| |
| |||||||
Log-Analyse und Auswertung: Claro search im Browser und Rechner wird lahmgelegtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.11.2012, 07:07
| #1 |
| |  Claro search im Browser und Rechner wird lahmgelegt Hallo zusammen, auch ich habe mir den Claro Search eingefangen. Claro Search erscheint in allen Browsern (Firefox, IE, Google Chrome). Rechner ist nach ein paar Stunden komplett lahmgelegt. Alle offenen Programme reagieren nicht mehr. Vielen Dank im Voraus für Eure Hilfe Chrissi otl.txt Code:
ATTFilter OTL logfile created on: 27.11.2012 21:39:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 57,77% Memory free 6,50 Gb Paging File | 4,98 Gb Available in Paging File | 76,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 382,59 Gb Free Space | 82,16% Space Free | Partition Type: NTFS Computer Name: GGLBUERO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.27 21:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe PRC - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe PRC - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe PRC - [2012.09.20 13:21:06 | 015,700,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.19 06:55:38 | 001,422,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\WINWORD.EXE PRC - [2012.06.11 14:58:48 | 001,223,680 | ---- | M] (Toggl) -- C:\Programme\Toggl\TogglDesktop\TogglDesktop.exe PRC - [2012.03.26 16:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.03.07 20:36:13 | 000,349,488 | ---- | M] (Assistance & Resources for Computing, Inc.) -- C:\PurgeIE\PurgeIE_Service.exe PRC - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe PRC - [2011.12.20 22:48:38 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe PRC - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.18 12:44:43 | 001,415,632 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 04:17:38 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2010.11.17 23:04:04 | 006,862,336 | ---- | M] (Global IP Telecommunications Ltd.) -- C:\Programme\NinjaLite\NinjaLite\NinjaLi.exe PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.10.19 23:11:52 | 000,616,712 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe PRC - [2009.03.30 15:00:56 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe ========== Modules (No Company Name) ========== MOD - [2012.11.14 09:29:03 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\eaf74b94f8d7de8b53ba3f0efbd0ccb5\System.Web.Services.ni.dll MOD - [2012.11.14 09:29:01 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.11.14 09:28:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.14 09:28:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.14 09:28:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.14 09:28:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.14 09:28:02 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.14 09:27:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll MOD - [2012.10.09 10:26:20 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012.01.13 12:49:04 | 001,093,646 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avcodec-53.dll MOD - [2012.01.13 12:49:04 | 000,184,846 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avformat-53.dll MOD - [2012.01.13 12:49:04 | 000,117,262 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avutil-51.dll MOD - [2012.01.11 11:30:08 | 000,952,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Crm.SdkTypeProxy\4.0.0.0__31bf3856ad364e35\Microsoft.Crm.SdkTypeProxy.dll MOD - [2012.01.11 11:30:07 | 000,169,832 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Crm.Sdk\4.0.0.0__31bf3856ad364e35\Microsoft.Crm.Sdk.dll MOD - [2012.01.11 11:30:06 | 000,624,488 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Crm.Platform.Sdk\4.0.0.0__31bf3856ad364e35\Microsoft.Crm.Platform.Sdk.dll MOD - [2012.01.11 11:30:05 | 000,943,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Crm\4.0.0.0__31bf3856ad364e35\Microsoft.Crm.dll MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.06.11 16:49:14 | 000,341,864 | ---- | M] () -- C:\Programme\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Outlook.CompactPrxy.XmlSerializers.dll MOD - [2009.10.19 23:11:20 | 000,101,128 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\CrashRpt.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2007.08.13 15:46:00 | 001,253,376 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbis.dll MOD - [2007.08.13 15:46:00 | 001,032,192 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbisenc.dll MOD - [2007.08.13 15:46:00 | 000,102,400 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbisfile.dll MOD - [2007.08.13 15:46:00 | 000,061,440 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\ogg.dll ========== Services (SafeList) ========== SRV - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager) SRV - [2012.10.28 13:12:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 10:26:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 16:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.07 20:36:13 | 000,349,488 | ---- | M] (Assistance & Resources for Computing, Inc.) [Auto | Running] -- C:\PurgeIE\PurgeIE_Service.exe -- (PurgeIEservice) SRV - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.22 17:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2011.09.22 17:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2011.06.18 13:28:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.23 04:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012.03.20 19:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.09.22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.06.18 12:44:43 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.11.20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm) DRV - [2010.11.20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus) DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb) DRV - [2010.11.20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr) DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 8C 54 CE 0B 4B CA 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_3&babsrc=SP_ss&mntrId=4aaaddfe000000000000002618183731 IE - HKCU\..