Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Malware Problem "Savenow", "Superfish" etc.

Malware Problem "Savenow", "Superfish" etc.


Plagegeister aller Art und deren Bekämpfung: Malware Problem "Savenow", "Superfish" etc.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 28.11.2012, 19:23   #1
rene2k
 
Malware Problem "Savenow", "Superfish" etc. - Standard

Malware Problem "Savenow", "Superfish" etc.


Hallo Cosinus und Co.

ich habe ein Malwareproblem. Ständig poppen irgendwelche Werbebanner auf Seiten auf, die vorher nicht da waren und gehen mir extrem auf die Nerven.
Auffällig bei Ebay u. ä.

Ich habe für´s Erste ausmachen können, dass es sich um irgendwas mit Superfish und savenow handelt.
Ich habe schon folgendes unternommen:
Logfile von aswMBR in der neusten Version erstellt
Logfile von OTL erstellt und
Logfile von Kaspersky TDSSKiller.
Um schon mal etwas Vorarbeit zu leisten.
Es wäre nett wenn man mir mit meinem Problem helfen könnte, so dass ich den Rechner wieder frei von diesen Popups bekomme.
Die Logs poste ich als Antwort hinten dran.

Gruß
Rene2k

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.11.2012 15:51:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\jassy\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,09% Memory free
4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 99,17 Gb Total Space | 98,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 2,65 Gb Free Space | 9,06% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 38,51 Gb Free Space | 19,72% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 29,49 Gb Free Space | 60,39% Space Free | Partition Type: NTFS
 
Computer Name: JASSY-PC | User Name: jassy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Users\jassy\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - D:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - D:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - D:\Programme\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - D:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - D:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - D:\Windows\System32\FsUsbExService.Exe (Teruten)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Users\jassy\AppData\Local\Temp\CmdLineExt03.dll ()
MOD - D:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll ()
MOD - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ()
MOD - D:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - D:\Programme\WinRAR\RarExt.dll ()
MOD - D:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - D:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - D:\Programme\Common Files\LightScribe\QtCore4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AVP) -- D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (MozillaMaintenance) -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- D:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- D:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (nosGetPlusHelper) -- D:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (WMPNetworkSvc) -- D:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- D:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (osppsvc) -- D:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- D:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (Lavasoft Kernexplorer) -- D:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (esgiguard) -- D:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (KLIF) -- D:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kltdi) -- D:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab)
DRV - (klmouflt) -- D:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klkbdflt) -- D:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab)
DRV - (kneps) -- D:\Windows\System32\drivers\kneps.sys (Kaspersky Lab)
DRV - (KLIM6) -- D:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- D:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (dtsoftbus01) -- D:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (synasusb) -- D:\Windows\System32\drivers\synasusb.sys (Steinberg Media Technologies GmbH)
DRV - (NBVol) -- D:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- D:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (yukonw7) -- D:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (vmbus) -- D:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- D:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscdmdm) -- D:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- D:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- D:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (npf) -- D:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ZTEusbnet) -- D:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- D:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- D:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- D:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- D:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- D:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (nvlddmkm) -- D:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MTsensor) -- D:\Windows\System32\drivers\ASACPI.sys ()
DRV - (EL90x) -- D:\Windows\System32\drivers\el90xnd5.SYS (3Com Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 85 8F 6B 09 CF CC 01  [binary data]
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: {5556F97E-11A5-46b0-9082-32AD74AAA920}:0.4.2.2
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: D:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: D:\Program Files\TabletPlugins\npWacomTabletPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: D:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012.11.15 18:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012.11.15 18:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012.11.15 18:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.10.27 17:03:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012.11.05 16:42:28 | 000,000,000 | ---D | M]
 
