| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Malware Problem "Savenow", "Superfish" etc.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.11.2012, 19:23
| #1 | |
 |  Malware Problem "Savenow", "Superfish" etc. Hallo Cosinus und Co. ich habe ein Malwareproblem. Ständig poppen irgendwelche Werbebanner auf Seiten auf, die vorher nicht da waren und gehen mir extrem auf die Nerven. Auffällig bei Ebay u. ä. Ich habe für´s Erste ausmachen können, dass es sich um irgendwas mit Superfish und savenow handelt. Ich habe schon folgendes unternommen: Logfile von aswMBR in der neusten Version erstellt Logfile von OTL erstellt und Logfile von Kaspersky TDSSKiller. Um schon mal etwas Vorarbeit zu leisten. Es wäre nett wenn man mir mit meinem Problem helfen könnte, so dass ich den Rechner wieder frei von diesen Popups bekomme. Die Logs poste ich als Antwort hinten dran. Gruß Rene2k OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.11.2012 15:51:29 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\jassy\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,09% Memory free 4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files Drive C: | 99,17 Gb Total Space | 98,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Drive D: | 29,29 Gb Total Space | 2,65 Gb Free Space | 9,06% Space Free | Partition Type: NTFS Drive E: | 195,31 Gb Total Space | 38,51 Gb Free Space | 19,72% Space Free | Partition Type: NTFS Drive F: | 48,83 Gb Total Space | 29,49 Gb Free Space | 60,39% Space Free | Partition Type: NTFS Computer Name: JASSY-PC | User Name: jassy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\jassy\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - D:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - D:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - D:\Programme\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) PRC - D:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - D:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - D:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - D:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - D:\Windows\System32\FsUsbExService.Exe (Teruten) ========== Modules (No Company Name) ========== MOD - D:\Users\jassy\AppData\Local\Temp\CmdLineExt03.dll () MOD - D:\Programme\Mozilla Firefox\mozjs.dll () MOD - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll () MOD - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll () MOD - D:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - D:\Programme\WinRAR\RarExt.dll () MOD - D:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - D:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - D:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - D:\Programme\Common Files\LightScribe\QtCore4.dll () ========== Services (SafeList) ========== SRV - (AVP) -- D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- D:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- D:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (nosGetPlusHelper) -- D:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (WMPNetworkSvc) -- D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (FsUsbExService) -- D:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (osppsvc) -- D:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- D:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (Lavasoft Kernexplorer) -- D:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (esgiguard) -- D:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV - (KLIF) -- D:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kltdi) -- D:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (klmouflt) -- D:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- D:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (kneps) -- D:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- D:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl1) -- D:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (dtsoftbus01) -- D:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (synasusb) -- D:\Windows\System32\drivers\synasusb.sys (Steinberg Media Technologies GmbH) DRV - (NBVol) -- D:\Windows\System32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- D:\Windows\System32\drivers\NBVolUp.sys (Nero AG) DRV - (yukonw7) -- D:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (vmbus) -- D:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- D:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- D:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- D:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- D:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (FsUsbExDisk) -- D:\Windows\System32\FsUsbExDisk.Sys () DRV - (sscdmdm) -- D:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) -- D:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- D:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (npf) -- D:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (ZTEusbnet) -- D:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- D:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- D:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- D:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- D:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- D:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (nvlddmkm) -- D:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (MTsensor) -- D:\Windows\System32\drivers\ASACPI.sys () DRV - (EL90x) -- D:\Windows\System32\drivers\el90xnd5.SYS (3Com Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 85 8F 6B 09 CF CC 01 [binary data] IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: {5556F97E-11A5-46b0-9082-32AD74AAA920}:0.4.2.2 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: D:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: D:\Program Files\TabletPlugins\npWacomTabletPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: D:\Program Files\RelevantKnowledge FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.11.15 18:08:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.11.15 18:08:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.11.15 18:07:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.10.27 17:03:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.11.05 16:42:28 | 000,000,000 | ---D | M] [2010.12.30 20:53:04 | 000,000,000 | ---D | M] (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\Extensions [2012.10.23 15:40:37 | 000,000,000 | ---D | M] (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\Firefox\Profiles\mgkh1cgk.default\extensions [2005.12.31 23:03:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- D:\Users\jassy\AppData\Roaming\mozilla\Firefox\Profiles\mgkh1cgk.default\extensions\ich@maltegoetz.de [2012.09.30 16:13:17 | 000,005,366 | ---- | M] () (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\firefox\profiles\mgkh1cgk.default\extensions\5068628db30aa@5068628db30e3.com.xpi [2012.05.03 19:48:40 | 000,617,362 | ---- | M] () (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\firefox\profiles\mgkh1cgk.default\extensions\check4change-owner@mozdev.org.xpi [2012.05.03 19:50:04 | 000,017,424 | ---- | M] () (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\firefox\profiles\mgkh1cgk.default\extensions\{5556F97E-11A5-46b0-9082-32AD74AAA920}.xpi [2012.11.05 16:42:30 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions [2012.11.05 16:42:31 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.11.05 16:42:31 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.27 17:03:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.08 22:53:57 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 22:53:57 | 000,002,465 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.08 22:53:57 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.08 22:53:57 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.08 22:53:57 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.08 22:53:57 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001..\Run: [AutoStartNPSAgent] D:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: Download with x-iphone-magic-platinum - e:\Program Files\Xilisoft\iPhone Magic Platinum\upod_link.HTM File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{823824DA-57F2-4255-A40A-66CDC30F96AC}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{10744ca0-9f79-11e0-89e6-0018f39e5c26}\Shell - "" = AutoRun O33 - MountPoints2\{10744ca0-9f79-11e0-89e6-0018f39e5c26}\Shell\AutoRun\command - "" = I:\MI.exe O33 - MountPoints2\{3e7b3e32-fbb5-11e0-b47b-0018f39e5c26}\Shell - "" = AutoRun O33 - MountPoints2\{3e7b3e32-fbb5-11e0-b47b-0018f39e5c26}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b6fca78f-81b1-11e1-b976-0018f39e5c26}\Shell - "" = AutoRun O33 - MountPoints2\{b6fca78f-81b1-11e1-b976-0018f39e5c26}\Shell\AutoRun\command - "" = H:\Spielen!.exe O33 - MountPoints2\{c0bd3c5b-f36d-11e1-b35f-0018f39e5c26}\Shell - "" = AutoRun O33 - MountPoints2\{c0bd3c5b-f36d-11e1-b35f-0018f39e5c26}\Shell\AutoRun\command - "" = I:\Spielen!.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.28 15:50:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\jassy\Desktop\OTL.exe [2012.11.28 15:35:58 | 004,732,416 | ---- | C] (AVAST Software) -- D:\Users\jassy\Desktop\aswMBR.exe [2012.11.28 09:55:28 | 001,700,352 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdiplus.dll [2012.11.28 06:22:58 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A08F429C-8CAE-4402-AE93-F7B5F7BA472B} [2012.11.27 17:01:18 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{ABFB6E7E-6E2A-4AFB-852E-6EA4E875B44B} [2012.11.26 21:19:28 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A4133C7F-0597-4566-9E71-87AC78C4C90E} [2012.11.26 21:15:42 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{B6E71553-61F5-4796-9F52-2E2D927E094D} [2012.11.26 06:54:16 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{21211D5B-2415-4F64-B1EC-2D1BC11E036A} [2012.11.25 21:53:11 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaveLab 6 [2012.11.25 12:13:10 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{1078A8D6-BE37-4AAC-89FE-F35A2F313059} [2012.11.25 00:12:48 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{7C85C0D9-8942-4BF7-B159-37140851C17C} [2012.11.24 13:30:07 | 000,000,000 | ---D | C] -- D:\Users\jassy\Documents\Cubase Projects [2012.11.24 13:29:21 | 000,000,000 | ---D | C] -- D:\Users\jassy\Documents\VST3 Presets [2012.11.24 13:24:25 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Roaming\Steinberg [2012.11.24 11:30:02 | 000,000,000 | ---D | C] -- D:\ProgramData\Syncrosoft [2012.11.24 11:30:01 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\eLicenser [2012.11.24 11:23:57 | 000,000,000 | ---D | C] -- D:\Program Files\Syncrosoft [2012.11.24 11:23:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser [2012.11.24 11:23:57 | 000,000,000 | ---D | C] -- D:\ProgramData\eLicenser [2012.11.24 11:23:57 | 000,000,000 | ---D | C] -- D:\Program Files\eLicenser [2012.11.24 11:23:56 | 000,023,696 | ---- | C] (Steinberg Media Technologies GmbH) -- D:\Windows\System32\drivers\synasusb.sys [2012.11.24 11:23:54 | 001,277,952 | ---- | C] (Steinberg Media Technologies GmbH) -- D:\Windows\System32\SYNSOACC.dll [2012.11.24 10:27:00 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{47A9EE81-FB51-475F-B662-15AC8E3628C9} [2012.11.23 17:53:25 | 000,000,000 | ---D | C] -- D:\Users\jassy\Desktop\Vorschüler2012 [2012.11.23 17:52:04 | 000,000,000 | ---D | C] -- D:\Users\jassy\Desktop\Laternernfest [2012.11.23 07:41:25 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{1B4F30EE-7F1C-4500-90B2-EB92466AC4AE} [2012.11.22 16:20:55 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{BD0E115B-143D-43CA-A7BD-1E3A727375D4} [2012.11.21 22:36:55 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{EF4BDA4E-B482-4B15-B73F-BDF47BB12197} [2012.11.20 20:46:09 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{6244602F-92AF-4F38-BE54-2AE1680B03C4} [2012.11.20 06:57:42 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{73262E6C-4207-4A4B-B81F-F1DD18EB7915} [2012.11.19 06:58:10 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{23E65F53-B660-476E-9472-2EAF2741A087} [2012.11.18 12:53:49 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{664A8B86-8A6C-48BB-90C1-093D6D55C1BF} [2012.11.18 01:54:46 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{50DFEA26-7FDC-4933-9BB0-BF11C6E1BFA6} [2012.11.17 10:25:26 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{043EFC98-260F-4B44-A8AB-2B2189C38F63} [2012.11.16 16:07:14 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{CB6A2087-2714-47D4-88C8-1282A39ACF0A} [2012.11.15 21:08:07 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{8F68C922-C0C4-4CE0-BD0F-742B740B3B5D} [2012.11.15 20:38:50 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A2509A78-69D6-4FF9-8B16-F01E3734E8CC} [2012.11.15 20:34:27 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{FBFB0D01-31C2-4312-91C1-0A01B898792E} [2012.11.15 18:17:09 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{23938030-20A9-4EBD-B235-948A04D051D4} [2012.11.15 18:08:46 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013 [2012.11.15 18:07:48 | 000,000,000 | ---D | C] -- D:\Windows\ELAMBKUP [2012.11.15 18:07:43 | 000,000,000 | ---D | C] -- D:\ProgramData\Kaspersky Lab [2012.11.15 18:07:43 | 000,000,000 | ---D | C] -- D:\Program Files\Kaspersky Lab [2012.11.15 18:07:27 | 000,589,144 | ---- | C] (Kaspersky Lab) -- D:\Windows\System32\drivers\klif.sys [2012.11.15 18:07:27 | 000,075,096 | ---- | C] (Kaspersky Lab) -- D:\Windows\System32\drivers\klflt.sys [2012.11.15 18:04:18 | 154,892,968 | ---- | C] (Kaspersky Lab) -- D:\Users\jassy\Desktop\kav13.0.1.4190de-de.exe [2012.11.15 17:55:08 | 000,000,000 | ---D | C] -- D:\ProgramData\ESET [2012.11.15 17:42:09 | 000,000,000 | ---D | C] -- D:\Program Files\ESET [2012.11.14 19:28:50 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{9E93C389-2E29-415B-AB05-BEA5BBA4726A} [2012.11.14 07:19:21 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{D6BD75D9-1FBD-4E21-9311-E694F8AC8FCA} [2012.11.13 15:17:39 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{3337975E-3F63-45F0-A2D5-CCFA73FDEE17} [2012.11.13 07:49:34 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{84DB77EA-0AF6-4866-936B-17A7DE9CBC78} [2012.11.12 19:47:14 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{5F0D3733-95EA-4548-843B-C33767912AF5} [2012.11.12 06:58:21 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{70B94035-2937-4760-9417-ED7E89B23230} [2012.11.11 11:40:55 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{618C4B9A-4457-4A97-84B1-133BA2447099} [2012.11.10 12:28:01 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{6C147379-2190-481C-937A-68B5DFA0A6BB} [2012.11.09 18:58:05 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{18154E4E-437D-4EC3-9E6A-45EB0A067865} [2012.11.09 06:57:30 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{49317958-5BE9-458A-927F-4A0655EC647C} [2012.11.08 16:24:23 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{59464356-F718-4294-8A33-B69E27D04E38} [2012.11.08 16:09:34 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{DEC28E44-3B4E-41E4-BAB8-D13FC057F389} [2012.11.07 19:54:26 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{500D955E-EF67-45EC-A0E5-3ECA72A1545D} [2012.11.06 19:54:51 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{42C66EF4-FA60-4A7A-9B41-ECC4C2ADCD30} [2012.11.06 07:13:11 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{D515D0FD-5E7E-47C3-8DCC-96BB5F4792EA} [2012.11.05 16:42:28 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\npdeployJava1.dll [2012.11.05 16:42:28 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe [2012.11.05 16:42:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe [2012.11.05 16:42:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe [2012.11.05 15:52:46 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{12421273-E30B-4294-9F05-5844E3F0FB1A} [2012.11.04 23:01:17 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{5486901E-30B1-4376-B820-70D83C6AF4C9} [2012.11.04 11:00:55 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{DA81A3C1-7FDF-4715-A444-03B2E496679D} [2012.11.03 23:00:21 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{29B668F7-2629-41B4-9B8F-5201628E6D51} [2012.11.03 10:59:59 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A04F793E-933A-4D32-BFA5-30BAC577A572} [2012.11.03 00:49:13 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{B2FC2967-C682-4A52-94D1-940F65DA3820} [2012.11.02 06:55:29 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{5629B566-135D-434A-A2B9-C8E60BF3DA55} [2012.11.01 16:17:22 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{C167BDB0-ACA1-4702-81CD-DAE2E426B1D6} [2012.11.01 07:25:25 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{8266D02B-D536-486E-81E1-B44F3A86B720} [2012.10.31 19:15:41 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A88BC713-E23D-44A6-85D0-8D4360D0C3E9} [2012.10.31 07:15:27 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{29C4D0F9-F124-4F3B-9C99-525D2DAEE92C} [2012.10.30 18:49:07 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{474BDA8D-B7E9-4F9D-97FE-76C0E8BE1790} [2012.10.30 06:48:45 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{2CCBEE97-C0AF-4809-8AB6-6DAFAA4154D2} ========== Files - Modified Within 30 Days ========== [2012.11.28 15:50:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\jassy\Desktop\OTL.exe [2012.11.28 15:48:07 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2012.11.28 15:48:04 | 1609,474,048 | -HS- | M] () -- D:\hiberfil.sys [2012.11.28 15:45:25 | 000,480,125 | ---- | M] () -- D:\Users\jassy\Desktop\adwcleaner.exe [2012.11.28 15:36:33 | 004,732,416 | ---- | M] (AVAST Software) -- D:\Users\jassy\Desktop\aswMBR.exe [2012.11.28 15:07:05 | 000,014,960 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 15:07:05 | 000,014,960 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 09:55:28 | 001,700,352 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\gdiplus.dll [2012.11.26 07:05:17 | 000,653,986 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2012.11.26 07:05:17 | 000,615,868 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2012.11.26 07:05:17 | 000,129,858 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2012.11.26 07:05:17 | 000,106,248 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2012.11.25 21:53:11 | 000,000,731 | ---- | M] () -- D:\Users\Public\Desktop\WaveLab 6.lnk [2012.11.24 13:24:24 | 000,002,892 | ---- | M] () -- D:\Windows\System32\audcon.sys [2012.11.24 11:23:58 | 000,000,045 | ---- | M] () -- D:\Windows\System32\SYNSOPOS.exe.cfg [2012.11.23 17:57:50 | 000,388,768 | ---- | M] () -- D:\Users\jassy\Desktop\StarFM.jpg [2012.11.23 17:56:09 | 001,544,355 | ---- | M] () -- D:\Users\jassy\Desktop\DSCF5067.JPG [2012.11.16 07:14:23 | 000,589,144 | ---- | M] (Kaspersky Lab) -- D:\Windows\System32\drivers\klif.sys [2012.11.16 07:14:23 | 000,043,608 | ---- | M] (Kaspersky Lab) -- D:\Windows\System32\drivers\kltdi.sys [2012.11.16 07:14:23 | 000,025,944 | ---- | M] (Kaspersky Lab) -- D:\Windows\System32\drivers\klmouflt.sys [2012.11.16 07:14:23 | 000,025,944 | ---- | M] (Kaspersky Lab) -- D:\Windows\System32\drivers\klkbdflt.sys [2012.11.15 18:08:30 | 000,001,081 | ---- | M] () -- D:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk [2012.11.15 18:06:30 | 154,892,968 | ---- | M] (Kaspersky Lab) -- D:\Users\jassy\Desktop\kav13.0.1.4190de-de.exe [2012.11.05 16:42:22 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe [2012.11.05 16:42:22 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe [2012.11.05 16:42:22 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe [2012.11.05 16:42:21 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\npdeployJava1.dll [2012.11.05 16:42:21 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\deployJava1.dll ========== Files Created - No Company Name ========== [2012.11.28 15:45:23 | 000,480,125 | ---- | C] () -- D:\Users\jassy\Desktop\adwcleaner.exe [2012.11.25 21:53:11 | 000,000,731 | ---- | C] () -- D:\Users\Public\Desktop\WaveLab 6.lnk [2012.11.24 13:24:24 | 000,002,892 | ---- | C] () -- D:\Windows\System32\audcon.sys [2012.11.24 11:23:53 | 000,086,016 | ---- | C] () -- D:\Windows\System32\SYNSOPOS.exe [2012.11.24 11:23:53 | 000,000,045 | ---- | C] () -- D:\Windows\System32\SYNSOPOS.exe.cfg [2012.11.23 17:57:50 | 000,388,768 | ---- | C] () -- D:\Users\jassy\Desktop\StarFM.jpg [2012.11.23 17:56:09 | 001,544,355 | ---- | C] () -- D:\Users\jassy\Desktop\DSCF5067.JPG [2012.11.15 18:08:46 | 000,001,081 | ---- | C] () -- D:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk [2012.05.21 19:51:45 | 000,000,041 | -HS- | C] () -- D:\ProgramData\.zreglib [2012.05.19 15:13:49 | 000,017,408 | ---- | C] () -- D:\Users\jassy\AppData\Local\WebpageIcons.db [2012.05.18 17:27:11 | 000,000,166 | ---- | C] () -- D:\Users\jassy\defogger_reenable [2012.05.18 15:22:00 | 000,032,768 | ---- | C] () -- D:\Windows\System32\drivers\sp_rsdrv2.sys [2012.03.11 16:02:49 | 000,444,283 | ---- | C] () -- D:\Program Files\Common Files\WinPcapNmap.exe [2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- D:\Windows\System32\abgx360.exe [2011.12.29 19:55:09 | 000,000,600 | ---- | C] () -- D:\Users\jassy\AppData\Roaming\winscp.rnd [2011.12.29 19:43:07 | 000,180,224 | ---- | C] () -- D:\Windows\System32\QTCF.dll [2011.11.23 14:14:53 | 000,116,172 | -H-- | C] () -- D:\Windows\System32\mlfcache.dat [2011.11.15 19:33:23 | 000,000,112 | ---- | C] () -- D:\Windows\ActiveSkin.INI [2011.06.07 06:31:12 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe [2011.05.21 17:24:39 | 000,005,120 | ---- | C] () -- D:\Users\jassy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.08 19:05:52 | 000,110,592 | ---- | C] () -- D:\Windows\System32\FsUsbExDevice.Dll [2011.01.08 19:05:52 | 000,036,608 | ---- | C] () -- D:\Windows\System32\FsUsbExDisk.Sys ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.27 18:21:22 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\abgx360 [2012.05.13 13:55:11 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Ashampoo [2010.12.31 12:14:25 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\AVG10 [2012.04.08 20:38:22 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\DAEMON Tools Pro [2011.11.06 12:23:50 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\elsterformular [2012.11.28 15:25:00 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\foobar2000 [2011.10.28 17:24:20 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\GetRightToGo [2012.05.08 21:13:54 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\ICQ [2012.05.06 15:58:15 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\ICQ Search [2012.05.21 23:36:24 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\ImgBurn [2012.03.19 16:41:42 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\iPhoneRingToneMaker [2011.03.07 19:03:05 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\IrfanView [2012.03.18 21:27:34 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\ML [2011.12.29 17:33:08 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\redsn0w [2012.03.19 16:41:30 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Ringtone Expressions [2011.06.26 00:59:47 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Samsung [2011.10.29 11:22:30 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\SharePod [2011.10.29 11:53:35 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Software4u [2012.11.24 13:29:18 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Steinberg [2012.05.18 05:37:06 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\TeamViewer [2012.02.12 15:29:52 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Toontrack [2012.05.06 11:24:59 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Trillian [2012.09.16 15:04:00 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\TuneUp Software [2012.11.28 10:44:51 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\uTorrent [2012.09.29 13:41:39 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\VDownloader [2011.10.21 08:23:39 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Vodafone [2011.12.25 14:39:23 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Waves Audio [2010.12.30 21:24:31 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Windows Live Writer [2011.11.23 15:16:40 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\WindSolutions [2011.11.12 16:50:31 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Xilisoft ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [D:\Windows\$NtUninstallKB10476$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> D:\ProgramData\TEMP:D57FAB99 @Alternate Data Stream - 24 bytes -> D:\Windows:DD11F150341F7A44 < End of report > OTL LOG (Extras) OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.11.2012 15:51:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\jassy\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,09% Memory free
4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 99,17 Gb Total Space | 98,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 2,65 Gb Free Space | 9,06% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 38,51 Gb Free Space | 19,72% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 29,49 Gb Free Space | 60,39% Space Free | Partition Type: NTFS
Computer Name: JASSY-PC | User Name: jassy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07717C9F-D55A-422F-81C0-D161540087E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0CE905EA-B5D5-4DAA-91DE-C7B5960CCC71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12311EE6-8A81-466E-AEE6-5DC13A789AE3}" = lport=138 | protocol=17 | dir=in | app=system |
"{2A73828E-0E49-4891-8DC3-E25AE0CA90D6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{39D54039-91F9-4FB1-A971-76F936AFFFFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{410A93B2-DFDD-4F63-B708-1B8BC253F5CC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{45C0BED5-6C8D-4F64-BED4-4A2628E5E1B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50EBA498-3329-4151-9EC5-3821429C262F}" = lport=445 | protocol=6 | dir=in | app=system |
"{65FCDFC4-81A1-4457-B4FB-B79C17B1DB5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6AF09732-460A-453A-8692-F4DF3B838F58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74232ADC-9974-40EC-B1BB-4F9ED8145F01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77A4B1AC-6045-4629-86F8-1584FF8A888E}" = lport=137 | protocol=17 | dir=in | app=system |
"{78EE665E-0FB0-4197-B721-D0169AFE0417}" = rport=445 | protocol=6 | dir=out | app=system |