\SearchScopes\{FBA214B9-5BF0-438A-BBD8-78C1EBB80D48}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Claro Search" FF - prefs.js..browser.search.order.1: "Claro Search" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP_ss&mntrId=4aaaddfe000000000000002618183731" FF - prefs.js..extensions.enabledAddons: beta@linkdiagnosis.com:2.3.6 FF - prefs.js..extensions.enabledAddons: check4change-owner@mozdev.org:1.9.3 FF - prefs.js..extensions.enabledAddons: morningCoffee@shaneliesegang:1.35 FF - prefs.js..extensions.enabledAddons: sitedelta@schierla.de:0.13.1 FF - prefs.js..extensions.enabledAddons: yslow@yahoo-inc.com:3.1.4 FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6 FF - prefs.js..extensions.enabledAddons: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.5.5 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.10 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.41 FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3 FF - prefs.js..extensions.enabledAddons: firequery@binaryage.com:1.3 FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4 FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.24 FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.911.18 FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=KW_ss&mntrId=4aaaddfe000000000000002618183731&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2011.06.18 12:52:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.11.22 15:30:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 15:40:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.07 16:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.11.23 07:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions [2012.11.21 08:16:39 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.08.24 10:01:21 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.08.01 11:20:43 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.02.17 09:20:32 | 000,066,808 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\beta@linkdiagnosis.com.xpi [2012.05.14 08:17:12 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\check4change-owner@mozdev.org.xpi [2012.11.02 14:58:49 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\firebug@software.joehewitt.com.xpi [2012.10.08 13:28:32 | 000,106,668 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\firequery@binaryage.com.xpi [2012.01.10 16:56:12 | 000,107,019 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\morningCoffee@shaneliesegang.xpi [2012.11.02 14:58:46 | 000,347,040 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\senseo@nicosteiner.de.xpi [2012.05.14 08:14:06 | 000,074,258 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\sitedelta@schierla.de.xpi [2012.11.19 23:00:55 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\toolbar@gmx.net.xpi [2012.08.12 07:19:37 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\yslow@yahoo-inc.com.xpi [2012.08.29 11:32:03 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2012.07.30 20:03:35 | 000,447,304 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi [2012.09.10 19:24:22 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.06.09 08:59:47 | 000,068,257 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2012.01.10 17:36:54 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012.11.19 23:00:59 | 000,000,911 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\11-suche.xml [2012.11.19 23:00:59 | 000,002,273 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\englische-ergebnisse.xml [2012.11.19 23:00:59 | 000,010,563 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\gmx-suche.xml [2012.11.19 23:00:59 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\lastminute.xml [2012.11.22 15:39:59 | 000,006,520 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\mngr.xml [2012.11.19 23:00:59 | 000,005,545 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\webde-suche.xml [2012.10.28 13:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.28 13:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.11.22 15:40:15 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.5.911.18\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{0B457CAA-602D-484A-8FE7-C1D894A011BA} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{6AC85730-7D0F-4DE0-B3FA-21142DD85326} File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\BETA@LINKDIAGNOSIS.COM.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\CHECK4CHANGE-OWNER@MOZDEV.ORG.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\FIREQUERY@BINARYAGE.COM.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\MORNINGCOFFEE@SHANELIESEGANG.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\SITEDELTA@SCHIERLA.DE.