[2010.12.30 20:53:04 | 000,000,000 | ---D | M] (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\Extensions
[2012.10.23 15:40:37 | 000,000,000 | ---D | M] (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\Firefox\Profiles\mgkh1cgk.default\extensions
[2005.12.31 23:03:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- D:\Users\jassy\AppData\Roaming\mozilla\Firefox\Profiles\mgkh1cgk.default\extensions\ich@maltegoetz.de
[2012.09.30 16:13:17 | 000,005,366 | ---- | M] () (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\firefox\profiles\mgkh1cgk.default\extensions\5068628db30aa@5068628db30e3.com.xpi
[2012.05.03 19:48:40 | 000,617,362 | ---- | M] () (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\firefox\profiles\mgkh1cgk.default\extensions\check4change-owner@mozdev.org.xpi
[2012.05.03 19:50:04 | 000,017,424 | ---- | M] () (No name found) -- D:\Users\jassy\AppData\Roaming\mozilla\firefox\profiles\mgkh1cgk.default\extensions\{5556F97E-11A5-46b0-9082-32AD74AAA920}.xpi
[2012.11.05 16:42:30 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2012.11.05 16:42:31 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.11.05 16:42:31 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.27 17:03:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.08 22:53:57 | 000,001,392 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 22:53:57 | 000,002,465 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.08 22:53:57 | 000,001,153 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.08 22:53:57 | 000,006,805 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.08 22:53:57 | 000,001,178 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.08 22:53:57 | 000,001,105 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] D:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001..\Run: [AutoStartNPSAgent] D:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download with x-iphone-magic-platinum - e:\Program Files\Xilisoft\iPhone Magic Platinum\upod_link.HTM File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{823824DA-57F2-4255-A40A-66CDC30F96AC}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10744ca0-9f79-11e0-89e6-0018f39e5c26}\Shell - "" = AutoRun
O33 - MountPoints2\{10744ca0-9f79-11e0-89e6-0018f39e5c26}\Shell\AutoRun\command - "" = I:\MI.exe
O33 - MountPoints2\{3e7b3e32-fbb5-11e0-b47b-0018f39e5c26}\Shell - "" = AutoRun
O33 - MountPoints2\{3e7b3e32-fbb5-11e0-b47b-0018f39e5c26}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b6fca78f-81b1-11e1-b976-0018f39e5c26}\Shell - "" = AutoRun
O33 - MountPoints2\{b6fca78f-81b1-11e1-b976-0018f39e5c26}\Shell\AutoRun\command - "" = H:\Spielen!.exe
O33 - MountPoints2\{c0bd3c5b-f36d-11e1-b35f-0018f39e5c26}\Shell - "" = AutoRun
O33 - MountPoints2\{c0bd3c5b-f36d-11e1-b35f-0018f39e5c26}\Shell\AutoRun\command - "" = I:\Spielen!.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.28 15:50:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\jassy\Desktop\OTL.exe
[2012.11.28 15:35:58 | 004,732,416 | ---- | C] (AVAST Software) -- D:\Users\jassy\Desktop\aswMBR.exe
[2012.11.28 09:55:28 | 001,700,352 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdiplus.dll
[2012.11.28 06:22:58 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A08F429C-8CAE-4402-AE93-F7B5F7BA472B}
[2012.11.27 17:01:18 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{ABFB6E7E-6E2A-4AFB-852E-6EA4E875B44B}
[2012.11.26 21:19:28 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A4133C7F-0597-4566-9E71-87AC78C4C90E}
[2012.11.26 21:15:42 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{B6E71553-61F5-4796-9F52-2E2D927E094D}
[2012.11.26 06:54:16 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{21211D5B-2415-4F64-B1EC-2D1BC11E036A}
[2012.11.25 21:53:11 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaveLab 6
[2012.11.25 12:13:10 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{1078A8D6-BE37-4AAC-89FE-F35A2F313059}
[2012.11.25 00:12:48 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{7C85C0D9-8942-4BF7-B159-37140851C17C}
[2012.11.24 13:30:07 | 000,000,000 | ---D | C] -- D:\Users\jassy\Documents\Cubase Projects
[2012.11.24 13:29:21 | 000,000,000 | ---D | C] -- D:\Users\jassy\Documents\VST3 Presets
[2012.11.24 13:24:25 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Roaming\Steinberg
[2012.11.24 11:30:02 | 000,000,000 | ---D | C] -- D:\ProgramData\Syncrosoft
[2012.11.24 11:30:01 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\eLicenser
[2012.11.24 11:23:57 | 000,000,000 | ---D | C] -- D:\Program Files\Syncrosoft
[2012.11.24 11:23:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
[2012.11.24 11:23:57 | 000,000,000 | ---D | C] -- D:\ProgramData\eLicenser
[2012.11.24 11:23:57 | 000,000,000 | ---D | C] -- D:\Program Files\eLicenser
[2012.11.24 11:23:56 | 000,023,696 | ---- | C] (Steinberg Media Technologies GmbH) -- D:\Windows\System32\drivers\synasusb.sys
[2012.11.24 11:23:54 | 001,277,952 | ---- | C] (Steinberg Media Technologies GmbH) -- D:\Windows\System32\SYNSOACC.dll
[2012.11.24 10:27:00 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{47A9EE81-FB51-475F-B662-15AC8E3628C9}
[2012.11.23 17:53:25 | 000,000,000 | ---D | C] -- D:\Users\jassy\Desktop\Vorschüler2012
[2012.11.23 17:52:04 | 000,000,000 | ---D | C] -- D:\Users\jassy\Desktop\Laternernfest
[2012.11.23 07:41:25 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{1B4F30EE-7F1C-4500-90B2-EB92466AC4AE}
[2012.11.22 16:20:55 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{BD0E115B-143D-43CA-A7BD-1E3A727375D4}
[2012.11.21 22:36:55 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{EF4BDA4E-B482-4B15-B73F-BDF47BB12197}
[2012.11.20 20:46:09 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{6244602F-92AF-4F38-BE54-2AE1680B03C4}
[2012.11.20 06:57:42 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{73262E6C-4207-4A4B-B81F-F1DD18EB7915}
[2012.11.19 06:58:10 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{23E65F53-B660-476E-9472-2EAF2741A087}
[2012.11.18 12:53:49 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{664A8B86-8A6C-48BB-90C1-093D6D55C1BF}
[2012.11.18 01:54:46 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{50DFEA26-7FDC-4933-9BB0-BF11C6E1BFA6}
