| |
| |||||||
Log-Analyse und Auswertung: google chrome lädt falsche websiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.12.2012, 11:29
| #1 |
| |  google chrome lädt falsche website Hallo, ich habe leider ein trojaner problem und wäre froh über eure hilfe. google chrome leitete mich immer wieder auf folgende website weiter, obwohl ich diese nicht aufgerufen habe: hxxp://www.kpoww.com/index.html Ein systemscan fand eine verseuchte datei, welche ich löschte. Nun tritt das Problem nicht mehr auf. Ich bin aber trotzdem noch nicht sicher ob ich tatsächlich sauber bin. Daher führte ich den scan mit OTL durch und bekomme folgende Ergebnisse:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.12.2012 10:54:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 38,26% Memory free
7,78 Gb Paging File | 5,22 Gb Available in Paging File | 67,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 102,54 Gb Total Space | 51,62 Gb Free Space | 50,34% Space Free | Partition Type: NTFS
Drive D: | 121,61 Gb Total Space | 31,24 Gb Free Space | 25,69% Space Free | Partition Type: NTFS
Computer Name: FRITZ-PC | User Name: Fritz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Fritz\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (Iminent)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\PTC\PTC Portmapper\i486_nt\obj\portmap.exe (PTC)
PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3cdcb033f930eb60badfa4500d795edb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\1352c3e5dd49f3bf8c2f8e106ceb79fb\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a27582afda5c9a9258ed2cd787352773\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\59353156806745822ad61a40de8fb631\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\b078e9299fa1ffe96412d2e7ee47a0bb\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\85b47ffb09fa0e2d9b0d56d9ba9933a7\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102cfe160aeb1e16a35890004a421ec9\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6fc86a3e1d07ea824cd49b0c0b19d2f5\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\0d2c8da8749c683b47f01101c9ea26d5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\bb404633d24f5098f9d7f5f5a1d234c3\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\0dd39ca15b3d56a03a31fbf671c80cfe\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\90f1acbd79e2a5fabfb8c516d6be36a3\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ed886fb71addf400705481dcf8de12da\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\avcodec-54.dll ()
MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_de_31bf3856ad364e35\WindowsBase.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (PortmapperService) -- C:\Program Files\PTC/PTC Portmapper/i486_nt/obj/portmap.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (NuTCRACKERService) -- C:\Windows\SysNative\nutsrv4.exe (MKS Software Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (SProtection) -- C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe (Iminent)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS)
SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (McAWFwk) -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (ATP) -- C:\Windows\SysNative\drivers\AsusTP.sys (ASUS Corporation)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (AsusVBus) -- C:\Windows\SysNative\drivers\AsusVBus.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AsusVTouch) -- C:\Windows\SysNative\drivers\AsusVTouch.sys (ASUS)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)
DRV:64bit: - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (DptfManager) -- C:\Windows\SysNative\drivers\DptfManager.sys (Intel Corporation)
DRV:64bit: - (DptfDevProc) -- C:\Windows\SysNative\drivers\DptfDevProc.sys (Intel Corporation)
DRV:64bit: - (DptfDevDram) -- C:\Windows\SysNative\drivers\DptfDevDram.sys (Intel Corporation)
DRV:64bit: - (DptfDevPch) -- C:\Windows\SysNative\drivers\DptfDevPch.sys (Intel Corporation)
DRV:64bit: - (DptfDevGen) -- C:\Windows\SysNative\drivers\DptfDevGen.sys (Intel Corporation)
DRV:64bit: - (DptfDevFan) -- C:\Windows\SysNative\drivers\DptfDevFan.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4076226368-348857313-2692740170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-4076226368-348857313-2692740170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-4076226368-348857313-2692740170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.12.15 10:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.12.15 10:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.12.15 10:47:40 | 000,000,000 | ---D | M]
[2012.12.13 17:44:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fritz\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.11.06 17:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Fritz\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi
========== Chrome ==========
CHR - homepage: hxxp://www.startfenster.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.startfenster.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Fritz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Adblock Plus = C:\Users\Fritz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ASUS Browser Extension x64) - {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll (ASUSTeK Computer Inc.)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121019220736.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ASUS Browser Extension x86) - {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121019220736.dll (McAfee, Inc.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.)