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI [2012.10.28 13:12:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.19 07:30:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.22 15:39:59 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.10.03 21:47:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.19 07:30:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 07:30:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 07:30:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 07:30:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP_ss&mntrId=4aaaddfe000000000000002618183731 CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP_ss&mntrId=4aaaddfe000000000000002618183731 CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSCRM] C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe (Microsoft Corporation) O4 - HKCU..\Run: [IBP] File not found O4 - HKCU..\Run: [NINJALI.EXE] C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe (Global IP Telecommunications Ltd.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TogglDesktop.lnk = C:\Programme\Toggl\TogglDesktop\TogglDesktop.exe (Toggl) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: crm ([]http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sites ([]https in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = serendata.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1331BC44-AB8C-4275-B7F3-B5B35058B171}: DhcpNameServer = 192.168.2.2 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 21:39:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.22 22:13:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.11.22 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.11.22 15:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.22 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge [2012.11.22 15:39:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon [2012.11.22 15:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.11.22 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2012.11.22 15:30:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Software [2012.11.22 15:30:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDF Architect Files [2012.11.22 15:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2012.11.22 15:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect ========== Files - Modified Within 30 Days ========== [2012.11.27 21:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.27 21:37:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.27 21:35:22 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.27 21:27:15 | 000,480,125 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.27 21:26:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.27 21:13:21 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 21:13:21 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 21:12:29 | 000,766,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.27 21:12:29 | 000,720,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.27 21:12:29 | 000,174,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.27 21:12:29 | 000,147,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.27 21:07:35 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.27 21:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.27 21:05:42 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 17:57:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.27 12:47:38 | 000,001,310 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.11.26 22:49:25 | 000,002,046 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2012.11.22 15:31:30 | 000,000,963 | ---- | M] () -- C:\Users\***\Desktop\PDF Architect.lnk [2012.11.14 09:26:19 | 000,408,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.08 18:00:08 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012.11.27 21:37:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.27 21:35:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.27 21:27:10 | 000,480,125 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.22 15:31:30 | 000,000,963 | ---- | C] () -- C:\Users\***\Desktop\PDF Architect.lnk [2012.07.30 20:02:13 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.07.27 09:09:52 | 000,060,864 | ---- | C] () -- C:\Users\***\g2mdlhlpx.exe [2012.01.09 12:12:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat [2012.01.09 12:12:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.01.09 12:09:24 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.01.07 16:24:25 | 000,000,816 | RHS- | C] () -- C:\Users\***\ntuser.pol [2012.01.07 16:11:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.06 23:03:03 | 000,022,012 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.12.06 19:49:28 | 000,048,488 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.18 12:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.18 10:45:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.18 17:24:00 | 000,003,246 | ---- | C] () -- C:\Users\***\.kdiff3rc [2010.01.12 16:55:40 | 000,459,366 | ---- | C] () -- C:\Users\***\.spyglass.properties ========== ZeroAccess Check ========== [2010.03.17 14:37:37 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\2216887-Dateien\L.gif [2010.03.17 14:34:31 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\3999788-Dateien\L.gif [2010.03.17 14:23:50 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\5994862-Dateien\L.gif [2010.03.17 14:21:35 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\7359601-Dateien\L.gif [2010.03.17 14:29:03 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\938668-Dateien\L.gif [2010.03.17 14:23:01 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\9723607-Dateien\L.gif [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.22 15:39:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2012.01.10 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot [2012.04.12 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBP [2012.01.10 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.04.26 09:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySEOSolution_DB_Dir [2012.01.07 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.01.07 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.11.22 15:31:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Software [2012.11.23 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.03.07 20:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PurgeIE [2012.01.07 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2012.01.07 18:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.01.07 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Small Business Server ========== Purity Check ========== < End of report > 012.11.22 15:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2012.11.22 15:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect ========== Files - Modified Within 30 Days ========== [2012.11.27 21:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.27 21:37:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.11.27 21:35:22 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.27 21:27:15 | 000,480,125 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.27 21:26:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.27 21:13:21 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 21:13:21 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 21:12:29 | 000,766,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.27 21:12:29 | 000,720,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.27 21:12:29 | 000,174,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.27 21:12:29 | 000,147,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.27 21:07:35 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.27 21:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.27 21:05:42 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 17:57:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.27 12:47:38 | 000,001,310 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.11.26 22:49:25 | 000,002,046 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2012.11.22 15:31:30 | 000,000,963 | ---- | M] () -- C:\Users\***\Desktop\PDF Architect.lnk [2012.11.14 09:26:19 | 000,408,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.08 18:00:08 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012.11.27 21:37:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.11.27 21:35:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.11.27 21:27:10 | 000,480,125 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2012.11.22 15:31:30 | 000,000,963 | ---- | C] () -- C:\Users\***\Desktop\PDF Architect.lnk [2012.07.30 20:02:13 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.07.27 09:09:52 | 000,060,864 | ---- | C] () -- C:\Users\***\g2mdlhlpx.exe [2012.01.09 12:12:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat [2012.01.09 12:12:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.01.09 12:09:24 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.01.07 16:24:25 | 000,000,816 | RHS- | C] () -- C:\Users\***\ntuser.pol [2012.01.07 16:11:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.06 23:03:03 | 000,022,012 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2011.12.06 19:49:28 | 000,048,488 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.18 12:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.06.18 10:45:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.18 17:24:00 | 000,003,246 | ---- | C] () -- C:\Users\***\.kdiff3rc [2010.01.12 16:55:40 | 000,459,366 | ---- | C] () -- C:\Users\***\.spyglass.properties ========== ZeroAccess Check ========== [2010.03.17 14:37:37 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\2216887-Dateien\L.gif [2010.03.17 14:34:31 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\3999788-Dateien\L.gif [2010.03.17 14:23:50 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\5994862-Dateien\L.gif [2010.03.17 14:21:35 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\7359601-Dateien\L.gif [2010.03.17 14:29:03 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\938668-Dateien\L.gif [2010.03.17 14:23:01 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\9723607-Dateien\L.gif [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.22 15:39:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon [2012.01.10 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot [2012.04.12 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBP [2012.01.10 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.04.26 09:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySEOSolution_DB_Dir [2012.01.07 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.01.07 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.11.22 15:31:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Software [2012.11.23 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.03.07 20:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PurgeIE [2012.01.07 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2012.01.07 18:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.01.07 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Small Business Server ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.11.2012 21:39:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 57,77% Memory free
6,50 Gb Paging File | 4,98 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 382,59 Gb Free Space | 82,16% Space Free | Partition Type: NTFS
Computer Name: GGLBUERO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F7A7A2-79AB-4C42-9D91-278BCC070CFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E1C3B34-9E81-4B9C-B82F-8D24CE999E25}" = rport=5060 | protocol=17 | dir=out | name=sip 5060 udp |