[2012.11.17 10:25:26 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{043EFC98-260F-4B44-A8AB-2B2189C38F63}
[2012.11.16 16:07:14 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{CB6A2087-2714-47D4-88C8-1282A39ACF0A}
[2012.11.15 21:08:07 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{8F68C922-C0C4-4CE0-BD0F-742B740B3B5D}
[2012.11.15 20:38:50 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A2509A78-69D6-4FF9-8B16-F01E3734E8CC}
[2012.11.15 20:34:27 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{FBFB0D01-31C2-4312-91C1-0A01B898792E}
[2012.11.15 18:17:09 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{23938030-20A9-4EBD-B235-948A04D051D4}
[2012.11.15 18:08:46 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2012.11.15 18:07:48 | 000,000,000 | ---D | C] -- D:\Windows\ELAMBKUP
[2012.11.15 18:07:43 | 000,000,000 | ---D | C] -- D:\ProgramData\Kaspersky Lab
[2012.11.15 18:07:43 | 000,000,000 | ---D | C] -- D:\Program Files\Kaspersky Lab
[2012.11.15 18:07:27 | 000,589,144 | ---- | C] (Kaspersky Lab) -- D:\Windows\System32\drivers\klif.sys
[2012.11.15 18:07:27 | 000,075,096 | ---- | C] (Kaspersky Lab) -- D:\Windows\System32\drivers\klflt.sys
[2012.11.15 18:04:18 | 154,892,968 | ---- | C] (Kaspersky Lab) -- D:\Users\jassy\Desktop\kav13.0.1.4190de-de.exe
[2012.11.15 17:55:08 | 000,000,000 | ---D | C] -- D:\ProgramData\ESET
[2012.11.15 17:42:09 | 000,000,000 | ---D | C] -- D:\Program Files\ESET
[2012.11.14 19:28:50 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{9E93C389-2E29-415B-AB05-BEA5BBA4726A}
[2012.11.14 07:19:21 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{D6BD75D9-1FBD-4E21-9311-E694F8AC8FCA}
[2012.11.13 15:17:39 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{3337975E-3F63-45F0-A2D5-CCFA73FDEE17}
[2012.11.13 07:49:34 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{84DB77EA-0AF6-4866-936B-17A7DE9CBC78}
[2012.11.12 19:47:14 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{5F0D3733-95EA-4548-843B-C33767912AF5}
[2012.11.12 06:58:21 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{70B94035-2937-4760-9417-ED7E89B23230}
[2012.11.11 11:40:55 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{618C4B9A-4457-4A97-84B1-133BA2447099}
[2012.11.10 12:28:01 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{6C147379-2190-481C-937A-68B5DFA0A6BB}
[2012.11.09 18:58:05 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{18154E4E-437D-4EC3-9E6A-45EB0A067865}
[2012.11.09 06:57:30 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{49317958-5BE9-458A-927F-4A0655EC647C}
[2012.11.08 16:24:23 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{59464356-F718-4294-8A33-B69E27D04E38}
[2012.11.08 16:09:34 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{DEC28E44-3B4E-41E4-BAB8-D13FC057F389}
[2012.11.07 19:54:26 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{500D955E-EF67-45EC-A0E5-3ECA72A1545D}
[2012.11.06 19:54:51 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{42C66EF4-FA60-4A7A-9B41-ECC4C2ADCD30}
[2012.11.06 07:13:11 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{D515D0FD-5E7E-47C3-8DCC-96BB5F4792EA}
[2012.11.05 16:42:28 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\npdeployJava1.dll
[2012.11.05 16:42:28 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe
[2012.11.05 16:42:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe
[2012.11.05 16:42:28 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe
[2012.11.05 15:52:46 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{12421273-E30B-4294-9F05-5844E3F0FB1A}
[2012.11.04 23:01:17 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{5486901E-30B1-4376-B820-70D83C6AF4C9}
[2012.11.04 11:00:55 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{DA81A3C1-7FDF-4715-A444-03B2E496679D}
[2012.11.03 23:00:21 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{29B668F7-2629-41B4-9B8F-5201628E6D51}
[2012.11.03 10:59:59 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A04F793E-933A-4D32-BFA5-30BAC577A572}
[2012.11.03 00:49:13 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{B2FC2967-C682-4A52-94D1-940F65DA3820}
[2012.11.02 06:55:29 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{5629B566-135D-434A-A2B9-C8E60BF3DA55}
[2012.11.01 16:17:22 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{C167BDB0-ACA1-4702-81CD-DAE2E426B1D6}
[2012.11.01 07:25:25 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{8266D02B-D536-486E-81E1-B44F3A86B720}
[2012.10.31 19:15:41 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{A88BC713-E23D-44A6-85D0-8D4360D0C3E9}
[2012.10.31 07:15:27 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{29C4D0F9-F124-4F3B-9C99-525D2DAEE92C}
[2012.10.30 18:49:07 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{474BDA8D-B7E9-4F9D-97FE-76C0E8BE1790}
[2012.10.30 06:48:45 | 000,000,000 | ---D | C] -- D:\Users\jassy\AppData\Local\{2CCBEE97-C0AF-4809-8AB6-6DAFAA4154D2}
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.28 15:50:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\jassy\Desktop\OTL.exe
[2012.11.28 15:48:07 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012.11.28 15:48:04 | 1609,474,048 | -HS- | M] () -- D:\hiberfil.sys
[2012.11.28 15:45:25 | 000,480,125 | ---- | M] () -- D:\Users\jassy\Desktop\adwcleaner.exe
[2012.11.28 15:36:33 | 004,732,416 | ---- | M] (AVAST Software) -- D:\Users\jassy\Desktop\aswMBR.exe
[2012.11.28 15:07:05 | 000,014,960 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 15:07:05 | 000,014,960 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 09:55:28 | 001,700,352 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\gdiplus.dll
[2012.11.26 07:05:17 | 000,653,986 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012.11.26 07:05:17 | 000,615,868 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012.11.26 07:05:17 | 000,129,858 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012.11.26 07:05:17 | 000,106,248 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012.11.25 21:53:11 | 000,000,731 | ---- | M] () -- D:\Users\Public\Desktop\WaveLab 6.lnk
[2012.11.24 13:24:24 | 000,002,892 | ---- | M] () -- D:\Windows\System32\audcon.sys