"{7B5AE88B-9996-4ACD-AE15-945C68E8817D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8CA78E57-5C47-45A2-AF29-505743034D7D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9B0F51E8-022C-401B-BC93-1316C0D1E068}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB7CE37C-36F5-44FE-82BF-E2A3DE69C598}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AEA0C4F7-50B9-42AC-B4E1-0B547F203313}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CBA9D226-C620-4BF6-8FEA-FD8D3020FF46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CF042379-8B7A-4BAA-930F-FFF3C3245A9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0588EC2-637C-4EF4-A2C2-746B1BD91505}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D41CC054-A1E3-4D2B-9404-B1AD971E2088}" = rport=139 | protocol=6 | dir=out | app=system |
"{D4318D9F-1E27-40F7-B33B-B3D96E67543B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E5A240DC-FF70-45FE-B519-1C3CB1A29574}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F4B15C42-0E3B-41CB-AF1F-2717FA433808}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0137A356-25C9-44A1-8345-95F2C25C345B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{023EC407-743B-4EC8-B0F6-86D82AE61DCB}" = protocol=6 | dir=in | app=d:\program files\avg\avg10\avgemcx.exe |
"{07945EC0-72EC-4EBD-8CDA-F0A53635662A}" = dir=in | app=d:\program files\windows live\contacts\wlcomm.exe |
"{098C4057-FB67-454D-B901-5BF07C75A43B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0A5ECC65-3379-4D4B-8A3D-59E7B5530655}" = protocol=6 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe |
"{1C4F6158-CE80-4644-97BC-1833F34A2131}" = protocol=17 | dir=in | app=e:\program files\icq7.7\icq.exe |
"{1F26AB33-1CAB-4C1E-AC11-ADD3EE9B7091}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1F4F08AC-0DAE-4D9E-BBA4-35E9C3399C09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FB0FCC8-335C-4BA5-97D6-127E2421D97A}" = protocol=17 | dir=in | app=d:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{20D257C5-CC9F-48B0-94CF-4BE3373B991E}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{2F556AD7-8E9C-4BFB-A4E8-69552B6FEBA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37CFE9D7-5A27-4FC2-9F64-E6191A3413E2}" = protocol=6 | dir=in | app=d:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{3F252745-E188-49D0-BDF6-4773DA245098}" = protocol=17 | dir=in | app=d:\program files\avg\avg10\avgmfapx.exe |
"{5653324E-B406-439D-AED4-D36E0985B551}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59BAFB27-118B-4807-B5DD-F55D7E1EE662}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F4D7A42-49C8-4EB8-853B-605EAB069331}" = protocol=6 | dir=in | app=d:\program files\avg\avg10\avgdiagex.exe |
"{61AB4B86-1474-46DD-B9CC-631001729C0D}" = protocol=6 | dir=in | app=d:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{67CC4664-ECEB-4786-BF4B-3C1CAF8D3B8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6902D4E0-B3F7-48C4-9C9C-0775909BC524}" = protocol=6 | dir=out | app=system |
"{746749F3-9637-4B35-8F2C-BA4170E06F20}" = protocol=17 | dir=in | app=d:\program files\avg\avg10\avgnsx.exe |
"{75F88B5F-30A4-41B4-BE27-A5B608154EE6}" = dir=in | app=d:\program files\windows live\messenger\msnmsgr.exe |
"{7AC74404-4315-4CF5-B67F-5DD0CE655D77}" = dir=in | app=d:\program files\itunes\itunes.exe |
"{8AD25EB4-006B-4117-ADFD-2C02C957291B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{92070982-0F02-4383-AF09-F3DE6AE28ED7}" = protocol=6 | dir=in | app=d:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{93F1B8BE-769C-478B-972D-B963BF070D33}" = protocol=17 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe |
"{9754FA70-2AA0-4D84-8933-9F0DAAC3471F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A9812A0A-4196-4484-A5E6-7DBC943FD5C9}" = protocol=6 | dir=in | app=d:\program files\avg\avg10\avgnsx.exe |
"{AD4BED08-8F4C-405C-94CD-0518CF7D9DDE}" = protocol=17 | dir=in | app=d:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{B515A076-CD74-451E-893E-EB4A395B5D49}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{C024CD66-1380-4081-A7FD-50F6895A067F}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe |
"{C3631E62-6C53-4B4C-9692-612D14A0A4A3}" = protocol=17 | dir=in | app=d:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{C874BA7E-3EFB-4BD4-B064-6C41C3425868}" = protocol=17 | dir=in | app=d:\program files\avg\avg10\avgdiagex.exe |
"{CB12B7EA-833D-4E52-9080-F8811F8B8758}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEBC46DB-EBE6-434F-9488-B6DCF11931A2}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{D4804B16-417E-4A4D-814C-948E8149668F}" = protocol=6 | dir=in | app=e:\program files\icq7.7\icq.exe |
"{D4F33C37-5543-4818-9E63-3D551AAB153F}" = protocol=6 | dir=in | app=d:\program files\avg\avg10\avgmfapx.exe |
"{D6789CFA-6B6C-4A32-A42E-089E103FD48D}" = protocol=17 | dir=in | app=e:\program files\icq7.7\icq.exe |
"{D9398908-836A-42C7-A702-70D853347473}" = dir=in | app=d:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DD80E2BC-6F1F-49AF-B96E-F085CDFED4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEC84AF7-F6A8-41C9-99FC-A418368679A4}" = protocol=6 | dir=in | app=e:\program files\icq7.7\icq.exe |
"{DF99BC9A-F2FF-4E3D-8B33-ACA373A5DF40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F729E2F7-5902-4301-8506-8E6BC64ACA36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCF22E38-A6C3-47DD-8D2B-347755AF14F7}" = protocol=17 | dir=in | app=d:\program files\avg\avg10\avgemcx.exe |
"{FD699C03-A19F-4E7A-943A-B9CE49986F85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{56D5A411-CCFC-4FE2-9DA3-045BD3AC5202}E:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\program files\mirc\mirc.exe |
"TCP Query User{82FD93C4-7BD1-4161-9C27-D2777F8FD674}D:\program files\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=d:\program files\relevantknowledge\rlvknlg.exe |
"UDP Query User{48760FF8-8E02-4C0F-A2CD-7CF9B48AC0D4}D:\program files\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=d:\program files\relevantknowledge\rlvknlg.exe |
"UDP Query User{947B8E62-F8E7-4A3A-ACE0-542DD8AFF848}E:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\program files\mirc\mirc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.990
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"abgx360" = abgx360 v1.0.6
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012 CBE_is1" = Ashampoo Burning Studio 2012 CBE v.11.0.4
"AudibleDownloadManager" = Audible Download Manager
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon My Printer
"DAEMON Tools Pro" = DAEMON Tools Pro
"eLicenser Control" = eLicenser Control
"foobar2000" = foobar2000 v1.1.1
"ImgBurn" = ImgBurn
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WaveLabPro" = WaveLab 6
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YDKJG" = YOU DON'T KNOW JACK®
"YDKJG3" = YOU DON'T KNOW JACK® 3 - Abwärts!
