| |
| |||||||
Log-Analyse und Auswertung: Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.10.2012, 18:09
| #1 |
 |  Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? Hallo zusammen, ich habe leider den Fehler begangen, eine verseuchte PDF-Datei einer Fake Mail in Thunderbird zu öffnen. Der Absender war "rechnungsstelle@1und1.de" mit dem Betreff "Ihre Rechnung vom...". Ich bin u.a. darauf reingefallen, weil mein vollständiger Name bei der Anrede genannt wurde. Nach einiger Recherche vermute ich, dass meine Daten bei home24.de abgegriffen wurden, da zahlreiche User, die dort ebenfalls kürzlich bestellt hatten, ebenfalls betroffen waren. Kaspersky schlug an und verschob drei Dateien in Quarantäne, die mit "Exploit.JS.pdfka.ggb" gekennzeichnet wurden. Meine Frage lautet daher: Hat Kaspersky den Angriff abgewehrt oder kann sich trotzdem etwas eingenistet haben? Vielen Dank für die Hilfe im Voraus. Hier die Codes: Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 AnonsDesktop :: ANONSDESKTOP-PC [Administrator] Schutz: Aktiviert 19.10.2012 18:13:27 mbam-log-2012-10-19 (18-13-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Z:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 388030 Laufzeit: 32 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 19.10.2012 18:56:41 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AnonsDesktop\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 12,20 Gb Available Physical Memory | 76,33% Memory free 31,96 Gb Paging File | 27,91 Gb Available in Paging File | 87,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1853,25 Gb Total Space | 1758,39 Gb Free Space | 94,88% Space Free | Partition Type: NTFS Drive D: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive M: | 912,45 Gb Total Space | 330,75 Gb Free Space | 36,25% Space Free | Partition Type: NTFS Drive Y: | 912,45 Gb Total Space | 330,75 Gb Free Space | 36,25% Space Free | Partition Type: NTFS Drive Z: | 912,45 Gb Total Space | 330,75 Gb Free Space | 36,25% Space Free | Partition Type: NTFS Computer Name: ANONSDESKTOP-PC | User Name: AnonsDesktop | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.18 21:13:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\AnonsDesktop\Downloads\OTL.exe PRC - [2012.10.14 11:30:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.11 12:22:06 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe PRC - [2012.09.11 12:22:04 | 003,092,200 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe PRC - [2012.09.11 12:22:04 | 001,449,192 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe PRC - [2012.09.07 22:33:13 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.07.16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012.05.30 21:48:11 | 003,491,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2012.04.27 22:25:04 | 001,173,680 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2012.04.27 22:23:54 | 005,924,008 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2012.04.27 22:22:54 | 000,403,656 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2012.04.27 22:22:12 | 005,993,136 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.12.24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe PRC - [2011.08.19 17:35:58 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\prevhost.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.01.27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe PRC - [2008.07.01 04:13:28 | 000,603,448 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\PNAMain.exe ========== Modules (No Company Name) ========== MOD - [2012.10.14 11:30:21 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012.09.11 12:23:34 | 000,033,000 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd MOD - [2012.09.11 12:23:32 | 000,044,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd MOD - [2012.09.11 12:23:30 | 000,057,576 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd MOD - [2012.09.11 12:23:30 | 000,017,128 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd MOD - [2012.09.11 12:23:28 | 000,195,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd MOD - [2012.09.11 12:23:26 | 000,841,448 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd MOD - [2012.09.11 12:23:22 | 000,825,064 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd MOD - [2012.09.11 12:23:22 | 000,049,896 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd MOD - [2012.09.11 12:23:20 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd MOD - [2012.09.11 12:23:16 | 000,365,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd MOD - [2012.09.11 12:23:14 | 000,093,928 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd MOD - [2012.09.11 12:23:10 | 000,590,056 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd MOD - [2012.09.11 12:23:10 | 000,017,128 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd MOD - [2012.09.11 12:23:08 | 000,134,376 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd MOD - [2012.09.11 12:23:04 | 000,141,544 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll MOD - [2012.09.11 12:23:02 | 008,494,824 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll MOD - [2012.09.11 12:23:00 | 000,628,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll MOD - [2012.09.11 12:22:56 | 000,587,080 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll MOD - [2012.09.11 12:22:54 | 000,086,760 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll MOD - [2012.09.11 12:22:52 | 000,150,248 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll MOD - [2012.09.11 12:22:42 | 001,009,896 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll MOD - [2012.09.11 12:22:42 | 000,173,288 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll MOD - [2012.09.11 12:22:36 | 000,063,208 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll MOD - [2012.09.11 12:22:30 | 001,290,984 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll MOD - [2012.09.11 12:22:16 | 000,952,552 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll MOD - [2012.09.11 12:22:14 | 001,038,568 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll MOD - [2012.09.11 12:22:12 | 001,254,672 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll MOD - [2012.09.11 12:22:12 | 000,271,624 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll MOD - [2012.09.11 12:22:10 | 005,827,912 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll MOD - [2012.09.11 12:22:06 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe MOD - [2012.09.07 22:33:13 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.08.31 20:07:48 | 000,015,848 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2native.dll MOD - [2012.04.27 22:21:52 | 013,005,104 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.12.24 12:22:20 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtGui4.dll MOD - [2011.12.24 12:22:20 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtNetwork4.dll MOD - [2011.12.24 12:22:16 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtScript4.dll MOD - [2011.12.24 12:22:16 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtSql4.dll MOD - [2011.12.24 12:22:14 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtDeclarative4.dll MOD - [2011.12.24 12:22:12 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\QtCore4.dll MOD - [2011.12.24 12:21:10 | 000,459,152 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\dblite.dll MOD - [2011.09.05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qgif4.dll MOD - [2011.09.05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\imageformats\qjpeg4.dll MOD - [2009.03.26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2011.09.08 19:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.07 22:33:13 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.30 21:48:11 | 003,491,792 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.05.29 08:37:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.04.27 22:23:54 | 005,924,008 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.04.27 22:23:22 | 001,133,360 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.12.24 12:24:36 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe -- (AVP) SRV - [2011.02.18 08:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe -- (UsbClientService) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.27 16:14:10 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.12.21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\OSFMount\OSFMount.sys -- (OSFMount) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.07.02 12:23:05 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2012.05.30 22:43:54 | 000,639,280 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.05.30 21:48:11 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.05.30 21:48:10 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.05.30 21:48:06 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.05.30 21:48:04 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2012.05.30 21:48:03 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67) DRV:64bit: - [2012.05.30 21:48:02 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.05.30 21:48:02 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012.05.02 01:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012.04.09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.23 23:02:00 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.10.20 11:48:00 | 000,458,032 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.10.20 11:48:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.09.14 11:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.09.08 20:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.19 17:50:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.08.19 17:50:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.04.26 11:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.02.18 08:20:34 | 000,056,160 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\busenum.sys -- (busenum) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.12 00:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010.11.12 00:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010.04.09 15:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.04.07 17:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.03.25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.12.14 12:44:24 | 000,085,048 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec) DRV:64bit: - [2009.12.14 12:44:24 | 000,066,104 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.08.03 12:12:00 | 001,289,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.08.14 14:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv) DRV:64bit: - [2006.10.31 23:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.05.02 01:35:23 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 53 35 64 8F A4 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.6 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\linkfilter@kaspersky.ru [2012.06.13 17:58:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\virtualKeyboard@kaspersky.ru [2012.06.13 17:58:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.13 17:58:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 22:33:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.28 12:40:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.08 23:04:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 22:33:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.28 12:40:19 | 000,000,000 | ---D | M] [2012.05.30 21:01:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnonsDesktop\AppData\Roaming\mozilla\Extensions [2012.10.18 22:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnonsDesktop\AppData\Roaming\mozilla\Firefox\Profiles\zawzbzp0.default\extensions [2012.10.18 22:25:53 | 000,221,098 | ---- | M] () (No name found) -- C:\Users\AnonsDesktop\AppData\Roaming\mozilla\firefox\profiles\zawzbzp0.default\extensions\artur.dubovoy@gmail.com.xpi [2012.06.08 15:49:33 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\AnonsDesktop\AppData\Roaming\mozilla\firefox\profiles\zawzbzp0.default\extensions\java@flyordie.com.xpi [2012.10.18 22:25:53 | 000,529,693 | ---- | M] () (No name found) -- C:\Users\AnonsDesktop\AppData\Roaming\mozilla\firefox\profiles\zawzbzp0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.07 22:33:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 22:33:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2008.07.01 04:09:26 | 000,070,968 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2008.07.01 04:09:40 | 000,091,448 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2008.07.01 04:09:34 | 000,021,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2008.05.21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2008.05.21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2008.05.21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2008.07.01 04:12:24 | 000,427,312 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2008.07.01 04:09:28 | 000,024,376 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012.06.17 16:25:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.28 22:48:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.17 16:25:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 16:25:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 16:25:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 16:25:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.18 22:17:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.) O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9F19F06-CFC5-451C-88BE-27218181A9CE}: DhcpNameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF8FE5F8-E502-4D4B-ADE7-B31DDC7E1D10}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.12.28 22:29:50 | 000,000,000 | ---D | M] - M:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 23:07:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.18 22:08:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.18 22:08:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.18 22:08:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.18 21:22:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.18 21:21:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.18 21:18:10 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Roaming\Malwarebytes [2012.10.18 21:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.18 21:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.18 21:14:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.18 21:14:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.12 18:24:22 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\.thumbnails [2012.10.12 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Local\fontconfig [2012.10.12 18:20:33 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Local\gegl-0.2 [2012.10.12 18:20:33 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\.gimp-2.8 [2012.10.12 17:51:19 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Local\Passbild_Generator [2012.10.12 17:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passbild-Generator [2012.10.12 17:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Passbild-Generator [2012.10.12 17:48:08 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Roaming\Skype [2012.10.12 17:48:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.10.12 17:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.10.12 17:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.10.12 17:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.09.30 18:10:55 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Roaming\ASCOMP Software [2012.09.30 18:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASCOMP Software [2012.09.30 18:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASCOMP Software [2012.09.29 17:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wuala OverlayIcons [2012.09.29 17:27:35 | 000,190,480 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll [2012.09.29 17:27:35 | 000,158,224 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll [2012.09.29 17:27:35 | 000,141,328 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll [2012.09.29 17:27:34 | 000,352,144 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys [2012.09.29 17:27:34 | 000,223,760 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll [2012.09.29 17:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wuala CBFS [2012.09.29 17:27:26 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Roaming\Wuala [2012.09.29 17:27:26 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Local\Wuala [2012.09.26 14:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.09.26 