[2012.11.24 11:23:58 | 000,000,045 | ---- | M] () -- D:\Windows\System32\SYNSOPOS.exe.cfg
[2012.11.23 17:57:50 | 000,388,768 | ---- | M] () -- D:\Users\jassy\Desktop\StarFM.jpg
[2012.11.23 17:56:09 | 001,544,355 | ---- | M] () -- D:\Users\jassy\Desktop\DSCF5067.JPG
[2012.11.16 07:14:23 | 000,589,144 | ---- | M] (Kaspersky Lab) -- D:\Windows\System32\drivers\klif.sys
[2012.11.16 07:14:23 | 000,043,608 | ---- | M] (Kaspersky Lab) -- D:\Windows\System32\drivers\kltdi.sys
[2012.11.16 07:14:23 | 000,025,944 | ---- | M] (Kaspersky Lab) -- D:\Windows\System32\drivers\klmouflt.sys
[2012.11.16 07:14:23 | 000,025,944 | ---- | M] (Kaspersky Lab) -- D:\Windows\System32\drivers\klkbdflt.sys
[2012.11.15 18:08:30 | 000,001,081 | ---- | M] () -- D:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012.11.15 18:06:30 | 154,892,968 | ---- | M] (Kaspersky Lab) -- D:\Users\jassy\Desktop\kav13.0.1.4190de-de.exe
[2012.11.05 16:42:22 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaws.exe
[2012.11.05 16:42:22 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\javaw.exe
[2012.11.05 16:42:22 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\java.exe
[2012.11.05 16:42:21 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\npdeployJava1.dll
[2012.11.05 16:42:21 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- D:\Windows\System32\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2012.11.28 15:45:23 | 000,480,125 | ---- | C] () -- D:\Users\jassy\Desktop\adwcleaner.exe
[2012.11.25 21:53:11 | 000,000,731 | ---- | C] () -- D:\Users\Public\Desktop\WaveLab 6.lnk
[2012.11.24 13:24:24 | 000,002,892 | ---- | C] () -- D:\Windows\System32\audcon.sys
[2012.11.24 11:23:53 | 000,086,016 | ---- | C] () -- D:\Windows\System32\SYNSOPOS.exe
[2012.11.24 11:23:53 | 000,000,045 | ---- | C] () -- D:\Windows\System32\SYNSOPOS.exe.cfg
[2012.11.23 17:57:50 | 000,388,768 | ---- | C] () -- D:\Users\jassy\Desktop\StarFM.jpg
[2012.11.23 17:56:09 | 001,544,355 | ---- | C] () -- D:\Users\jassy\Desktop\DSCF5067.JPG
[2012.11.15 18:08:46 | 000,001,081 | ---- | C] () -- D:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2012.05.21 19:51:45 | 000,000,041 | -HS- | C] () -- D:\ProgramData\.zreglib
[2012.05.19 15:13:49 | 000,017,408 | ---- | C] () -- D:\Users\jassy\AppData\Local\WebpageIcons.db
[2012.05.18 17:27:11 | 000,000,166 | ---- | C] () -- D:\Users\jassy\defogger_reenable
[2012.05.18 15:22:00 | 000,032,768 | ---- | C] () -- D:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.03.11 16:02:49 | 000,444,283 | ---- | C] () -- D:\Program Files\Common Files\WinPcapNmap.exe
[2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- D:\Windows\System32\abgx360.exe
[2011.12.29 19:55:09 | 000,000,600 | ---- | C] () -- D:\Users\jassy\AppData\Roaming\winscp.rnd
[2011.12.29 19:43:07 | 000,180,224 | ---- | C] () -- D:\Windows\System32\QTCF.dll
[2011.11.23 14:14:53 | 000,116,172 | -H-- | C] () -- D:\Windows\System32\mlfcache.dat
[2011.11.15 19:33:23 | 000,000,112 | ---- | C] () -- D:\Windows\ActiveSkin.INI
[2011.06.07 06:31:12 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2011.05.21 17:24:39 | 000,005,120 | ---- | C] () -- D:\Users\jassy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.08 19:05:52 | 000,110,592 | ---- | C] () -- D:\Windows\System32\FsUsbExDevice.Dll
[2011.01.08 19:05:52 | 000,036,608 | ---- | C] () -- D:\Windows\System32\FsUsbExDisk.Sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.27 18:21:22 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\abgx360
[2012.05.13 13:55:11 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Ashampoo
[2010.12.31 12:14:25 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\AVG10
[2012.04.08 20:38:22 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\DAEMON Tools Pro
[2011.11.06 12:23:50 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\elsterformular
[2012.11.28 15:25:00 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\foobar2000
[2011.10.28 17:24:20 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\GetRightToGo
[2012.05.08 21:13:54 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\ICQ
[2012.05.06 15:58:15 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\ICQ Search
[2012.05.21 23:36:24 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\ImgBurn
[2012.03.19 16:41:42 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\iPhoneRingToneMaker
[2011.03.07 19:03:05 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\IrfanView
[2012.03.18 21:27:34 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\ML
[2011.12.29 17:33:08 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\redsn0w
[2012.03.19 16:41:30 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Ringtone Expressions
[2011.06.26 00:59:47 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Samsung
[2011.10.29 11:22:30 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\SharePod
[2011.10.29 11:53:35 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Software4u
[2012.11.24 13:29:18 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Steinberg
[2012.05.18 05:37:06 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\TeamViewer
[2012.02.12 15:29:52 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Toontrack
[2012.05.06 11:24:59 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Trillian
[2012.09.16 15:04:00 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\TuneUp Software
[2012.11.28 10:44:51 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\uTorrent
[2012.09.29 13:41:39 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\VDownloader
[2011.10.21 08:23:39 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Vodafone
[2011.12.25 14:39:23 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Waves Audio
[2010.12.30 21:24:31 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Windows Live Writer
[2011.11.23 15:16:40 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\WindSolutions
[2011.11.12 16:50:31 | 000,000,000 | ---D | M] -- D:\Users\jassy\AppData\Roaming\Xilisoft
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[D:\Windows\$NtUninstallKB10476$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> D:\ProgramData\TEMP:D57FAB99
@Alternate Data Stream - 24 bytes -> D:\Windows:DD11F150341F7A44