"{2A7ECA4B-0729-49E6-85E1-1AFFE24E799F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{35045904-3FD9-45D7-A7E4-7445974FB127}" = rport=138 | protocol=17 | dir=out | app=system |
"{4393F2E0-E34D-4559-AE79-4634D70E73C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DB0116C-D406-4983-BAC2-D93410BE6D42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{580BBF0F-68DE-47CF-B47B-96744C0086BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{63B70545-DB77-4DAE-9AC2-116C34A66CC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C888103-7E3A-4A05-9A8D-AF972A2748E5}" = rport=3478 | protocol=17 | dir=out | name=stun sip 3478 udp |
"{79791763-DE05-478E-9940-2EA918B87D98}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7A2AD3C1-77ED-447D-9ABD-79A46F4DFA15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7FA4EC9A-5BD5-41C8-895E-03882DCAEA3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{93ECDAAF-AC3B-4046-81A6-9739CFB86120}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A58DFD6F-1D13-49C1-BF20-653201315809}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A7EE3138-693A-40CC-8AF2-3451AB585EA7}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA4797F9-716B-47D1-9CCC-251730BC2DAB}" = lport=445 | protocol=6 | dir=in | app=system |
"{C173F0C7-C909-4E13-AC06-0C185ABB5F07}" = lport=137 | protocol=17 | dir=in | app=system |
"{C41135E8-D5F6-4707-BEEB-9607C20A88F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCBC9CF2-BF68-47CF-9666-C4DBFC4A19A2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D4E3A660-C312-416E-A6AC-223AAFCD43C8}" = rport=137 | protocol=17 | dir=out | app=system |
"{DE4516BE-1050-4DDA-9937-EC285012F561}" = rport=5061 | protocol=17 | dir=out | name=sip 5061 udp |
"{E8D2F365-C931-42D6-9497-4C854CB1C62B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC15239E-6D2B-4671-9DD1-2160CB3DC961}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC6C5EFF-C380-4D63-BBA5-3697AB2FE5C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEEFCCF3-99D2-48C9-A5FF-99BD5942447B}" = lport=138 | protocol=17 | dir=in | app=system |
"{FF5FABDB-49E3-4002-97B8-4ED83BD9D21F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A25BE3-5501-4EA0-9317-2B870C29DA3C}" = dir=out | app=%programfiles%\ninjalite\ninjalite\ninjali.exe |
"{0E49247A-A6BB-46EE-9E48-E60AE80997BF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0F7CC0BB-0CD3-4611-9A5E-DA3CAA55DC14}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{21B3BCCF-D089-40B6-8B73-E707DCAA88C3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{23E42F74-CCA2-458E-A52A-C6B346F114AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{25449E73-C436-485F-BF3B-CD9E47DC9BD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27117D09-3490-449A-A5CC-87993D669B41}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{362E9F05-6805-483A-8D88-7CE8EBF3AF78}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{36F62FB8-2279-4BEF-9EFE-4750EEF57A23}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{47077531-D55C-4655-BD54-4FCD9298B9BB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4E8C8F97-3DB1-4B4C-9794-185C5377C07B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{5E89480D-B6D4-48AF-AC3A-BEBA4FD15670}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{71630626-56F0-4661-B1D1-68BF9D5D1742}" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\xproxy.exe |
"{7D8E502A-A6CB-4BD1-81AA-95214E418CEA}" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe |
"{80EFE898-DBDC-4AB3-A928-25692AF936F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{84B50EF5-4D79-4F01-8F06-D4A705D4251E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8CD6308B-E6AD-4C0D-8280-77FD2AA5FC92}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{96C26CA4-A9CA-499C-ACA8-DCC6C4A9EED4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9F73C3D1-3B94-492D-B1A6-677425EAC99C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{9FD7E7EC-227B-4AA9-8E3A-B9FB9D0E39DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{B215F44D-BA5D-45C0-BBDA-09F8A9CD1A62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{CA32A48E-D9E5-4D41-A0A0-44D337144730}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D36CB300-E99A-4C19-8758-A40DF0352424}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D911EA4F-845A-494C-BCEA-207BC6C23D35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D9149000-BD26-436B-A597-A433A5D3612B}" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe |
"{EB1A8FDE-58D2-4FEF-8E02-E5FB1626B925}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EC53FB39-619F-49BF-96DF-7FED84307672}" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\xproxy.exe |
"{ED934062-55DD-465E-AE61-7BB2BA981AF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFBF6C14-0210-4158-8671-368638C5EEE5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{F313242A-7A0B-48BD-AAA7-0CBCA94A41E0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{FE973084-6DBB-46A5-9CF9-74508C35555C}" = dir=out | app=%programfiles%\ninjalite\ninjalite\xproxy.exe |
"TCP Query User{082B2363-B05C-472A-B9EB-EE0B237011C0}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{24B784E1-1BE6-4C88-93AE-3074EF90E0E3}C:\program files\ninjalite\ninjalite\ninjali.exe" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe |
"TCP Query User{3026416A-2573-473F-B3FA-18A03EB3CB77}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"TCP Query User{72C9E958-6F61-45D4-9119-5B2E7478E275}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{04104410-7CF5-4BF5-9F82-8D8C52A48B11}C:\program files\ninjalite\ninjalite\ninjali.exe" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe |
"UDP Query User{0DD3AB43-FBE9-4714-99B2-09941B5A34AE}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{4562545F-2A36-451B-BC8F-CF476DCA808B}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
"UDP Query User{CF200E27-BC3E-4B5D-B694-DFD342A75348}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00626135-E60A-4550-9503-4F50C6C9B8BB}" = Google AdWords Editor
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite DCP-395CN
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E8FFAB1-88FA-4A8C-B611-08C2C9DD69F3}_is1" = NinjaLite 3.5.0.5
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C26E7B-0416-427A-9C43-8F374C316973}" = NodeXL Excel Template
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{8073D8BC-7651-4ADF-9219-F67DB3C49103}" = TestDriven.Net 3.0 Personal
"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BA2B90-AF72-35CF-BFDC-E06531811B20}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9DB75EBF-DC06-4574-8FF1-3955C6673B21}" = Microsoft Application Error Reporting
"{A484263A-C779-4BF2-86CD-3E62D717F5AE}" = PDF Architect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}" = Minianwendung "Desktoplinks" für Windows Small Business Server 2008
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DEB1CE7F-5821-4E1C-ADED-744F52052E4A}" = Open XML SDK 2.0 Productivity Tool for Microsoft Office
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0FBC979-7FA5-40A4-B14F-E301958D1135}" = TogglDesktop
"{EB32EEAE-974F-34A3-80ED-704D509078D2}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FEE45451-2724-45B5-98DE-0E3B659194DD}" = Microsoft Dynamics CRM 4.0 für Microsoft Office Outlook
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BTE_14_674328" = Business - Sprachkurs English
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Fiddler2" = Fiddler2
"Google Chrome" = Google Chrome
"IBP11_is1" = IBP 11.7.9
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 11.60.1185" = Opera 11.60
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Picasa 3" = Picasa 3
"PurgeIE_is1" = PurgeIE - 8.05
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WebSpider2" = Xaldon WebSpider2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-3
"xampp" = XAMPP 1.7.7
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2434262337.localhost" = BacklinkTool
"37edc5e48a7387a6" = BacklinkTool
"FF6936D70060EBAD87660736B2F5E0260107A02E" = Smrf.NodeXL.ExcelTemplate
"GoToMeeting" = GoToMeeting 5.3.0.978
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"WinDirStat" = WinDirStat 1.1.2
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.09.2012 01:58:02 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/14 07:58:02.736]: [00001056]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 14.09.2012 14:35:50 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/14 20:35:50.566]: [00001056]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 15.09.2012 03:06:43 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/15 09:06:43.813]: [00001056]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 15.09.2012 03:06:44 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/15 09:06:44.814]: [00001056]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 15.09.2012 03:45:12 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 15.09.2012 13:49:03 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/15 19:49:03.592]: [00001056]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 16.09.2012 21:54:24 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/17 03:54:24.748]: [00001056]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 16.09.2012 21:54:25 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/17 03:54:25.754]: [00001056]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 18.09.2012 09:48:27 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 20.09.2012 02:28:19 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 14.07.2012 02:48:24 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 14.07.2012 02:48:24 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 16.07.2012 01:37:43 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 16.07.2012 01:37:43 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 16.07.2012 01:37:44 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 16.07.2012 01:37:44 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.07.2012 01:35:47 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.07.2012 01:35:47 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.07.2012 01:35:48 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.07.2012 01:35:48 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-28 06:48:23
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD501LJ rev.CR100-10
Running: 9vhcvzpp.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\pwddqpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A78A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB24D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91C1E000, 0x2D5378, 0xE8000020]
.text user32.dll!DialogBoxParamW 76293B9B 5 Bytes [E9, 20, 07, A3, FF] {JMP 0xffffffffffa30725}
---- User code sections - GMER 1.0.15 ----
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[300] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Windows\system32\wininit.exe[460] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Windows\system32\services.exe[508] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Windows\system32\lsass.exe[524] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text ...