"YOU DON'T KNOW JACK® 2" = YOU DON'T KNOW JACK® 2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.01.2006 03:24:46 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.01.2006 03:24:46 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.01.2006 03:24:46 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.01.2006 03:24:46 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.01.2006 03:24:47 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.01.2006 03:24:47 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.01.2006 03:29:11 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 16.06.2012 08:57:11 | Computer Name = jassy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.2.45,
Zeitstempel: 0x4f02e382 Name des fehlerhaften Moduls: RdLang_weblink.DEU, Version:
10.1.2.45, Zeitstempel: 0x4f02fa66 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00005617
ID
des fehlerhaften Prozesses: 0x500 Startzeit der fehlerhaften Anwendung: 0x01cd4bbedc294444
Pfad
der fehlerhaften Anwendung: D:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
des fehlerhaften Moduls: D:\Users\jassy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
Berichtskennung:
c9388072-b7b2-11e1-a769-0018f39e5c26
Error - 16.06.2012 12:28:19 | Computer Name = jassy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.2.45,
Zeitstempel: 0x4f02e382 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x01d65617 ID des fehlerhaften
Prozesses: 0xf48 Startzeit der fehlerhaften Anwendung: 0x01cd4bdcebd78f5d Pfad der
fehlerhaften Anwendung: D:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 48299153-b7d0-11e1-a769-0018f39e5c26
Error - 19.06.2012 16:02:47 | Computer Name = jassy-PC | Source = VSS | ID = 13
Description =
Error - 19.06.2012 16:02:47 | Computer Name = jassy-PC | Source = VSS | ID = 8193
Description =
[ Media Center Events ]
Error - 21.10.2011 05:09:15 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 11:09:15 - Fehler beim Herstellen der Internetverbindung. 11:09:15
- Serververbindung konnte nicht hergestellt werden..
Error - 21.10.2011 08:15:00 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 14:14:59 - Fehler beim Herstellen der Internetverbindung. 14:15:00
- Serververbindung konnte nicht hergestellt werden..
Error - 21.10.2011 09:39:56 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 15:39:56 - Fehler beim Herstellen der Internetverbindung. 15:39:56
- Serververbindung konnte nicht hergestellt werden..
Error - 21.10.2011 11:33:24 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 17:33:24 - Fehler beim Herstellen der Internetverbindung. 17:33:24
- Serververbindung konnte nicht hergestellt werden..
Error - 21.10.2011 12:33:36 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 18:33:36 - Fehler beim Herstellen der Internetverbindung. 18:33:36
- Serververbindung konnte nicht hergestellt werden..
Error - 22.10.2011 11:15:37 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 17:15:37 - Fehler beim Herstellen der Internetverbindung. 17:15:37
- Serververbindung konnte nicht hergestellt werden..
Error - 23.10.2011 14:35:22 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 20:35:22 - Fehler beim Herstellen der Internetverbindung. 20:35:22
- Serververbindung konnte nicht hergestellt werden..
Error - 24.10.2011 01:11:44 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 07:11:44 - Fehler beim Herstellen der Internetverbindung. 07:11:44
- Serververbindung konnte nicht hergestellt werden..
Error - 25.10.2011 10:54:44 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 16:54:44 - Fehler beim Herstellen der Internetverbindung. 16:54:44
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 28.11.2012 10:00:22 | Computer Name = jassy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 28.11.2012 10:00:22 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 28.11.2012 10:48:11 | Computer Name = jassy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 28.11.2012 10:48:11 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 28.11.2012 10:48:12 | Computer Name = jassy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 28.11.2012 10:48:14 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 28.11.2012 10:48:14 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 28.11.2012 10:48:16 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd luafv
Error - 28.11.2012 10:48:18 | Computer Name = jassy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 28.11.2012 10:48:30 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
aswMBR LOGFILE: Zitat:
|
|
28.11.2012, 19:32
| #2 | |
| | Malware Problem "Savenow", "Superfish" etc. TDSSKiller LOGFILE:
__________________Zitat:
|
|
28.11.2012, 19:36
| #3 | |
| /// TB-Ausbilder  | Malware Problem "Savenow", "Superfish" etc. Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Schritt 3: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
28.11.2012, 19:40
| #4 | ||
| | Malware Problem "Savenow", "Superfish" etc. Hey, super,dass du mir helfen möchtest. Vielen Dank dafür. Das erste Logfile kommt: Zitat:
Zitat:
Code:
ATTFilter Adware cleaner angewandt und anschließend auf "löschen"geklickt DDS.txt DDS Logfile: --- --- --- |
|
28.11.2012, 19:59
| #5 | ||
| /// TB-Ausbilder | Malware Problem "Savenow", "Superfish" etc. Gut, dann bitte Combofix ausführen: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.11.2012, 17:04
| #6 |
| | Malware Problem "Savenow", "Superfish" etc. Hey rider, erstmal danke für deine Mühe. Leider muss ich dir mitteilen, dass combofix nach über 2h immer noch gesucht hat und der Rechner eingefroren war. - konnte den nicht mal mehr runterfahren. Hast du nen Plan B oder ist das mit der langen Zeit normal? Weil in diesem Window stand was von 10Min. bis zum Log oder doppelte Zeit bei großer Infizierung. Gruß René |
|
29.11.2012, 17:08
| #7 |
| /// TB-Ausbilder | Malware Problem "Savenow", "Superfish" etc. Bitte probiere es dann alternativ so zu starten: Windowstaste + R > combofix /nombr > OK
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.11.2012, 18:40
| #8 |
| | Malware Problem "Savenow", "Superfish" etc. Hey ryder, der Befehl hat es gebracht....hat funktioniert. Combofix hat was von rootkit.zero-access gelabert.... Hier das LOG-File vom Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 12-11-29.02 - jassy 29.11.2012 18:19:47.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.1328 [GMT 1:00]
ausgeführt von:: d:\users\jassy\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: /nombr
AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\users\jassy\AppData\Roaming\Help\coredb\storage
d:\users\jassy\Desktop\Setup.exe
d:\windows\$NtUninstallKB10476$
E:\eXplorer.exe
E:\WiNlOgOn.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-28 bis 2012-11-29 ))))))))))))))))))))))))))))))
.