< End of report >
--- --- ---

OTL LOG (Extras)
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.11.2012 15:51:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\jassy\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 59,09% Memory free
4,00 Gb Paging File | 3,06 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 99,17 Gb Total Space | 98,96 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive D: | 29,29 Gb Total Space | 2,65 Gb Free Space | 9,06% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 38,51 Gb Free Space | 19,72% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 29,49 Gb Free Space | 60,39% Space Free | Partition Type: NTFS
 
Computer Name: JASSY-PC | User Name: jassy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07717C9F-D55A-422F-81C0-D161540087E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0CE905EA-B5D5-4DAA-91DE-C7B5960CCC71}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{12311EE6-8A81-466E-AEE6-5DC13A789AE3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2A73828E-0E49-4891-8DC3-E25AE0CA90D6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{39D54039-91F9-4FB1-A971-76F936AFFFFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{410A93B2-DFDD-4F63-B708-1B8BC253F5CC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{45C0BED5-6C8D-4F64-BED4-4A2628E5E1B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50EBA498-3329-4151-9EC5-3821429C262F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{65FCDFC4-81A1-4457-B4FB-B79C17B1DB5C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6AF09732-460A-453A-8692-F4DF3B838F58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74232ADC-9974-40EC-B1BB-4F9ED8145F01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77A4B1AC-6045-4629-86F8-1584FF8A888E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{78EE665E-0FB0-4197-B721-D0169AFE0417}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7B5AE88B-9996-4ACD-AE15-945C68E8817D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8CA78E57-5C47-45A2-AF29-505743034D7D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9B0F51E8-022C-401B-BC93-1316C0D1E068}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AB7CE37C-36F5-44FE-82BF-E2A3DE69C598}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AEA0C4F7-50B9-42AC-B4E1-0B547F203313}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CBA9D226-C620-4BF6-8FEA-FD8D3020FF46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CF042379-8B7A-4BAA-930F-FFF3C3245A9C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0588EC2-637C-4EF4-A2C2-746B1BD91505}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D41CC054-A1E3-4D2B-9404-B1AD971E2088}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D4318D9F-1E27-40F7-B33B-B3D96E67543B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E5A240DC-FF70-45FE-B519-1C3CB1A29574}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4B15C42-0E3B-41CB-AF1F-2717FA433808}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0137A356-25C9-44A1-8345-95F2C25C345B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{023EC407-743B-4EC8-B0F6-86D82AE61DCB}" = protocol=6 | dir=in | app=d:\program files\avg\avg10\avgemcx.exe | 
"{07945EC0-72EC-4EBD-8CDA-F0A53635662A}" = dir=in | app=d:\program files\windows live\contacts\wlcomm.exe | 
"{098C4057-FB67-454D-B901-5BF07C75A43B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0A5ECC65-3379-4D4B-8A3D-59E7B5530655}" = protocol=6 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe | 
"{1C4F6158-CE80-4644-97BC-1833F34A2131}" = protocol=17 | dir=in | app=e:\program files\icq7.7\icq.exe | 
"{1F26AB33-1CAB-4C1E-AC11-ADD3EE9B7091}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1F4F08AC-0DAE-4D9E-BBA4-35E9C3399C09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1FB0FCC8-335C-4BA5-97D6-127E2421D97A}" = protocol=17 | dir=in | app=d:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{20D257C5-CC9F-48B0-94CF-4BE3373B991E}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe | 
"{2F556AD7-8E9C-4BFB-A4E8-69552B6FEBA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{37CFE9D7-5A27-4FC2-9F64-E6191A3413E2}" = protocol=6 | dir=in | app=d:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{3F252745-E188-49D0-BDF6-4773DA245098}" = protocol=17 | dir=in | app=d:\program files\avg\avg10\avgmfapx.exe | 
"{5653324E-B406-439D-AED4-D36E0985B551}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59BAFB27-118B-4807-B5DD-F55D7E1EE662}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F4D7A42-49C8-4EB8-853B-605EAB069331}" = protocol=6 | dir=in | app=d:\program files\avg\avg10\avgdiagex.exe | 
"{61AB4B86-1474-46DD-B9CC-631001729C0D}" = protocol=6 | dir=in | app=d:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{67CC4664-ECEB-4786-BF4B-3C1CAF8D3B8C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6902D4E0-B3F7-48C4-9C9C-0775909BC524}" = protocol=6 | dir=out | app=system | 
"{746749F3-9637-4B35-8F2C-BA4170E06F20}" = protocol=17 | dir=in | app=d:\program files\avg\avg10\avgnsx.exe | 
"{75F88B5F-30A4-41B4-BE27-A5B608154EE6}" = dir=in | app=d:\program files\windows live\messenger\msnmsgr.exe | 
