| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.BlabbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.12.2012, 12:25
| #1 |
| |  PUP.Blabbers Hallo zusammen, ich habe seit kurzem das Problem, das sich im Firefox immer eine Werbeseite öffnet, wenn ich ein offene Seite an klicke, oder eine neu Seite über meine Favoriten öffne. Ich habe mir Malwarebytes Anti-Malware runter geladen und einen Vollständigen scan durgeführt. Die Log datei habe ich angehängt. Ich hoffe Ihr könnt mir Helfen  |
|
11.12.2012, 13:22
| #2 | |
| | PUP.BlabbersZitat:
Hier das Ergebnis: # AdwCleaner v2.100 - Datei am 11/12/2012 um 13:17:02 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits) # Benutzer : hecklau - HECKLAUJ02 # Bootmodus : Normal # Ausgeführt unter : C:\Users\hecklau\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk Datei Gefunden : C:\Users\hecklau\AppData\Roaming\Mozilla\Firefox\Profiles\g33a8ykm.default\searchplugins\Plusnetwork.xml Ordner Gefunden : C:\Program Files (x86)\BrowserCompanion Ordner Gefunden : C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb Ordner Gefunden : C:\Users\hecklau\AppData\Roaming\BrowserCompanion Ordner Gefunden : C:\Users\hecklau\AppData\Roaming\Mozilla\Firefox\Profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com Ordner Gefunden : C:\Users\Install\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Schlüssel Gefunden : HKLM\Software\BrowserCompanion Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BHO.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} Schlüssel Gefunden : HKU\S-1-5-21-1601906125-279381933-2032345518-14107\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v12.0 (de) Profilname : default Datei : C:\Users\hecklau\AppData\Roaming\Mozilla\Firefox\Profiles\g33a8ykm.default\prefs.js Gefunden : user_pref("browser.search.selectedEngine", "Plus! Network"); Gefunden : user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=vit4&q="); Profilname : default Datei : C:\Users\Install\AppData\Roaming\Mozilla\Firefox\Profiles\ufx5vgiy.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3039 octets] - [11/12/2012 13:17:02] ########## EOF - C:\AdwCleaner[R1].txt - [3099 octets] ########## |
|
11.12.2012, 17:01
| #3 |
| /// Helfer-Team  | PUP.Blabbers Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
[/INDENT]
__________________ |
|
12.12.2012, 11:35
| #4 | ||
| | PUP.Blabbers Vielen Dank für die schnelle Antwort :-) Ich habe Deine Schritte befolgt und hier sind die Ergebnisse Malwarebytes Anti-Rootkit log 1: Zitat:
Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.12.2012 11:26:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hecklau\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,93% Memory free 15,77 Gb Paging File | 13,47 Gb Available in Paging File | 85,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 75,00 Gb Total Space | 16,63 Gb Free Space | 22,18% Space Free | Partition Type: NTFS Drive D: | 222,99 Gb Total Space | 76,60 Gb Free Space | 34,35% Space Free | Partition Type: NTFS Drive G: | 111,57 Gb Total Space | 32,07 Gb Free Space | 28,75% Space Free | Partition Type: NTFS Drive H: | 117,19 Gb Total Space | 12,72 Gb Free Space | 10,86% Space Free | Partition Type: NTFS Drive I: | 546,48 Gb Total Space | 60,72 Gb Free Space | 11,11% Space Free | Partition Type: NTFS Drive K: | 279,37 Gb Total Space | 25,38 Gb Free Space | 9,08% Space Free | Partition Type: NTFS Drive M: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Drive N: | 546,48 Gb Total Space | 60,72 Gb Free Space | 11,11% Space Free | Partition Type: NTFS Drive O: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Drive P: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS Drive Q: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS Drive R: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Drive S: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS Drive T: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS Drive U: | 136,62 Gb Total Space | 42,07 Gb Free Space | 30,79% Space Free | Partition Type: NTFS Computer Name: HECKLAUJ02 | User Name: hecklau | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\hecklau\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe () PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - D:\Programme\Synergy\synergys.exe () PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - D:\Programme\VMware\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - D:\Programme\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) PRC - d:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - d:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - D:\Programme\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies) PRC - D:\Programme\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies) PRC - D:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\SwyxIt!\ODialer.exe (Swyx Solutions) PRC - C:\Program Files (x86)\SwyxIt!\CLMgr.exe (Swyx Solutions) PRC - C:\Program Files (x86)\SwyxIt!