14:57:42 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Local\Plex Media Server [2012.09.26 14:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server [2012.09.26 14:51:15 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Local\Plex [2012.09.26 14:49:49 | 000,000,000 | ---D | C] -- C:\Users\AnonsDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plex Media Center [2012.09.26 14:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex ========== Files - Modified Within 30 Days ========== [2012.10.19 18:19:54 | 000,056,815 | ---- | M] () -- C:\Users\AnonsDesktop\Documents\Kündigungsbestätigung.pdf [2012.10.19 17:04:43 | 000,026,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 17:04:43 | 000,026,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 16:59:07 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.10.19 16:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.19 16:58:59 | 4280,901,630 | -HS- | M] () -- C:\hiberfil.sys [2012.10.18 23:06:46 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.18 22:17:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.18 21:14:52 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.15 22:07:46 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.15 22:07:46 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.15 22:07:46 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.15 22:07:46 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.15 22:07:46 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.12 18:24:24 | 000,000,856 | ---- | M] () -- C:\Users\AnonsDesktop\AppData\Local\recently-used.xbel [2012.10.12 18:11:12 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.10.12 17:51:14 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Passbild-Generator.lnk [2012.10.11 14:21:19 | 000,000,836 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.10.10 17:53:59 | 000,000,159 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.10.08 20:23:33 | 005,258,557 | ---- | M] () -- C:\Users\AnonsDesktop\Documents\AC07671398.pdf [2012.10.05 18:03:10 | 000,006,782 | ---- | M] () -- C:\Users\AnonsDesktop\Documents\Antrag.pdf [2012.10.01 16:02:44 | 000,113,574 | ---- | M] () -- C:\Users\AnonsDesktop\Documents\namensaenderung-pdf.pdf [2012.09.30 20:30:05 | 000,023,818 | ---- | M] () -- C:\Users\AnonsDesktop\Documents\Deutsche Post Brief Sendungsstatus.pdf [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.23 20:33:45 | 000,000,135 | ---- | M] () -- C:\Users\AnonsDesktop\Desktop\Plex Media Server.url ========== Files Created - No Company Name ========== [2012.10.19 18:19:51 | 000,056,815 | ---- | C] () -- C:\Users\AnonsDesktop\Documents\Kündigungsbestätigung.pdf [2012.10.18 22:08:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.18 22:08:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.18 22:08:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.18 22:08:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.18 22:08:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.18 21:14:52 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.12 18:24:24 | 000,000,856 | ---- | C] () -- C:\Users\AnonsDesktop\AppData\Local\recently-used.xbel [2012.10.12 17:51:14 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Passbild-Generator.lnk [2012.10.12 17:48:03 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.10.08 20:23:29 | 005,258,557 | ---- | C] () -- C:\Users\AnonsDesktop\Documents\AC07671398.pdf [2012.10.05 18:03:10 | 000,006,782 | ---- | C] () -- C:\Users\AnonsDesktop\Documents\Antrag.pdf [2012.10.01 16:02:42 | 000,113,574 | ---- | C] () -- C:\Users\AnonsDesktop\Documents\namensaenderung-pdf.pdf [2012.09.30 20:30:04 | 000,023,818 | ---- | C] () -- C:\Users\AnonsDesktop\Documents\Deutsche Post Brief Sendungsstatus.pdf [2012.09.29 17:27:26 | 000,000,905 | ---- | C] () -- C:\Users\AnonsDesktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wuala.lnk [2012.09.23 20:33:32 | 000,000,135 | ---- | C] () -- C:\Users\AnonsDesktop\Desktop\Plex Media Server.url [2012.08.04 20:27:24 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.08.04 20:27:24 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.07.19 21:13:01 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.06.05 22:25:26 | 000,000,836 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.06.05 22:25:26 | 000,000,159 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.06.05 22:24:59 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.06.05 22:24:59 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.06.05 22:20:07 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini [2012.06.05 22:20:07 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini [2012.06.05 21:40:12 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.05.30 21:56:09 | 000,017,408 | ---- | C] () -- C:\Users\AnonsDesktop\AppData\Local\WebpageIcons.db [2012.05.29 08:29:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.29 08:29:33 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.05.29 08:29:33 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.10.17 10:45:20 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.11.17 11:03:34 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.30 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Acronis [2012.08.17 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Aimersoft Video Converter Std [2012.07.19 21:15:32 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Aiseesoft Studio [2012.09.30 18:10:55 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\ASCOMP