"{7AC74404-4315-4CF5-B67F-5DD0CE655D77}" = dir=in | app=d:\program files\itunes\itunes.exe | 
"{8AD25EB4-006B-4117-ADFD-2C02C957291B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{92070982-0F02-4383-AF09-F3DE6AE28ED7}" = protocol=6 | dir=in | app=d:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe | 
"{93F1B8BE-769C-478B-972D-B963BF070D33}" = protocol=17 | dir=in | app=d:\program files\bonjour\mdnsresponder.exe | 
"{9754FA70-2AA0-4D84-8933-9F0DAAC3471F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A9812A0A-4196-4484-A5E6-7DBC943FD5C9}" = protocol=6 | dir=in | app=d:\program files\avg\avg10\avgnsx.exe | 
"{AD4BED08-8F4C-405C-94CD-0518CF7D9DDE}" = protocol=17 | dir=in | app=d:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{B515A076-CD74-451E-893E-EB4A395B5D49}" = protocol=17 | dir=in | app=d:\program files\microsoft office\office14\groove.exe | 
"{C024CD66-1380-4081-A7FD-50F6895A067F}" = protocol=6 | dir=in | app=d:\program files\microsoft office\office14\groove.exe | 
"{C3631E62-6C53-4B4C-9692-612D14A0A4A3}" = protocol=17 | dir=in | app=d:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{C874BA7E-3EFB-4BD4-B064-6C41C3425868}" = protocol=17 | dir=in | app=d:\program files\avg\avg10\avgdiagex.exe | 
"{CB12B7EA-833D-4E52-9080-F8811F8B8758}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CEBC46DB-EBE6-434F-9488-B6DCF11931A2}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe | 
"{D4804B16-417E-4A4D-814C-948E8149668F}" = protocol=6 | dir=in | app=e:\program files\icq7.7\icq.exe | 
"{D4F33C37-5543-4818-9E63-3D551AAB153F}" = protocol=6 | dir=in | app=d:\program files\avg\avg10\avgmfapx.exe | 
"{D6789CFA-6B6C-4A32-A42E-089E103FD48D}" = protocol=17 | dir=in | app=e:\program files\icq7.7\icq.exe | 
"{D9398908-836A-42C7-A702-70D853347473}" = dir=in | app=d:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{DD80E2BC-6F1F-49AF-B96E-F085CDFED4AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DEC84AF7-F6A8-41C9-99FC-A418368679A4}" = protocol=6 | dir=in | app=e:\program files\icq7.7\icq.exe | 
"{DF99BC9A-F2FF-4E3D-8B33-ACA373A5DF40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F729E2F7-5902-4301-8506-8E6BC64ACA36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCF22E38-A6C3-47DD-8D2B-347755AF14F7}" = protocol=17 | dir=in | app=d:\program files\avg\avg10\avgemcx.exe | 
"{FD699C03-A19F-4E7A-943A-B9CE49986F85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{56D5A411-CCFC-4FE2-9DA3-045BD3AC5202}E:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\program files\mirc\mirc.exe | 
"TCP Query User{82FD93C4-7BD1-4161-9C27-D2777F8FD674}D:\program files\relevantknowledge\rlvknlg.exe" = protocol=6 | dir=in | app=d:\program files\relevantknowledge\rlvknlg.exe | 
"UDP Query User{48760FF8-8E02-4C0F-A2CD-7CF9B48AC0D4}D:\program files\relevantknowledge\rlvknlg.exe" = protocol=17 | dir=in | app=d:\program files\relevantknowledge\rlvknlg.exe | 
"UDP Query User{947B8E62-F8E7-4A3A-ACE0-542DD8AFF848}E:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\program files\mirc\mirc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.990
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"abgx360" = abgx360 v1.0.6
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2012 CBE_is1" = Ashampoo Burning Studio 2012 CBE v.11.0.4
"AudibleDownloadManager" = Audible Download Manager
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon My Printer
"DAEMON Tools Pro" = DAEMON Tools Pro
"eLicenser Control" = eLicenser Control
"foobar2000" = foobar2000 v1.1.1
"ImgBurn" = ImgBurn
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"IrfanView" = IrfanView (remove only)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WaveLabPro" = WaveLab 6
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YDKJG" = YOU DON'T KNOW JACK®
"YDKJG3" = YOU DON'T KNOW JACK® 3 - Abwärts!
"YOU DON'T KNOW JACK® 2" = YOU DON'T KNOW JACK® 2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2658800859-1032754694-4259662628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.01.2006 03:24:46 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.01.2006 03:24:46 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.01.2006 03:24:46 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.01.2006 03:24:46 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.01.2006 03:24:47 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.01.2006 03:24:47 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 01.01.2006 03:29:11 | Computer Name = jassy-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 16.06.2012 08:57:11 | Computer Name = jassy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.2.45,
 Zeitstempel: 0x4f02e382  Name des fehlerhaften Moduls: RdLang_weblink.DEU, Version:
 10.1.2.45, Zeitstempel: 0x4f02fa66  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005617
ID
 des fehlerhaften Prozesses: 0x500  Startzeit der fehlerhaften Anwendung: 0x01cd4bbedc294444
Pfad
 der fehlerhaften Anwendung: D:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
 des fehlerhaften Moduls: D:\Users\jassy\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
Berichtskennung:
 c9388072-b7b2-11e1-a769-0018f39e5c26
 