O4:64bit: - HKLM..\Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NuTCSetupEnviron] C:\PROGRA~1\PTC\MKSTOO~1\bin\ncoeenv.exe (MKS Software Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SPUpdSentinel] C:\Program Files (x86)\Common Files\Umbrella\Umbrella_bkp.exe (Iminent)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\nutafun4.dll (MKS Software Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\nutafun4.dll (MKS Software Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\nutafun4.dll (MKS Software Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\nutafun4.dll (MKS Software Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A2DF1EE-11CB-4CC7-906E-16ED011AB381}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{42b4f80c-1f7f-11e2-b248-c48508312549}\Shell - "" = AutoRun
O33 - MountPoints2\{42b4f80c-1f7f-11e2-b248-c48508312549}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{42b4f80c-1f7f-11e2-b248-c48508312549}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{42b4f80c-1f7f-11e2-b248-c48508312549}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.15 10:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.12.15 10:46:13 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\Iminent
[2012.12.15 10:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2012.12.13 17:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PutLockerDownloader
[2012.12.13 17:44:35 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\Mozilla
[2012.12.09 21:24:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.12.09 21:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.12.09 20:48:52 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\Malwarebytes
[2012.12.09 20:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.09 20:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.07 16:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Franzis
[2012.12.05 23:47:07 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Local\Diagnostics
[2012.11.23 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\Fritz\Application Data
[2012.11.23 22:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maple 16
[2012.11.23 22:34:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2012.11.23 22:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\Maple 16
[2012.11.23 22:31:53 | 000,000,000 | -H-D | C] -- C:\Users\Fritz\InstallAnywhere
[2012.11.23 22:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Umbrella
[2012.11.23 22:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2012.11.23 22:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2012.11.23 22:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012.11.23 22:07:14 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\uTorrent
[2012.11.23 16:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\{7C332E1C-B96C-4192-8CE6-B4AD1645AA40}
[2012.11.22 03:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.22 03:24:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.22 03:24:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.21 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\Scilab
[2012.11.21 20:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\scilab-5.4.0
[2012.11.21 20:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\scilab-5.4.0
[2012.11.18 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\PE International
[2012.11.18 15:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PE International
[2012.11.18 15:29:56 | 000,000,000 | ---D | C] -- C:\Users\Fritz\Documents\GaBi
[2012.11.18 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Local\PackageAware
[2012.11.17 15:01:48 | 000,000,000 | ---D | C] -- C:\Users\Fritz\Documents\gamsdir
[2012.11.17 14:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMS
[2012.11.17 14:58:11 | 000,000,000 | ---D | C] -- C:\GAMS
[2012.11.17 13:12:18 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.17 13:12:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.17 13:09:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.17 13:09:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.17 13:09:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.17 13:09:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.17 13:09:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.17 13:09:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.17 13:09:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.17 13:09:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.17 13:09:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.17 13:09:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.17 13:09:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.17 13:09:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.17 13:09:01 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.17 13:09:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.17 13:09:01 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.17 13:08:44 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.17 13:08:43 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.17 13:08:43 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.17 13:08:43 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.16 10:35:28 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.16 10:35:28 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.16 10:35:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.16 10:35:19 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.16 10:35:19 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.16 10:35:18 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.16 10:35:18 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.16 10:35:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.16 10:35:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.16 10:35:00 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.16 10:35:00 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.15 18:05:25 | 000,000,000 | --SD | C] -- C:\Users\Fritz\Documents\Meine Shapes
[2012.11.15 17:18:28 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Roaming\e-academy Inc
[2012.11.15 17:18:28 | 000,000,000 | ---D | C] -- C:\Users\Fritz\AppData\Local\e-academy Inc
========== Files - Modified Within 30 Days ==========