.
2012-11-29 17:29 . 2012-11-29 17:33 -------- d-----w- d:\users\jassy\AppData\Local\temp
2012-11-29 17:29 . 2012-11-29 17:29 -------- d-----w- d:\users\Default\AppData\Local\temp
2012-11-29 06:25 . 2012-07-26 03:39 526952 ----a-w- d:\windows\system32\drivers\Wdf01000.sys
2012-11-29 06:25 . 2012-07-26 03:39 47720 ----a-w- d:\windows\system32\drivers\WdfLdr.sys
2012-11-29 06:25 . 2012-07-26 02:46 9728 ----a-w- d:\windows\system32\Wdfres.dll
2012-11-29 06:25 . 2012-07-26 02:33 66560 ----a-w- d:\windows\system32\drivers\WUDFPf.sys
2012-11-29 06:25 . 2012-07-26 02:32 155136 ----a-w- d:\windows\system32\drivers\WUDFRd.sys
2012-11-29 06:25 . 2012-07-26 03:20 73216 ----a-w- d:\windows\system32\WUDFSvc.dll
2012-11-29 06:25 . 2012-07-26 03:20 172032 ----a-w- d:\windows\system32\WUDFPlatform.dll
2012-11-29 06:25 . 2012-07-26 03:21 196608 ----a-w- d:\windows\system32\WUDFHost.exe
2012-11-29 06:25 . 2012-07-26 03:20 613888 ----a-w- d:\windows\system32\WUDFx.dll
2012-11-29 06:25 . 2012-07-26 03:20 38912 ----a-w- d:\windows\system32\WUDFCoinstaller.dll
2012-11-28 20:26 . 2012-11-19 00:04 6812136 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{E53603FB-1286-4CAF-9049-A8947D489E8D}\mpengine.dll
2012-11-28 20:19 . 2012-06-02 22:19 53784 ----a-w- d:\windows\system32\wuauclt.exe
2012-11-28 20:19 . 2012-06-02 22:19 45080 ----a-w- d:\windows\system32\wups2.dll
2012-11-28 20:19 . 2012-06-02 22:19 1933848 ----a-w- d:\windows\system32\wuaueng.dll
2012-11-28 20:19 . 2012-06-02 22:12 2422272 ----a-w- d:\windows\system32\wucltux.dll
2012-11-28 20:19 . 2012-06-02 22:19 35864 ----a-w- d:\windows\system32\wups.dll
2012-11-28 20:19 . 2012-06-02 22:19 577048 ----a-w- d:\windows\system32\wuapi.dll
2012-11-28 20:19 . 2012-06-02 22:12 88576 ----a-w- d:\windows\system32\wudriver.dll
2012-11-28 20:18 . 2012-06-02 14:19 171904 ----a-w- d:\windows\system32\wuwebv.dll
2012-11-28 20:18 . 2012-06-02 14:12 33792 ----a-w- d:\windows\system32\wuapp.exe
2012-11-28 08:55 . 2012-11-28 08:55 1700352 ----a-w- d:\windows\system32\gdiplus.dll
2012-11-24 12:24 . 2012-11-24 12:29 -------- d-----w- d:\users\jassy\AppData\Roaming\Steinberg
2012-11-24 12:24 . 2012-11-24 12:24 2892 ----a-w- d:\windows\system32\audcon.sys
2012-11-24 10:30 . 2012-11-24 12:24 -------- d-----w- d:\programdata\Syncrosoft
2012-11-24 10:30 . 2012-11-24 10:30 -------- d-----w- d:\users\jassy\AppData\Local\eLicenser
2012-11-24 10:23 . 2012-11-24 10:30 -------- d-----w- d:\programdata\eLicenser
2012-11-24 10:23 . 2012-11-24 10:30 -------- d-----w- d:\program files\eLicenser
2012-11-24 10:23 . 2012-11-24 10:23 -------- d-----w- d:\program files\Syncrosoft
2012-11-24 10:23 . 2011-12-14 19:22 23696 ----a-w- d:\windows\system32\drivers\synasusb.sys
2012-11-24 10:23 . 2012-10-25 16:30 1277952 ----a-w- d:\windows\system32\SYNSOACC.dll
2012-11-24 10:23 . 2011-12-14 19:21 86016 ----a-w- d:\windows\system32\SYNSOPOS.exe
2012-11-15 17:07 . 2012-11-15 17:07 -------- d-----w- d:\windows\ELAMBKUP
2012-11-15 17:07 . 2012-11-29 17:33 -------- d-----w- d:\programdata\Kaspersky Lab
2012-11-15 17:07 . 2012-11-15 17:07 -------- d-----w- d:\program files\Kaspersky Lab
2012-11-15 17:07 . 2012-08-13 17:24 75096 ----a-w- d:\windows\system32\drivers\klflt.sys
2012-11-15 16:42 . 2012-11-15 16:42 -------- d-----w- d:\program files\ESET
2012-11-05 15:42 . 2012-11-05 15:42 477168 ----a-w- d:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 06:14 . 2012-07-25 13:53 25944 ----a-w- d:\windows\system32\drivers\klmouflt.sys
2012-11-16 06:14 . 2012-06-08 10:38 43608 ----a-w- d:\windows\system32\drivers\kltdi.sys
2012-11-16 06:14 . 2012-05-25 18:38 25944 ----a-w- d:\windows\system32\drivers\klkbdflt.sys
2012-11-05 15:42 . 2011-05-14 19:46 473072 ----a-w- d:\windows\system32\deployJava1.dll
2010-01-26 09:11 . 2012-03-11 15:02 444283 ----a-w- d:\program files\Common Files\WinPcapNmap.exe
2012-10-27 16:03 . 2012-10-27 16:03 261600 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="d:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"AutoStartNPSAgent"="d:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"LightScribe Control Panel"="d:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"CanonMyPrinter"="d:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"AVP"="d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2012-11-16 356376]
.
d:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - d:\program files\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 Lbd;Lbd;d:\windows\system32\DRIVERS\Lbd.sys [x]
R3 esgiguard;esgiguard;d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;d:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;d:\windows\system32\DRIVERS\massfilter.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;d:\windows\System32\svchost.exe [x]
R3 synasusb;eLicenser;d:\windows\system32\Drivers\synasusb.sys [x]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;d:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;d:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;d:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;d:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;d:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;d:\windows\system32\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;d:\windows\system32\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;d:\windows\system32\DRIVERS\kneps.sys [x]
S2 FsUsbExService;FsUsbExService;d:\windows\system32\FsUsbExService.Exe [x]
S2 npf;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [x]
S3 FsUsbExDisk;FsUsbExDisk;d:\windows\system32\FsUsbExDisk.SYS [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;d:\windows\system32\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;d:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;d:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29 451872 ----a-w- d:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Download with x-iphone-magic-platinum - e:\program files\Xilisoft\iPhone Magic Platinum\upod_link.HTM
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - d:\users\jassy\AppData\Roaming\Mozilla\Firefox\Profiles\mgkh1cgk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-09-30 17:13; 5068628db30aa@5068628db30e3.com; d:\users\jassy\AppData\Roaming\Mozilla\Firefox\Profiles\mgkh1cgk.default\extensions\5068628db30aa@5068628db30e3.com.xpi
FF - ExtSQL: 2012-11-05 16:42; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-11-15 18:07; content_blocker@kaspersky.com; d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2012-11-15 18:08; url_advisor@kaspersky.com; d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2012-11-15 18:08; virtual_keyboard@kaspersky.com; d:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - d:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - d:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - d:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - d:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - d:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - d:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - d:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - d:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - d:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - d:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - d:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - d:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - d:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - d:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - d:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - d:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - d:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2658800859-1032754694-4259662628-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2658800859-1032754694-4259662628-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4412)
d:\users\jassy\AppData\Local\Temp\catchme.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\windows\system32\taskhost.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Common Files\LightScribe\LSSrvc.exe
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\windows\system32\conhost.exe
d:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\windows\system32\conhost.exe
d:\program files\DAEMON Tools Pro\DTShellHlp.exe
d:\program files\Windows Media Player\wmpnetwk.exe
d:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-29 18:37:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-11-29 17:37
.
Vor Suchlauf: 1.459.634.176 Bytes frei
Nach Suchlauf: 4.909.727.744 Bytes frei
.
- - End Of File - - 5D99DE0B0193F75BFAF41EDAC132931F
|
|
29.11.2012, 19:39
| #9 |
| /// TB-Ausbilder | Malware Problem "Savenow", "Superfish" etc. Deinstalliere bitte SpyHunter und berichte ob das geklappt hat.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.11.2012, 19:49
| #10 |
| | Malware Problem "Savenow", "Superfish" etc. Ich will mich ja jetzt nicht dümmer anstellen als nötig  aber weder in der Systemsteuerung gibt es eine deinstalliermöglichkeit noch im installierten Programmordner...Ohne deinstaller kann ich es nicht deinstallieren oder steh ich jetzt irgendwie auf der Leitung??? Ist eine MS-Dos Anwendung...hab die nicht persönlich installiert, zumindest wüsste ich nicht warum. |
|
29.11.2012, 19:55
| #11 | ||
| /// TB-Ausbilder | Malware Problem "Savenow", "Superfish" etc. Nein das ist schon okay. Das Programm lässt sich oft nicht mit normalen Mitteln entfernen ... das machen wir jetzt: Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.11.2012, 20:15
| #12 |
| | Malware Problem "Savenow", "Superfish" etc. hmmmm..... hatte wieder das Problem mit dem "nicht mehr reagieren"... also den Mauszeiger konnte ich noch bewegen aber der PC hat nichts mehr angenommen...also auch das Dos-Fenster vom Combofix konnte ich nicht schließen...Oder hätte ich länger warten müssen? |
|
29.11.2012, 20:26
| #13 |
| /// TB-Ausbilder | Malware Problem "Savenow", "Superfish" etc. Starte Combofix nochmal mit /nombr bitte.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
29.11.2012, 20:33
| #14 |
| | Malware Problem "Savenow", "Superfish" etc. Also mit dem nombr Befehl klappt es. Er durchläuft jetzt wieder die einzelnen Stufen. Ich schreib dir parallel vom Handy, den Rechner fasse ich in der Zeit nicht an. ) |
|
29.11.2012, 20:36
| #15 | |
| /// TB-Ausbilder | Malware Problem "Savenow", "Superfish" etc.---------------
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Malware Problem "Savenow", "Superfish" etc. |
| 7-zip, adobe reader xi, antwort, aswmbr, ausmachen, avp.exe, canon, classpnp.sys, cosinus, cubase, ebay, enigma, erstell, extrem, folge, folgendes, install.exe, kaspersky, leiste, malware, malware problem, nerve, neuste, plug-in, poppen, popups, poste, problem, rechner, seite, seiten, spielen, superfish, taskhost.exe, version, werbebanner |
Linear-Darstellung