\SwyxIt!.exe (Swyx Solutions) PRC - D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe () MOD - D:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\IpPbxCDSSharedLib\6.20.0.430__cf78dfa0a74454f8\IpPbxCDSSharedLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\Xceed.Compression\3.7.8113.16100__ba83ff368b7563c6\Xceed.Compression.dll () MOD - C:\Windows\assembly\GAC_MSIL\IpPbxWin32\1.0.0.2__cf78dfa0a74454f8\IpPbxWin32.dll () MOD - C:\Windows\assembly\GAC_MSIL\IpPbxTracing\1.0.0.0__cf78dfa0a74454f8\IpPbxTracing.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll () MOD - D:\Programme\Software4u\iPhone Explorer\Software4u.IPhoneLib.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - D:\Programme\CheckPoint\Endpoint Connect\imageformats\qgif4.dll () MOD - D:\Programme\CheckPoint\Endpoint Connect\QtGui4.dll () MOD - D:\Programme\CheckPoint\Endpoint Connect\QtCore4.dll () MOD - C:\Program Files (x86)\SwyxIt!\SPLicense.dll () MOD - C:\Program Files (x86)\SwyxIt!\PlantronicsDeviceEventSink.dll () MOD - C:\Program Files (x86)\SwyxIt!\IpPbxCDSClientLib.XmlSerializers.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Synergy Server) -- D:\Programme\Synergy\synergys.exe () SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- D:\Programme\VMware\vmware-authd.exe (VMware, Inc.) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (VmbService) -- D:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone) SRV - (tmlisten) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.) SRV - (ntrtscan) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.) SRV - (MSSQLSERVER) -- d:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (MSSQL$TEST) -- d:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (TracSrvWrapper) -- D:\Programme\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies) SRV - (TmProxy) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) SRV - (CVPND) -- D:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (TmFilter) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys (Trend Micro Inc.) DRV - (TmPreFilter) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys (Trend Micro Inc.) DRV - (VSApiNt) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys (Trend Micro Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9} IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Plus! Network" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: coralietab@mozdev.org:2.04.20110724 FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.1 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: ffe_ff3aeroff4@game-point.net:2.0.1 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.6.2 FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {269e35b1-cdde-11de-8a39-0800200c9a67}:0.3.3 FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2 FF - prefs.js..keyword.URL: "hxxp://www.searchplusnetwork.com/?sp=vit4&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: D:\Programme\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2012.04.13 15:05:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 12:06:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.22 08:37:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.08.16 07:53:23 | 000,000,000 | ---D | M] [2012.04.10 14:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\Extensions [2012.12.03 17:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions [2012.04.13 14:56:28 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9} [2012.04.13 14:55:39 | 000,000,000 | ---D | M] (Netfox) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\{269e35b1-cdde-11de-8a39-0800200c9a67} [2012.07.31 08:56:25 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66} [2012.08.22 17:07:46 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com [2012.04.13 14:45:52 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\coralietab@mozdev.org [2012.11.23 17:33:41 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\foxyproxy@eric.h.jung [2012.07.31 08:53:18 | 000,827,050 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\ffe_ff3aeroff4@game-point.net.xpi [2012.12.03 17:52:24 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.12.02 11:26:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2012.12.11 11:59:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2012.12.11 11:59:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012.12.12 10:53:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire [2012.12.10 11:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012.10.22 11:04:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire [2012.12.12 11:17:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire [2012.12.11 11:59:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire [2012.11.27 10:49:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire [2012.11.21 13:55:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire [2012.12.12 10:53:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2012.12.11 11:59:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire [2012.12.11 