\raamb\ywku.exe |
"UDP Query User{AA23879A-BE38-4D2C-947B-1FBA1E1F4BB2}C:\users\matthias schürmann\desktop\eigene dateien\dreamboxtools.v4.0\dcce2_120\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\matthias schürmann\desktop\eigene dateien\dreamboxtools.v4.0\dcce2_120\dcc_e2.exe |
"UDP Query User{B0389E74-E259-438E-A50A-02F6163F879A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CA78B3B8-5D2D-4B03-AB2C-5A93A3CE5896}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{CA7B56C1-270C-444F-856F-225F4515B885}C:\users\matthias schürmann\desktop\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\matthias schürmann\desktop\dcc_e2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft-Maus- und Tastatur-Center
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A89364A-98BC-42AD-87DD-25BFE7C39EAC}" = MAGIX Screenshare
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{62BC153C-A6E8-4A71-AC67-F6DD1C6FCAE5}" = MAGIX Fotos auf CD & DVD 10 Download-Version
"{6327A158-4E59-4E01-8E41-F325D3D4BAA0}" = MAGIX Speed burnR (MSI)
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735AA36F-9A9E-477B-BC74-9E6AF1A8A6D8}" = MAGIX Music Maker MX Premium Download-Version
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite MFC-235C
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B28B351F-1232-46EA-85EF-B8EA91641031}" = Nero 7 Essentials
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C94D8D0D-BD0D-4FDC-BF24-90D9C2509F6F}" = MAGIX Foto Manager 10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDFA843-55F4-4469-AA44-B14768FAF153}" = Fighters
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{EFBE9C17-FD67-41AF-B4BE-4D44CA689549}" = MAGIX Online Druck Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FE5531D5-7828-4463-907F-21B6DE9AADEA}" = proWIN Office
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alamandi" = Alamandi
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.1.0
"Any Video Converter_is1" = Any Video Converter 3.3.7
"Audiograbber" = Audiograbber 1.83 SE
"AviSynth" = AviSynth 2.5
"BabylonToolbar" = Babylon toolbar on IE
"conduitEngine" = Conduit Engine
"DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"FirstloadIkarus" = Firstload Ikarus
"FormatFactory" = FormatFactory 2.60
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Free YouTube Download_is1" = Free YouTube Download version 3.1.27.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.20.423
"hotpot_is1" = HotPotatoes v 6.3.0.4
"iLivid" = iLivid
"ImTOO iPhone Ringtone Maker" = ImTOO iPhone Ringtone Maker
"JDownloader" = JDownloader
"LBT Kindergarten-Abenteuer" = LBT Kindergarten-Abenteuer
"MAGIX Music Maker 16 Download-Version D" = MAGIX Music Maker 16 Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_Fotos_auf_CD_DVD_10" = MAGIX Fotos auf CD & DVD 10 Download-Version
"MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium Download-Version
"McAfee Security Scan" = McAfee Security Scan Plus
"mediAvatar HD Video Converter" = mediAvatar HD Video Converter
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyWebSearch bar Uninstall" = My Web Search (MyWebFace)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PQ_DVD_to_iPod_Video_Suite" = PQ DVD to iPod Video Suite (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"Registry Victor_is1" = Registry Victor 5.4
"Revo Uninstaller" = Revo Uninstaller 1.93
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"Softonic_Deutsch_FF Toolbar" = Softonic Deutsch FF Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"SPYWAREfighter" = SPYWAREfighter
"toolplugin" = toolplugin
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Usenet.nl_is1" = Usenet.nl
"Videora iPod Converter" = Videora iPod Converter 5
"Videora iPod touch Converter" = Videora iPod touch Converter 6
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"Xilisoft iPhone Klingelton Maker" = Xilisoft iPhone Klingelton Maker
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YouTube Downloader App" = YouTube Downloader App 2.00
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/9/2012 7:34:47 PM | Computer Name = MatthiasSchürma | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/9/2012 7:34:47 PM | Computer Name = MatthiasSchürma | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5460
Error - 1/9/2012 7:34:47 PM | Computer Name = MatthiasSchürma | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5460
Error - 1/9/2012 7:34:48 PM | Computer Name = MatthiasSchürma | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/9/2012 7:34:48 PM | Computer Name = MatthiasSchürma | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6459
Error - 1/9/2012 7:34:48 PM | Computer Name = MatthiasSchürma | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6459
Error - 1/10/2012 10:11:58 AM | Computer Name = MatthiasSchürma | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 1/10/2012 10:14:14 AM | Computer Name = MatthiasSchürma | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 1/11/2012 7:31:46 PM | Computer Name = MatthiasSchürma | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 1/11/2012 7:33:53 PM | Computer Name = MatthiasSchürma | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 11/27/2010 11:05:58 AM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 16:05:56 - Fehler beim Herstellen der Internetverbindung. 16:05:56
- Serververbindung konnte nicht hergestellt werden..