Software [2012.10.15 22:20:55 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\AVI ReComp [2012.05.30 21:48:11 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\B46087A8-F3DF-46EF-8D5D-CB61557F6597 [2012.06.03 15:43:29 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Buhl Data Service [2012.06.03 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Buhl Data Service GmbH [2012.08.08 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Citrix [2012.08.04 10:54:07 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\DAEMON Tools Lite [2012.08.22 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\ExpressFiles [2012.10.16 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\ExpressVPN [2012.06.04 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\FreePDF [2012.08.08 18:20:38 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\ICAClient [2012.08.17 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Leawo [2012.06.05 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Strokes 5.0 [2012.08.07 23:17:25 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\TeamViewer [2012.08.08 18:31:47 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\TechSmith [2012.05.30 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Thunderbird [2012.08.17 20:03:54 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\tiger-k [2012.10.18 23:07:37 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\uTorrent [2012.09.29 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\AnonsDesktop\AppData\Roaming\Wuala ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.10.2012 22:47:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\AnonsDesktop\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,98 Gb Total Physical Memory | 12,26 Gb Available Physical Memory | 76,69% Memory free
31,96 Gb Paging File | 28,03 Gb Available in Paging File | 87,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1853,25 Gb Total Space | 1756,79 Gb Free Space | 94,79% Space Free | Partition Type: NTFS
Drive D: | 3,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive M: | 912,45 Gb Total Space | 330,75 Gb Free Space | 36,25% Space Free | Partition Type: NTFS
Drive Y: | 912,45 Gb Total Space | 330,75 Gb Free Space | 36,25% Space Free | Partition Type: NTFS
Drive Z: | 912,45 Gb Total Space | 330,75 Gb Free Space | 36,25% Space Free | Partition Type: NTFS
Computer Name: ANONSDESKTOP-PC | User Name: AnonsDesktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065EEA0F-3CB1-4B8F-85DA-AC5FB5E2F691}" = lport=137 | protocol=17 | dir=in | app=system |
"{06A79CAA-A4A2-49C2-B3BD-C183BACF17A4}" = rport=139 | protocol=6 | dir=out | app=system |
"{0AD88E80-E69C-44B6-8B8F-31B52D2EBC67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13E5ECC1-5D72-46EE-9A6E-45E423BE0AC6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FBC4E74-2C74-4EB5-8DA1-E1BFD4832C3C}" = rport=137 | protocol=17 | dir=out | app=system |
"{337F44EC-623F-47A7-834A-F0FBD65C3C1E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{35DC1500-E2D8-4E43-A35B-BE4DB6321677}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47C62D2F-2F17-4B5B-BDB6-AE3ACD324F24}" = rport=445 | protocol=6 | dir=out | app=system |
"{4D115EB9-00FF-44B9-853D-7871DD8F5CE4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{549988B4-B3AE-4079-BB66-009086F80BD2}" = rport=138 | protocol=17 | dir=out | app=system |
"{5B722CDA-A1CE-421A-BABC-F9AED7148D4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B77A510-1648-492F-A25B-686FF8408C6E}" = lport=139 | protocol=6 | dir=in | app=system |
"{6A51A9D2-46EF-476C-AC00-FF784598FE9C}" = lport=445 | protocol=6 | dir=in | app=system |
"{707634C3-5EDB-4CD0-8EA9-DE95238C4662}" = rport=10243 | protocol=6 | dir=out | app=system |
"{77F1492C-850E-4E1D-86EA-07EA5E9D09B0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7BF76C63-C658-4872-8805-842EEF57C341}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80C098FA-3878-477A-A15D-A523A98E59C1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E38DACB-B750-488A-A0DC-6A73142B6539}" = lport=138 | protocol=17 | dir=in | app=system |
"{A15CC20D-E4E1-4773-8156-A1385E3DA9DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A42618CF-E821-45CB-8101-A85BBD8EEBE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A96452BA-FD19-4247-A674-669327754DE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B3C107E9-EEDD-4666-BCB6-55E6A7C82827}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CF35080C-37CA-4F6B-B2D6-3E1062378F09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DEB0478F-6B9B-4AAB-A1FF-B8C0931A0345}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FDDC5C06-7F18-42CC-B30C-BE201335345C}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07849D26-B2EE-4AC0-A6BC-1E5C661046D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{07CC7D5A-FA9B-41D7-9528-23740A0B8789}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{17C1F620-65A9-4F9C-81D8-D6109A49E70F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1E0082D2-4B71-4FFB-A90D-B93E325A0950}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2536B053-AAFA-4053-87A7-03B0F7FA740C}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{31B181B8-558A-4D0A-BB51-F737DCE9B98C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{32E4F64E-F8C2-4FC3-AA83-0A1073F5AF6C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35F7F0F1-E1CC-49CE-A014-85974E9E3050}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B18F0D5-2CA4-46A1-A46C-3E9DBC72660E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{45306A18-