Error - 16.06.2012 12:28:19 | Computer Name = jassy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.2.45,
 Zeitstempel: 0x4f02e382  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x01d65617  ID des fehlerhaften
 Prozesses: 0xf48  Startzeit der fehlerhaften Anwendung: 0x01cd4bdcebd78f5d  Pfad der
 fehlerhaften Anwendung: D:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 48299153-b7d0-11e1-a769-0018f39e5c26
 
Error - 19.06.2012 16:02:47 | Computer Name = jassy-PC | Source = VSS | ID = 13
Description = 
 
Error - 19.06.2012 16:02:47 | Computer Name = jassy-PC | Source = VSS | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 21.10.2011 05:09:15 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 11:09:15 - Fehler beim Herstellen der Internetverbindung.  11:09:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 08:15:00 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 14:14:59 - Fehler beim Herstellen der Internetverbindung.  14:15:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 09:39:56 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 15:39:56 - Fehler beim Herstellen der Internetverbindung.  15:39:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 11:33:24 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 17:33:24 - Fehler beim Herstellen der Internetverbindung.  17:33:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.10.2011 12:33:36 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 18:33:36 - Fehler beim Herstellen der Internetverbindung.  18:33:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.10.2011 11:15:37 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 17:15:37 - Fehler beim Herstellen der Internetverbindung.  17:15:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.10.2011 14:35:22 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 20:35:22 - Fehler beim Herstellen der Internetverbindung.  20:35:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.10.2011 01:11:44 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 07:11:44 - Fehler beim Herstellen der Internetverbindung.  07:11:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.10.2011 10:54:44 | Computer Name = jassy-PC | Source = MCUpdate | ID = 0
Description = 16:54:44 - Fehler beim Herstellen der Internetverbindung.  16:54:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 28.11.2012 10:00:22 | Computer Name = jassy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 28.11.2012 10:00:22 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 28.11.2012 10:48:11 | Computer Name = jassy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 28.11.2012 10:48:11 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 28.11.2012 10:48:12 | Computer Name = jassy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 28.11.2012 10:48:14 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 28.11.2012 10:48:14 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 28.11.2012 10:48:16 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  luafv
 