11:59:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012.10.30 10:26:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire [2012.10.29 09:16:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire [2012.12.11 11:59:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire [2012.10.30 09:03:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire [2012.11.20 10:44:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire [2012.12.11 11:59:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012.11.20 10:44:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire [2012.10.22 11:04:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire [2012.12.11 11:59:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2012.12.10 11:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012.12.10 11:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012.08.22 17:07:46 | 000,002,792 | ---- | M] () -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\searchplugins\Plusnetwork.xml [2012.03.29 09:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.29 09:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.07.30 10:53:24 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Check Point Endpoint Security] D:\Programme\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [MobileBroadband] D:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Synergy] D:/Programme/Synergy/synergy.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1601906125-279381933-2032345518-14107..\Run: [DAEMON Tools Lite] D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1601906125-279381933-2032345518-14107..\Run: [iPhone Explorer Launcher] D:\Programme\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKU\S-1-5-21-68118334-1497826446-2629867153-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Users\hecklau\Desktop\mbar-1.01.0.1011\mbar\mbar.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-68118334-1497826446-2629867153-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Markierte Rufnummer/URI wählen - C:\Program Files (x86)\SwyxIt!\IEDial.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: SwyxIt! Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files (x86)\SwyxIt!\IEDial.htm () O9 - Extra 'Tools' menuitem : SwyxIt! Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files (x86)\SwyxIt!\IEDial.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn.seeburger.de/+CSCOL+/cscopf.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://213.211.239.30/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.66 10.0.0.68 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = seeburger.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93D81343-5FB2-474E-952F-9970D57B7C90}: DhcpNameServer = 10.0.0.66 10.0.0.68 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9452D8E-37B4-4949-8D4A-C998A832E352}: DhcpNameServer = 139.7.30.126 139.7.30.125 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.06.17 16:15:47 | 000,000,000 | ---D | M] - N:\Automotive -- [ NTFS ] O32 - AutoRun File - [2012.03.14 14:19:37 | 000,000,000 | ---D | M] - O:\Automotive -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.12 11:20:20 | 015,728,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.12.12 09:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell [2012.12.12 09:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell [2012.12.12 09:37:36 | 000,000,000 | ---D | C] -- C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA} [2012.12.11 17:37:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hecklau\Desktop\OTL.exe [2012.12.11 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\hecklau\Desktop\mbar-1.01.0.1011 [2012.12.10 14:45:38 | 000,000,000 | ---D | C] -- C:\Users\hecklau\AppData\Roaming\Malwarebytes [2012.12.10 14:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.10 14:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.10 14:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.30 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.11.30 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\hecklau\AppData\Local\Google [2012.11.30 15:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.11.16 17:45:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.16 17:45:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.16 17:45:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.16 17:45:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.16 17:45:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.16 17:45:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.16 09:30:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.16 09:30:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.16 09:30:23 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.16 09:30:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.16 09:30:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.14 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\hecklau\flexdock [2012.11.14 11:54:45 | 000,000,000 | ---D | C] -- C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JasperSoft [2012.11.14 11:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JasperSoft [2012.11.13 13:07:39 | 000,000,000 | ---D | C] -- C:\Users\hecklau\.netbeans [2012.11.13 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\hecklau\.ireport [2012.11.13 13:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jaspersoft [2012.11.13 12:36:44 | 000,000,000 | ---D | C] -- C:\Users\hecklau\.xmldog [2012.11.13 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\hecklau\.easyxmleditor [2012.11.13 11:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy XML Editor [2012.11.13 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy XML Editor [2012.11.13 11:43:00 | 000,000,000 | ---D | C] -- C:\Users\hecklau\Application Data [2012.11.13 11:35:40 | 000,000,000 | ---D | C] -- C:\Office Samples [2012.11.13 11:25:46 | 000,000,000 | ---D | C] -- C:\Users\hecklau\AppData\Roaming\com.oxygenxml [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.12 11:20:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.12 11:20:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 11:20:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.12 11:20:20 | 015,728,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2012.12.12 11:17:27 | 000,010,531 | ---- | M] () -- C:\Windows\uedit32.INI [2012.12.12 10:59:53 | 000,000,143 | RHS- | M] () -- C:\ProgramData\3002.xml [2012.12.12 10:59:51 | 000,008,906 | ---- | M] () -- C:\Windows\cfgall.ini [2012.12.12 10:57:47 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.12 10:57:17 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll [2012.12.12 10:57:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.12 10:56:55 | 2053,844,991 | -HS- | M] () -- C:\hiberfil.sys [2012.12.12 10:55:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.12 10:40:59 | 000,002,450 | -H-- | M] () -- C:\Users\hecklau\Documents\Default.rdp [2012.12.11 17:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hecklau\Desktop\OTL.exe [2012.12.11 17:25:39 | 013,485,902 | ---- | M] () -- C:\Users\hecklau\Desktop\mbar-1.01.0.1011.zip [2012.12.11 16:45:11 | 000,003,333 | ---- | M] () -- C:\Users\hecklau\Desktop\Netviewer_Support_Sessions_2041060.csv [2012.12.11 15:14:58 | 053,599,515 | ---- | M] () -- C:\Users\hecklau\Desktop\2012_12_11 14_39_32_865.nvl [2012.12.11 14:36:25 | 035,966,137 | ---- | M] () -- C:\Users\hecklau\Desktop\2012_12_11 14_09_40_451.nvl [2012.12.10 14:45:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.21 09:24:02 | 000,002,052 | RHS- | M] () -- C:\Users\hecklau\ntuser.pol [2012.11.16 15:34:09 | 000,001,344 | ---- | M] () -- C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.11.14 16:15:10 | 725,052,523 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.14 12:43:41 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\iReport-4.7.0.lnk [2012.11.14 11:54:45 | 000,001,186 | ---- | M] () -- C:\Users\hecklau\Desktop\iReport-2.0.2.lnk [2012.11.13 11:48:13 | 000,001,085 | ---- | M] () -- C:\Users\hecklau\Desktop\Easy XML Editor.lnk [2012.11.13 11:48:13 | 000,001,053 | ---- | M] () -- C:\Users\hecklau\Desktop\XML Dog.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.11 17:26:15 | 013,485,902 | ---- | C] () -- C:\Users\hecklau\Desktop\mbar-1.01.0.1011.zip [2012.12.11 14:39:32 | 053,599,515 | ---- | C] () -- C:\Users\hecklau\Desktop\2012_12_11 14_39_32_865.nvl [2012.12.11 14:09:40 | 035,966,137 | ---- | C] () -- C:\Users\hecklau\Desktop\2012_12_11 14_09_40_451.nvl [2012.12.10 14:45:34 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.30 15:50:12 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.30 15:50:08 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.19 13:50:05 | 000,003,333 | ---- | C] () -- C:\Users\hecklau\Desktop\Netviewer_Support_Sessions_2041060.csv [2012.11.14 12:43:41 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\iReport-4.7.0.lnk [2012.11.14 11:54:45 | 000,001,186 | ---- | C] () -- C:\Users\hecklau\Desktop\iReport-2.0.2.lnk [2012.11.13 11:48:13 | 000,001,085 | ---- | C] () -- C:\Users\hecklau\Desktop\Easy XML Editor.lnk [2012.11.13 11:48:13 | 000,001,053 | ---- | C] () -- C:\Users\hecklau\Desktop\XML Dog.lnk [2012.08.29 14:54:37 | 000,000,143 | RHS- | C] () -- C:\ProgramData\3002.xml [2012.08.22 17:13:48 | 000,000,040 | ---- | C] () -- C:\Users\hecklau\AppData\Roaming\cdr.ini [2012.06.07 14:33:40 | 000,007,610 | ---- | C] () -- C:\Users\hecklau\AppData\Local\Resmon.ResmonCfg [2012.06.07 09:53:40 | 000,011,904 | RHS- | C] () -- C:\ProgramData\3002.abs [2012.06.01 12:40:59 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll [2012.05.30 11:39:21 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe [2012.05.30 11:39:20 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe [2012.05.14 15:14:50 | 000,010,531 | ---- | C] () -- C:\Windows\uedit32.INI [2012.04.11 07:57:45 | 001,984,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.10 13:47:15 | 000,002,052 | RHS- | C] () -- C:\Users\hecklau\ntuser.pol [2012.03.29 09:25:13 | 000,008,906 | ---- | C] () -- C:\Windows\cfgall.ini [2012.03.29 08:52:57 | 000,002,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.28 07:17:40 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2012.03.28 07:16:28 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2012.01.31 15:07:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.01.31 15:07:52 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.01.31 15:07:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.01.31 15:07:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.01.31 15:07:44 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.12.2012 11:26:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hecklau\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,88 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,93% Memory free
15,77 Gb Paging File | 13,47 Gb Available in Paging File | 85,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,00 Gb Total Space | 16,63 Gb Free Space | 22,18% Space Free | Partition Type: NTFS
Drive D: | 222,99 Gb Total Space | 76,60 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive G: | 111,57 Gb Total Space | 32,07 Gb Free Space | 28,75% Space Free | Partition Type: NTFS
Drive H: | 117,19 Gb Total Space | 12,72 Gb Free Space | 10,86% Space Free | Partition Type: NTFS
Drive I: | 546,48 Gb Total Space | 60,72 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive K: | 279,37 Gb Total Space | 25,38 Gb Free Space | 9,08% Space Free | Partition Type: NTFS
Drive M: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive N: | 546,48 Gb Total Space | 60,72 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive O: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive P: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive Q: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive R: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive S: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive T: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive U: | 136,62 Gb Total Space | 42,07 Gb Free Space | 30,79% Space Free | Partition Type: NTFS
Computer Name: HECKLAUJ02 | User Name: hecklau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = UltraEdit.ini] -- "F:\Laufwerk_C\Programme\UltraEdit\uedit32.exe" "%1"
.js [@ = UltraEdit.js] -- "F:\Laufwerk_C\Programme\UltraEdit\uedit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- "F:\Laufwerk_C\Programme\UltraEdit\uedit32.exe" "%1"
[HKEY_USERS\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B8AAC5-74BD-4FFD-B4B6-15D83A4E300E}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{242F0E54-66A7-4083-A6E0-0A4FDAEFE02A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{374EDEEC-364D-4FB3-B2EF-05FC60DA7BF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A72F364-A24C-429B-AD72-AA2BDA01DB8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{6ABE42A5-EF7D-4130-8A77-5970912EDCC3}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{6DAE7BB5-E532-49FD-B920-D0DED4EA2B00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7268FED5-69B4-4049-816D-A00E2DCD3D4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{91753AFC-026B-449D-AAB2-1E01420D02E5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{92696278-762F-4920-AA4F-140C9421F7A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99C40EE6-88AC-4FB5-8F7C-16A52F9B1D67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FD4EE6C-1FEC-42AD-BB1F-E6BFD0B73FA4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CE1BB512-7F69-489F-A6D0-17D36892344F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F07A3A29-F034-4439-9A0F-DB32D3488CE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27FF5BFF-B371-4BB7-8B6C-1D2458771557}" = dir=in | app=d:\programme\vmware\vmware-authd.exe |
"{37EFA396-7873-442A-BFB4-CC08BE195780}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{95C4F615-27CC-4EBB-A4AB-070D860BACF8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{97517721-36E3-4581-A1FF-351EFA4A98CA}" = dir=in | app=d:\programme\vmware\vmware-authd.exe |
"{BDBF5313-99C1-4995-B833-74B2AB55E1D2}" = dir=in | app=c:\program files (x86)\swyxit!\clmgr.exe |
"{D9F7CE9F-EF2E-49F3-9EE3-A458479E6FE4}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{E0EDF912-24F9-4333-A63E-BDE4C952B3A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F4EF7853-CE52-4482-9759-CF4A8381DCA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{F3A7B234-916C-4644-AD4D-8D077C9E009C}C:\users\hecklau\desktop\netviewer_support.exe" = protocol=6 | dir=in | app=c:\users\hecklau\desktop\netviewer_support.exe |
"UDP Query User{56C25906-C654-4E69-8260-2B9F2F6E7461}C:\users\hecklau\desktop\netviewer_support.exe" = protocol=17 | dir=in | app=c:\users\hecklau\desktop\netviewer_support.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{291E2930-2240-11E2-BC84-B8AC6F98CCE3}" = Google Earth Plug-in
"{3AD96D37-7CAF-4295-A274-E403F1F38065}" = Tools für Microsoft SQL Server 2005
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{56B6B9B0-C23F-4680-9B06-D96FF8832FB2}" = Microsoft SQL Server 2005 (TEST)