7E69-41F1-8C9D-7DB4800AA5B4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{4A792426-75E9-44B0-9AEB-93E7425947FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{553E97C5-4ED0-4C7C-9E04-0BA25904F924}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{557299B1-71A6-4209-BA1F-C36EA7611FCB}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{58B5C920-B883-4F1F-8A01-B55F9BAF7D7A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E346108-480C-4D5D-A6F6-9DAFCCD94385}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5E6CA4BC-3029-4481-B5FC-41EC45AE44CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61154C69-94CD-40D2-9371-71DF22A09ECC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62E6C8A0-5ECB-446D-BF33-DEC711FDB5F1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{62FB75FB-AEE1-4195-91A2-F3D3065DAF9C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6448B596-6437-4D53-9B6B-AF44EC272260}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{69D022B5-FD64-4C31-8996-AB9844F9E5AA}" = protocol=6 | dir=out | app=system |
"{6A44AF70-3244-4029-A912-A9B14528782F}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{75053E53-ADBD-4A4F-8B12-89755665B574}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{799E0087-0B44-46E0-A9A2-BE83E83A9D50}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{8026680F-BD73-44E6-A88E-C61A9DF7A4FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83535898-542E-495B-ADC4-BAA1F6F9F144}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8459DCDF-4B5B-498D-954E-DB337F612CD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89C1C720-39FB-4DCB-B8F9-93FCA9FBE429}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{98D4ADD4-EE12-4DB2-AE23-848C9CEEF0F3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9CF84426-6900-4DEF-97BA-DF784C8F74EC}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A14A0C4E-1525-4F78-BD86-9B21DD3273AF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{AD4111EF-2DFC-4FB7-8042-8AEFC6E6BB59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B64C0E9A-72F7-43D6-819A-4BAA0D1FD79B}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{B705FF08-33E7-4450-AA47-E5068FCFB6EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BA9EAAF2-98AA-47E7-88AC-06DA8FE486FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BAD658DC-4975-4DD5-9333-92761F9DD5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe |
"{C03E7E2E-0F05-4296-9485-12DE25A0F95B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D05D7CB3-F864-41AD-A15A-A92ABF7CED7A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D709AD2B-A392-4691-95CB-6009DAA69353}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D9DF8FCC-72C0-49EE-8F2A-CB0B0727268E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5ABCE74-061A-45CA-92C0-D959226996A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5D9D367-DDF1-4B64-B06C-226759B3E841}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E649233F-D608-4AEB-BDD3-3B9B31B7EEEB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EC3228C3-58CA-40CE-A468-9F98D8190708}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FADC85D2-3C86-4AC9-B2BE-81A31FA80D7D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{FBF8F70B-63A8-4406-9C85-61370BA4683C}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C76E78E4-118F-48B7-815A-7B46B34A2E6C}_is1" = Houdini 2.0 Pro
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1" = Leawo Video Converter version 5.2.0.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EAB7141-A278-42B7-9F96-ED1784E71C6A}_is1" = Aiseesoft DVD Ripper 6.2.26
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite MFC-235C
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}" = Acronis*True*Image*Home 2012
"{C1FDF2F0-2136-42D8-8A64-2B45BBF2C19E}Visible" = Acronis*True*Image*Home 2012
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7B569DA-35C5-4DCB-AF5D-AB5E6E15A5A7}" = Citrix XenApp Plugin für gehostete Anwendungen
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D98D2FD8-26FB-4B92-B2B8-75DE8FB28FC4}_is1" = FLV to MP4 Converter 2009.2.20
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F90D0E4A-DB14-474D-9112-61E4E2234493}" = Plex Media Server
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"Aquarium_is1" = Houdini Aquarium
"AudioCS" = Creative Audio-Systemsteuerung
"AVI ReComp" = AVI ReComp 1.5.5
"Avisynth" = AviSynth 2.5
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ExpressVPN" = ExpressVPN v3.091
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Host OpenAL" = Host OpenAL
"InstallWIX_{2D270A67-B7CD-4281-B2FE-60DF18D19B8E}" = Kaspersky PURE 2.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.7.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5b
"PicPick" = PicPick
"Secure Eraser_is1" = Secure Eraser v4.0
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.2
"VobSub" = VobSub 2.23
"WinLiveSuite" = Windows Live Essentials
"WinX Free FLV to MP4 Converter_is1" = WinX Free FLV to MP4 Converter 4.1.10
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Plex" = Plex
"Wuala" = Wuala