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtCreateFile + 6 77DA55CE 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtCreateFile + B 77DA55D3 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtMapViewOfSection + 6 77DA5C2E 1 Byte [28]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtMapViewOfSection + 6 77DA5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtMapViewOfSection + B 77DA5C33 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenFile + 6 77DA5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenFile + B 77DA5CE3 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcess + 6 77DA5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcess + B 77DA5D93 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcessToken + 6 77DA5D9E 4 Bytes CALL 76DA64A4 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcessToken + B 77DA5DA3 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcessTokenEx + 6 77DA5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcessTokenEx + B 77DA5DB3 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThread + 6 77DA5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThread + B 77DA5E13 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThreadToken + 6 77DA5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThreadToken + B 77DA5E23 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThreadTokenEx + 6 77DA5E2E 4 Bytes CALL 76DA6535 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThreadTokenEx + B 77DA5E33 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtQueryAttributesFile + 6 77DA5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtQueryAttributesFile + B 77DA5F43 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtQueryFullAttributesFile + 6 77DA5FEE 4 Bytes CALL 76DA66F3 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtQueryFullAttributesFile + B 77DA5FF3 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtSetInformationFile + 6 77DA663E 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtSetInformationFile + B 77DA6643 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtSetInformationThread + 6 77DA669E 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtSetInformationThread + B 77DA66A3 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtUnmapViewOfSection + 6 77DA69BE 1 Byte [68]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtUnmapViewOfSection + 6 77DA69BE 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtUnmapViewOfSection + B 77DA69C3 1 Byte [E2]
.text C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1808] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[1832] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Windows\system32\svchost.exe[1900] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1928] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text ...
.text C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe[4068] USER32.dll!SetScrollRange 76278EC5 8 Bytes JMP 003B00D9
.text C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe[4068] USER32.dll!SetScrollInfo 762848DA 8 Bytes JMP 003B0000
.text C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe[4068] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe[4068] USER32.dll!SetScrollPos 762A04BE 8 Bytes JMP 003B01CA
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4704] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Windows\system32\svchost.exe[5080] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Users\***\Desktop\9vhcvzpp.exe[5580] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text C:\Program Files\TrueCrypt\TrueCrypt.exe[5624] USER32.dll!DialogBoxParamW 76293B9B 5 Bytes JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
28.11.2012, 15:34
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Claro search im Browser und Rechner wird lahmgelegt Hallo und
__________________ Code:
ATTFilter O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = se***ta.local
Siehe => http://www.trojaner-board.de/108422-...-anfragen.html Zitat:
__________________ |
|
| Themen zu Claro search im Browser und Rechner wird lahmgelegt |
| 32 bit, 7-zip, adobe, backlink, bho, browser, browser manager, claro search trojaner, converter, defender, error, explorer, fehler, firefox, flash player, format, gmx.net, google, install.exe, intranet, launch, logfile, mozilla, ntdll.dll, object, opera, plug-in, recycle.bin, registry, rundll, scan, security, senden, server, services.exe, software, visual studio, windows |
Linear-Darstellung