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005
"{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{f508ae38-2d20-413e-a55c-58c86661f045}" = Check Point Endpoint Security
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDEC0704-D15E-4DB8-A624-2256DD4C65D7}" = Dell MFP Laser 3115cn Scanner-Treiber
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BIS Developer Studio_6.3.4" = SEEBURGER BIS Developer Studio 6.3.4
"BIS Process Designer_6.3.4" = SEEBURGER BIS Process Designer 6.3.4
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy XML Editor_is1" = Easy XML Editor 1.6.6
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free Window Registry Repair" = Free Window Registry Repair
"iReport-2.0.2.exe" = iReport 2.0.2
"iReport-4.7.0.exe" = iReport 4.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.STANDARD" = Microsoft Office Standard 2010
"ShareMouse_is1" = ShareMouse v1.0.86
"Spark 2.6.3.12555" = Spark 2.6.3.12555
"Spesoft Audio Converter_is1" = Spesoft Audio Converter 2.6
"Synergy" = Synergy
"TeamViewer 7" = TeamViewer 7
"The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0
"VLC media player" = VLC media player 2.0.1
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.10.2012 12:00:36 | Computer Name = hecklauj02.seeburger.de | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
Error - 18.10.2012 12:00:37 | Computer Name = hecklauj02.seeburger.de | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.10.2012 12:00:37 | Computer Name = hecklauj02.seeburger.de | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
Error - 18.10.2012 12:00:37 | Computer Name = hecklauj02.seeburger.de | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
Error - 19.10.2012 02:50:55 | Computer Name = hecklauj02.seeburger.de | Source = AutoEnrollment | ID = 6
Description =
Error - 19.10.2012 02:51:47 | Computer Name = hecklauj02.seeburger.de | Source = WinMgmt | ID = 10
Description =
Error - 19.10.2012 06:55:55 | Computer Name = hecklauj02.seeburger.de | Source = VmbService | ID = 0
Description = GetClient
Error - 19.10.2012 06:56:12 | Computer Name = hecklauj02.seeburger.de | Source = VmbService | ID = 0
Description = GetLoggedOnUser
Error - 22.10.2012 03:10:29 | Computer Name = hecklauj02.seeburger.de | Source = WinMgmt | ID = 10
Description =
Error - 23.10.2012 03:26:22 | Computer Name = hecklauj02.seeburger.de | Source = WinMgmt | ID = 10
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12.12.2012 04:39:10 | Computer Name = hecklauj02.seeburger.de | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1084 NULL object. Cannot establish a connection at this time.
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Eine vorhandene Verbindung wurde vom Remotehost geschlossen.
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 12.12.2012 05:57:40 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 12.12.2012 05:59:47 | Computer Name = hecklauj02.seeburger.de | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 12.12.2012 05:59:48 | Computer Name = hecklauj02.seeburger.de | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1084 NULL object. Cannot establish a connection at this time.
[ Media Center Events ]
Error - 07.06.2012 02:09:02 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 08:08:37 - Fehler beim Herstellen der Internetverbindung. 08:08:39
- Serververbindung konnte nicht hergestellt werden..
Error - 08.06.2012 03:10:35 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 09:10:35 - Fehler beim Herstellen der Internetverbindung. 09:10:35
- Serververbindung konnte nicht hergestellt werden..
Error - 08.06.2012 03:11:16 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 09:10:41 - Fehler beim Herstellen der Internetverbindung. 09:10:41
- Serververbindung konnte nicht hergestellt werden..
Error - 18.06.2012 01:55:13 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:55:13 - Fehler beim Herstellen der Internetverbindung. 07:55:13
- Serververbindung konnte nicht hergestellt werden..
Error - 18.06.2012 01:55:24 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:55:18 - Fehler beim Herstellen der Internetverbindung. 07:55:18
- Serververbindung konnte nicht hergestellt werden..
Error - 20.06.2012 01:55:49 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:55:49 - Fehler beim Herstellen der Internetverbindung. 07:55:49
- Serververbindung konnte nicht hergestellt werden..
Error - 20.06.2012 01:56:42 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:55:54 - Fehler beim Herstellen der Internetverbindung. 07:55:54
- Serververbindung konnte nicht hergestellt werden..
Error - 16.07.2012 01:35:49 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:35:49 - Fehler beim Herstellen der Internetverbindung. 07:35:49
- Serververbindung konnte nicht hergestellt werden..
Error - 16.07.2012 01:36:02 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:35:55 - Fehler beim Herstellen der Internetverbindung. 07:35:55
- Serververbindung konnte nicht hergestellt werden..