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.10.2012 18:39:15 | Computer Name = AnonsDesktop-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/10/14 00:39:15.990]: [00005036]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 13.10.2012 18:39:17 | Computer Name = AnonsDesktop-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/10/14 00:39:17.534]: [00005036]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 13.10.2012 18:39:19 | Computer Name = AnonsDesktop-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/10/14 00:39:19.078]: [00005036]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 13.10.2012 18:39:20 | Computer Name = AnonsDesktop-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/10/14 00:39:20.623]: [00005036]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 13.10.2012 18:39:22 | Computer Name = AnonsDesktop-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/10/14 00:39:22.167]: [00005036]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 13.10.2012 18:39:23 | Computer Name = AnonsDesktop-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/10/14 00:39:23.712]: [00005036]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 14.10.2012 05:17:20 | Computer Name = AnonsDesktop-PC | Source = WinMgmt | ID = 10
Description =
Error - 15.10.2012 14:11:39 | Computer Name = AnonsDesktop-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.10.2012 14:19:08 | Computer Name = AnonsDesktop-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.10.2012 14:43:54 | Computer Name = AnonsDesktop-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.10.2012 12:02:53 | Computer Name = AnonsDesktop-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"" können nicht gelesen werden.
Error - 12.10.2012 13:23:12 | Computer Name = AnonsDesktop-PC | Source = bowser | ID = 8003
Description =
Error - 12.10.2012 15:46:21 | Computer Name = AnonsDesktop-PC | Source = bowser | ID = 8003
Description =
Error - 13.10.2012 09:20:53 | Computer Name = AnonsDesktop-PC | Source = bowser | ID = 8003
Description =
Error - 13.10.2012 10:31:03 | Computer Name = AnonsDesktop-PC | Source = bowser | ID = 8003
Description =
Error - 14.10.2012 05:29:59 | Computer Name = AnonsDesktop-PC | Source = bowser | ID = 8003
Description =
Error - 14.10.2012 05:52:19 | Computer Name = AnonsDesktop-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{01CCD927-35F6-4368-83FD-0BC439B91877} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 14.10.2012 11:32:49 | Computer Name = AnonsDesktop-PC | Source = bowser | ID = 8003
Description =
Error - 14.10.2012 14:53:27 | Computer Name = AnonsDesktop-PC | Source = bowser | ID = 8003
Description =
Error - 14.10.2012 16:31:13 | Computer Name = AnonsDesktop-PC | Source = bowser | ID = 8003
Description =
< End of report >
c |
|
19.10.2012, 18:12
| #2 |
| /// Malware-holic   | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? hi
__________________1. leite mir die mail mal weiter, wie das geht steht in meiner signatur. 2. poste die kaspersky funde bitte
__________________ |
|
19.10.2012, 18:24
| #3 |
| | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? Hi,
__________________zu 1): In meiner Panik habe ich die Mail überall restlos gelöscht (auch im Papierkorb und auf dem Server), daher schaffe ich es leider nicht, die Mail weiterzuleiten. Es sei denn, ich könnte sie irgendwie wiederherstellen. zu 2): siehe Anhang Danke für die schnelle Antwort. |
|
19.10.2012, 18:30
| #4 |
| /// Malware-holic | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? hi 1. warne bitte freunde, bekannte, kolggen vor verdächtigen mails. wenn so was aufschlägt, an uns senden, das selbe gilt auch für dich :-) 2. kannst du die meldungen mal als klar text posten bitte?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.10.2012, 20:12
| #5 |
| | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? Ok, mache ich. Die Meldungen lauten: Datei |Pfad |Gefunden data0008 | C:\Users\***\AppData\Local\Temp\RG15005648294.pdf// | Exploit.JS.pdfka.ggb data0002 |C:\Users\***\AppData\Local\Temp\RG15005648294.pdf// | Exploit.JS.pdfka.ggb RG15005648294.pdf | C:\Users\***\AppData\Local\Temp\ | Exploit.JS.pdfka.ggb |
|
19.10.2012, 20:20
| #6 |
| /// Malware-holic | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? danke da hast du glück gehabt kaspersky erkennt die pdf bereits. die jungs nutzen ein altes exploit, und jeder, der seine programme aktuell hält, kann über diese malware nur lachen, die lücke wurde bereits 2010 entdeckt. lade den CCleaner standard: CCleaner Download - CCleaner 3.23.1823 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? |
|
19.10.2012, 20:40
| #7 |
| | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? Na, das hört sich doch gut und beruhigt mich sehr. Danke für tolle Unterstützung. Hier die Liste der Programme (sieht ein wenig ungeordnet aus) Code:
ATTFilter AAVUpdateManager Wolters Kluwer Deutschland GmbH 03.06.2012 32,0MB 18.00.0000 notwendig Acronis*True*Image*Home 2012 Acronis 30.05.2012 304MB 15.0.7119 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.08.2012 6,00MB 11.3.300.257 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 14.10.2012 6,00MB 11.4.402.287 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 15.08.2012 122MB 10.1.4 notwendig Aiseesoft DVD Ripper 6.2.26 Aiseesoft Studio 19.07.2012 62,6MB 6.2.26 unnötig AnyDVD SlySoft 19.07.2012 7.0.5.0 unnötig Apple Application Support Apple Inc. 16.09.2012 64,5MB 2.2.2 notwendig Apple Mobile Device Support Apple Inc. 16.09.2012 23,7MB 6.0.0.59 notwendig Apple Software Update Apple Inc. 01.06.2012 2,38MB 2.1.3.127 notwendig AVI ReComp 1.5.5 Mateusz Gola (aka Prozac) 04.08.2012 1.5.5 unnötig AviSynth 2.5 04.08.2012 unnötig AVM FRITZ!Box Dokumentation AVM Berlin 15.09.2012 notwendig AVM FRITZ!Box Druckeranschluss AVM Berlin 15.09.2012 notwendig Bewerbungsfoto-/Passbild-Generator v3.5b 12.10.2012 1,28MB notwendig Bing Bar Microsoft Corporation 30.05.2012 6.3.2322.0 unnötig Bonjour Apple Inc. 01.06.2012 2,00MB 3.0.0.10 