Error - 11/28/2010 11:01:42 AM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 16:01:42 - Fehler beim Herstellen der Internetverbindung. 16:01:42
- Serververbindung konnte nicht hergestellt werden..
Error - 11/28/2010 11:01:50 AM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 16:01:47 - Fehler beim Herstellen der Internetverbindung. 16:01:47
- Serververbindung konnte nicht hergestellt werden..
Error - 11/28/2010 12:01:55 PM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 17:01:55 - Fehler beim Herstellen der Internetverbindung. 17:01:55
- Serververbindung konnte nicht hergestellt werden..
Error - 11/28/2010 12:02:01 PM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 17:02:00 - Fehler beim Herstellen der Internetverbindung. 17:02:00
- Serververbindung konnte nicht hergestellt werden..
Error - 11/28/2010 10:38:14 PM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 03:38:13 - Fehler beim Herstellen der Internetverbindung. 03:38:13
- Serververbindung konnte nicht hergestellt werden..
Error - 11/28/2010 11:40:37 PM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 04:40:36 - Fehler beim Herstellen der Internetverbindung. 04:40:36
- Serververbindung konnte nicht hergestellt werden..
Error - 11/29/2010 12:40:42 AM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 05:40:41 - Fehler beim Herstellen der Internetverbindung. 05:40:41
- Serververbindung konnte nicht hergestellt werden..
Error - 11/29/2010 1:40:47 AM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 06:40:46 - Fehler beim Herstellen der Internetverbindung. 06:40:46
- Serververbindung konnte nicht hergestellt werden..
Error - 11/30/2010 11:59:07 AM | Computer Name = MatthiasSchürma | Source = MCUpdate | ID = 0
Description = 16:59:00 - Fehler beim Herstellen der Internetverbindung. 16:59:00
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 10/2/2012 2:49:05 AM | Computer Name = MatthiasSchürma | Source = DCOM | ID = 10005
Description =
Error - 10/2/2012 2:49:06 AM | Computer Name = MatthiasSchürma | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.137.802.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8800.0 Fehlercode:
0x8007043c Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet
werden.
Error - 10/2/2012 2:52:45 AM | Computer Name = MatthiasSchürma | Source = DCOM | ID = 10005
Description =
Error - 10/2/2012 2:52:45 AM | Computer Name = MatthiasSchürma | Source = DCOM | ID = 10005
Description =
Error - 10/3/2012 12:48:24 PM | Computer Name = MATTHIASSCHÜRMA | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen. Versuchte
Signaturen: %%824 Fehlercode: 0x80070002 Fehlerbeschreibung: Das System kann die
angegebene Datei nicht finden. Signaturversion: 1.137.787.0;1.137.787.0 Modulversion:
1.1.8800.0
Error - 10/3/2012 1:11:12 PM | Computer Name = MatthiasSchürma | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 10/3/2012 1:11:40 PM | Computer Name = MatthiasSchürma | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 10/3/2012 1:12:26 PM | Computer Name = MatthiasSchürma | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 10/3/2012 1:20:28 PM | Computer Name = MatthiasSchürma | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 10/3/2012 1:22:37 PM | Computer Name = MatthiasSchürma | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
< End of report >
|
|
04.10.2012, 16:55
| #6 |
| /// TB-Ausbilder | Website kann nicht geöffnet werden Trojaner Servus, führe bitte die Schritte 2, 3 und 4 meiner letzten Antwort durch und poste davon ebenfalls die Logdateien. Danach sehen wir weiter. |
|
05.10.2012, 10:38
| #7 |
| | Website kann nicht geöffnet werden Trojaner Hi.. Schritt 2 hab ich gemacht,bei Schritt drei stürtzt mein PC ab. DAs Ergebnis von Schritt 4 siehe Anhang |
|
05.10.2012, 14:47
| #8 | |
| /// TB-Ausbilder | Website kann nicht geöffnet werden Trojaner Servus, Schritt 1
Schritt 2 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Bitte poste mit deiner nächsten Antwort
|
|
08.10.2012, 13:33
| #9 |
| /// TB-Ausbilder | Website kann nicht geöffnet werden Trojaner Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu Website kann nicht geöffnet werden Trojaner |
| anti-malware, appdata, autostart, cache, dateien, explorer, files, funktioniert, gelöscht, hochfahren, löschen, malwarebytes, microsoft, problem, quarantäne, registry, scan, service, software, speicher, taskmanager, test, trojaner, update, version |
Textbox.
Linear-Darstellung