Error - 28.11.2012 10:48:18 | Computer Name = jassy-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 28.11.2012 10:48:30 | Computer Name = jassy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >
--- --- ---

aswMBR LOGFILE:
Zitat:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 19:10:40
-----------------------------
19:10:40.552 OS Version: Windows 6.1.7601 Service Pack 1
19:10:40.552 Number of processors: 2 586 0xF06
19:10:40.560 ComputerName: JASSY-PC UserName: jassy
19:10:52.805 Initialize success
19:11:00.621 AVAST engine defs: 12112800
19:11:18.897 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
19:11:18.905 Disk 0 Vendor: SAMSUNG_ ZZ10 Size: 381554MB BusType: 3
19:11:18.913 Disk 0 MBR read successfully
19:11:18.920 Disk 0 MBR scan
19:11:18.928 Disk 0 Windows 7 default MBR code
19:11:18.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 29995 MB offset 2048
19:11:18.944 Disk 0 Partition - 00 0F Extended LBA 351557 MB offset 61432560
19:11:18.967 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199996 MB offset 61432623
19:11:18.967 Disk 0 Partition - 00 05 Extended 151560 MB offset 471025800
19:11:19.003 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 50006 MB offset 471027712
19:11:19.011 Disk 0 Partition - 00 05 Extended 101553 MB offset 983033415
19:11:19.042 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 101553 MB offset 573440238
19:11:19.050 Disk 0 scanning sectors +781422768
19:11:19.082 Disk 0 scanning D:\Windows\system32\drivers
19:11:28.998 Service scanning
19:11:35.803 Service kl1 D:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
19:11:35.928 Service KLIM6 D:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
19:11:35.975 Service klkbdflt D:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
19:11:35.991 Service klmouflt D:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
19:11:36.038 Service kltdi D:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
19:11:36.084 Service kneps D:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
19:11:50.159 Modules scanning
19:11:54.970 Disk 0 trace - called modules:
19:11:54.986 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
19:11:54.986 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864a67c8]
19:11:54.986 3 CLASSPNP.SYS[899cb59e] -> nt!IofCallDriver -> [0x854c7700]
19:11:54.986 5 ACPI.sys[83e503d4] -> nt!IofCallDriver -> \Device\00000062[0x85e20788]
19:11:54.986 Scan finished successfully
19:12:33.353 Disk 0 MBR has been saved successfully to "D:\Users\jassy\Desktop\MBR.dat"
19:12:33.361 The log file has been saved successfully to "D:\Users\jassy\Desktop\aswMBR.txt"

 

Themen zu Malware Problem "Savenow", "Superfish" etc.
7-zip, adobe reader xi, antwort, aswmbr, ausmachen, avp.exe, canon, classpnp.sys, cosinus, cubase, ebay, enigma, erstell, extrem, folge, folgendes, install.exe, kaspersky, leiste, malware, malware problem, nerve, neuste, plug-in, poppen, popups, poste, problem, rechner, seite, seiten, spielen, superfish, taskhost.exe, version, werbebanner


« Bundespolizei Virus (PC gesperrt)/ wpbt0.dll | Incredibar löschen »


Ähnliche Themen: Malware Problem "Savenow", "Superfish" etc.


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Herzlichen Dank "Schrauber" - "Problem mit der Gruppenrichtlinie" blockiert" gelöst
    Lob, Kritik und Wünsche - 11.12.2014 (0)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. WIN 7: Malwarebytes Anti-Malware meldet "PUM.UserWLoad" & "Trojan.Ransom"
    Log-Analyse und Auswertung - 04.09.2013 (21)
  5. SPAM-Vorwurf durch Internet-Anbieter / "Malwarebytes Anti-Malware"-Abstürze / Nachfrage zu "Secunia PSI"
    Log-Analyse und Auswertung - 30.08.2013 (17)
  6. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  10. "Recovery"- und"Bundeskriminalamt"-Malware; Rkill und Malwarebytes öffnen sich nicht
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (9)
  11. "Recovery"- und"Bundeskriminalamt"-Malware; Rkill und Malwarebytes öffnen sich nicht
    Antiviren-, Firewall- und andere Schutzprogramme - 29.05.2011 (2)
  12. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  13. Rogue-Malware "EASY SCAN" alias "HDD Low" Problem beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (9)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  16. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware Problem "Savenow", "Superfish" etc. - Hallo Cosinus und Co. ich habe ein Malwareproblem. Ständig poppen irgendwelche Werbebanner auf Seiten auf, die vorher nicht da waren und gehen mir extrem auf die Nerven. Auffällig bei Ebay - Malware Problem "Savenow", "Superfish" etc....
Archiv
Du betrachtest: Malware Problem "Savenow", "Superfish" etc. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19