unnötig Brother MFL-Pro Suite MFC-235C Brother Industries, Ltd. 05.06.2012 1.0.2.0 notwendig CCleaner Piriform 24.09.2012 3.23 notwendig Citrix XenApp Plugin für gehostete Anwendungen Citrix Systems, Inc. 08.08.2012 33,7MB 11.0.0.5323 notwendig Creative Audio-Systemsteuerung Creative Technology Limited 05.06.2012 3.00 notwendig Creative Software AutoUpdate Creative Technology Limited 30.05.2012 1.40 notwendig Creative Sound Blaster Properties x64 Edition 30.05.2012 notwendig ExpressVPN v3.091 01.06.2012 v3.091 notwendig FLV to MP4 Converter 2009.2.20 FLVtoMP4Converter.com 17.08.2012 16,4MB unnötig FreePDF (Remove only) 04.06.2012 notwendig Futuremark SystemInfo Futuremark Corporation 29.05.2012 3.21.2.1 unbekannt Google Earth Google 09.09.2012 107MB 6.2.2.6613 notwendig GPL Ghostscript Artifex Software Inc. 04.06.2012 9.04 notwendig Host OpenAL Creative Technology Limited 05.06.2012 2.02 unbekannt Houdini 2.0 Pro Houdini Chess 03.06.2012 11,3MB 2.0 notwendig Houdini Aquarium 03.06.2012 163MB notwendig iTunes Apple Inc. 16.09.2012 182MB 10.7.0.21 notwendig Java 7 Update 7 Oracle 31.08.2012 128MB 7.0.70 notwendig JDownloader 0.9 AppWork GmbH 01.06.2012 0.9 notwendig K-Lite Codec Pack 8.7.0 (Basic) 17.08.2012 25,9MB 8.7.0 notwendig Kaspersky PURE 2.0 Kaspersky Lab 30.05.2012 12.0.1.288 notwendig Leawo Video Converter version 5.2.0.1 17.08.2012 unnötig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 18.10.2012 19,4MB 1.65.1.1000 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.06.2012 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 01.06.2012 2,93MB 4.0.30319 unbekannt Microsoft Office Home and Student 2010 Microsoft Corporation 04.06.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 05.06.2012 40,3MB 4.1.10329.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 29.05.2012 1,69MB 3.1.0000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 05.06.2012 298KB 8.0.61001 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 30.05.2012 2,06MB 9.0.21022 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 03.06.2012 600KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 18.09.2012 11,0MB 10.0.30319 notwendig Mobile Partner Huawei Technologies Co.,Ltd 25.08.2012 16.002.03.03.511 unbekannt Mozilla Firefox 15.0 (x86 de) Mozilla 28.08.2012 41,6MB 15.0 notwendig Mozilla Firefox 15.0.1 (x86 de) Mozilla 08.09.2012 41,7MB 15.0.1 notwendig Mozilla Maintenance Service Mozilla 08.09.2012 327KB 15.0.1 unbekannt Mozilla Thunderbird 15.0.1 (x86 de) Mozilla 18.09.2012 39,5MB 15.0.1 notwendig PicPick NTeWORKS 21.08.2012 3.1.7 notwendig Plex Plex, Inc 26.09.2012 0.9.504 notwendig Plex Media Server Plex, Inc. 26.09.2012 121MB 0.9.609 notwendig RedMon - Redirection Port Monitor 04.06.2012 unbekannt Secure Eraser v4.0 ASCOMP Software GmbH 30.09.2012 10,5MB notwendig Skype™ 5.10 Skype Technologies S.A. 12.10.2012 19,4MB 5.10.116 notwendig Steuer-Spar-Erklärung 2012 Wolters Kluwer Deutschland GmbH 03.06.2012 350MB 17.11 notwendig Synology Assistant (remove only) 30.05.2012 notwendig TeamViewer 7 TeamViewer 07.08.2012 7.0.13989 notwendig VLC media player 2.0.2 VideoLAN 15.07.2012 2.0.2 notwendig VobSub 2.23 Gabest 04.08.2012 2.23 unnötig Windows Live Essentials Microsoft Corporation 29.05.2012 15.4.3502.0922 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 29.05.2012 5,57MB 15.4.5722.2 unbekannt Windows Media Player Firefox Plugin Microsoft Corp 28.09.2012 296KB 1.0.0.8 notwendig WinRAR 4.11 (64-Bit) win.rar GmbH 30.05.2012 4.11.0 notwendig WinX Free FLV to MP4 Converter 4.1.10 Digiarty Software,Inc. 17.08.2012 notwendig Wuala LaCie 29.09.2012 1.0.420.0 notwendig Wuala CBFS LaCie 29.09.2012 3.2.107.0 notwendig Wuala OverlayIcons LaCie 29.09.2012 1.0.0.2 notwendig Xvid Video Codec Xvid Team 04.08.2012 1.3.2 notwendig µTorrent 30.05.2012 3.1.3 notwendig |
|
22.10.2012, 12:31
| #8 |
| /// Malware-holic | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Aiseesoft AnyDVD AVI ReComp AviSynth Bing FLV Futuremark Java Download der kostenlosen Java-Software downloade java, nimm den haken bei der ask toolbar raus. deinstaliere: Leawo TeamViewer würde ich nur bei bedarf instalieren VobSub Windows Live : alle von dir nicht benötigten. öffne otl, bereinigen, pc startet neu öffne ccleaner, analysieren, starten, pc neustarten, wenn er läuft wie gewünscht, absichern: http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie Download - Sandboxie 3.74 anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.10.2012, 11:10
| #9 |
| | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? So, ich habe nun alles umgesetzt und bin sehr zufrieden mit dem Ergebnis und den neuen Erkenntnissen. Ich möchte mich für die professionelle und schnelle Hilfe bei markusg bedanken. Das gilt natürlich auch für alle, die dabei mitgeholfen haben. Es ist beruhigend zu wissen, dass es engagierte Menschen gibt, die dabei helfen, dass das Internet auch für den Otto-Normalverbraucher nutzbar bleibt. THX!. Thread kann geschlossen werden. |
|
29.10.2012, 18:55
| #10 |
| /// Malware-holic | Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? kein problem, bei problemen, gern wieder melden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky? |
| autorun, bho, bonjour, brief, converter, document, eraser, error, fake mail, fehler, firefox, flash player, format, frage, home, ihre rechnung, intranet, jdownloader, kaspersky, logfile, mozilla, netzwerk, nodrives, plug-in, realtek, registry, rundll, scan, security, senden, server, svchost.exe, synology, tastatur |
Linear-Darstellung