Error - 13.08.2012 01:43:04 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:43:02 - Fehler beim Herstellen der Internetverbindung. 07:43:02
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 01.10.2012 03:47:25 | Computer Name = hecklauj02.seeburger.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 01.10.2012 04:01:28 | Computer Name = hecklauj02.seeburger.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 01.10.2012 05:56:42 | Computer Name = hecklauj02.seeburger.de | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SUB aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 01.10.2012 09:55:44 | Computer Name = hecklauj02.seeburger.de | Source = Service Control Manager | ID = 7034
Description = Dienst "Synergy Server" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 02.10.2012 02:03:35 | Computer Name = hecklauj02.seeburger.de | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem Domänencontroller
in der Domäne SUB aufgrund der folgenden Ursache nicht einrichten: %%1311 Dies kann
zu Authentifizierungsproblemen führen. Stellen Sie sicher, dass der Computer mit
dem Netzwerk verbunden ist. Wenden Sie sich an den Domänenadministrator, wenn das
Problem weiterhin besteht. ZUSÄTZLICHE INFORMATIONEN Wenn dieser Computer ein Domänencontroller
der bestimmten Domäne ist, wird eine sichere Sitzung zum primären Domänencontrolleremulator
in der bestimmten Domäne eingerichtet. Andernfalls richtet dieser Computer eine
sichere Sitzung zu einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error - 02.10.2012 02:03:39 | Computer Name = hecklauj02.seeburger.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 02.10.2012 02:04:17 | Computer Name = hecklauj02.seeburger.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error - 02.10.2012 02:05:07 | Computer Name = hecklauj02.seeburger.de | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Browser erreicht.
Error - 02.10.2012 02:05:17 | Computer Name = hecklauj02.seeburger.de | Source = DCOM | ID = 10016
Description =
Error - 02.10.2012 02:07:17 | Computer Name = hecklauj02.seeburger.de | Source = Service Control Manager | ID = 7031
Description = Der Dienst "OfficeScan NT RealTime Scan" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Neustart des Diensts.
< End of report >
Geändert von Monk71 (12.12.2012 um 11:44 Uhr) |
|
13.12.2012, 18:19
| #5 |
| /// Helfer-Team | PUP.Blabbers Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O4 - Startup: C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
:Files
C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\hecklau\*.tmp
C:\Users\hecklau\AppData\Local\Temp\*.exe
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
14.12.2012, 10:07
| #6 | |
| | PUP.Blabbers Hallo, anbei das OTL Ergebnis. Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk moved successfully.
C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
========== FILES ==========
File\Folder C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\hecklau\*.tmp not found.
C:\Users\hecklau\AppData\Local\Temp\Browser_Helper_Companion_DE.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\Foxit Updater.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\nvvistaservice_2696_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\nvvistaservice_4060_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\nvvistaservice_5008_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\NV_Meet_Participant.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\NV_Support_Participant.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_1584_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_3984_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_4320_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_5180_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_5640_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_6756_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_8764_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\vpnclient_setup.exe moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\hecklau\Desktop\cmd.bat deleted successfully.
C:\Users\hecklau\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: hecklau
->Temp folder emptied: 643028947 bytes
->Temporary Internet Files folder emptied: 59467818 bytes
->FireFox cache emptied: 70937402 bytes
->Flash cache emptied: 28259 bytes
User: Install
->Temp folder emptied: 4376454 bytes
->Temporary Internet Files folder emptied: 36031041 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7136741 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 535970716 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 7194187 bytes
Total Files Cleaned = 1.301,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12142012_093416
Files\Folders moved on Reboot...
C:\Users\hecklau\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2724.log moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Zitat:
|
|
15.12.2012, 15:36
| #7 |
| /// Helfer-Team | PUP.Blabbers Sehr gut!  Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
23.02.2013, 16:20
| #8 |
| /// Helfer-Team | PUP.Blabbers Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu PUP.Blabbers |
| anti-malware, datei, favoriten, firefox, geladen, hallo zusammen, hoffe, klicke, kurzem, log, log datei, malwarebytes, malwarebytes anti-malware, neu, offene, problem, pup.blabbers, runter, scan, vollständige, werbeseite, zusammen, öffnet |
Linear-Darstellung