[2012.12.15 10:56:17 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.15 10:51:17 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012.12.15 10:51:13 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.15 10:51:13 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.15 10:50:55 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.15 10:50:55 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.15 10:50:55 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.15 10:50:55 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.15 10:50:55 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.15 10:46:13 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.12.15 10:45:46 | 000,000,380 | ---- | M] () -- C:\Users\Fritz\AppData\Roaming\sp_data.sys
[2012.12.15 10:45:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.15 10:45:35 | 3131,351,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 00:56:35 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.24 13:03:00 | 000,466,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.23 22:38:14 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\WMIMPLEX.dll
[2012.11.23 22:38:14 | 000,033,280 | ---- | M] () -- C:\Windows\SysNative\maplec.dll
[2012.11.23 22:38:14 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Maple 16 Portal.lnk
[2012.11.23 22:38:13 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Maple 16.lnk
[2012.11.23 22:09:40 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.11.23 22:09:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\extensions.sqlite
[2012.11.23 22:09:05 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.11.22 03:24:48 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.21 20:32:18 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\scilab-5.4.0.lnk
[2012.11.17 14:58:51 | 000,001,624 | ---- | M] () -- C:\Users\Fritz\Desktop\GAMS win64 23.9.5.lnk
[2012.11.15 17:18:28 | 000,003,139 | ---- | M] () -- C:\Users\Fritz\Desktop\Secure Download Manager.lnk
[2012.11.15 15:28:17 | 001,507,603 | ---- | M] () -- C:\Users\Fritz\Desktop\unlike_u.JPG
========== Files Created - No Company Name ==========
[2012.11.23 22:38:14 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\WMIMPLEX.dll
[2012.11.23 22:38:14 | 000,033,280 | ---- | C] () -- C:\Windows\SysNative\maplec.dll
[2012.11.23 22:38:14 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Maple 16 Portal.lnk
[2012.11.23 22:38:13 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Maple 16.lnk
[2012.11.23 22:09:37 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012.11.23 22:09:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\extensions.sqlite
[2012.11.23 22:09:05 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012.11.21 20:32:18 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\scilab-5.4.0.lnk
[2012.11.17 14:58:51 | 000,001,624 | ---- | C] () -- C:\Users\Fritz\Desktop\GAMS win64 23.9.5.lnk
[2012.11.17 13:12:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 13:08:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 17:18:28 | 000,003,139 | ---- | C] () -- C:\Users\Fritz\Desktop\Secure Download Manager.lnk
[2012.11.15 15:26:24 | 001,507,603 | ---- | C] () -- C:\Users\Fritz\Desktop\unlike_u.JPG
[2012.10.29 15:40:21 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.10.29 15:40:21 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.10.29 15:39:25 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2012.10.29 15:38:02 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012.10.29 15:38:01 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.10.29 15:37:49 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.10.29 15:37:44 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.10.23 16:48:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\.prod_dcu..lck
[2012.10.19 13:28:52 | 000,000,380 | ---- | C] () -- C:\Users\Fritz\AppData\Roaming\sp_data.sys
[2012.07.30 03:49:44 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.07.30 03:49:38 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.07.30 03:49:29 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.07.30 03:49:23 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.04.20 21:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.02.24 03:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2012.02.24 03:28:11 | 008,953,688 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.10.19 13:36:53 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\ASUS WebStorage
[2012.10.29 15:43:09 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\ControlCenter4
[2012.11.15 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\e-academy Inc
[2012.11.08 17:53:48 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\pdfforge
[2012.11.18 15:30:30 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\PE International
[2012.10.29 11:24:53 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\pim
[2012.10.23 16:49:49 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\PTC
[2012.10.22 20:03:57 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\PTC Download
[2012.11.21 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\Scilab
[2012.10.26 16:09:44 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\SoftGrid Client
[2012.10.19 17:40:39 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\TP
[2012.12.15 10:56:54 | 000,000,000 | ---D | M] -- C:\Users\Fritz\AppData\Roaming\uTorrent
========== Purity Check ==========
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.12.2012 10:54:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,89 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 38,26% Memory free
7,78 Gb Paging File | 5,22 Gb Available in Paging File | 67,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 102,54 Gb Total Space | 51,62 Gb Free Space | 50,34% Space Free | Partition Type: NTFS
Drive D: | 121,61 Gb Total Space | 31,24 Gb Free Space | 25,69% Space Free | Partition Type: NTFS
Computer Name: FRITZ-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4076226368-348857313-2692740170-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01872C88-7918-4EEB-837F-3E868639CD21}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{078799C3-9F56-420A-9F24-922B4F47E273}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0AF3D6E2-2013-4BBF-A632-60ABDD64BAA3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0B5B66DE-FA11-44CA-9647-0CABE5B499F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10F089C9-D5E3-4C83-B240-4D4F2ADB06FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{243E1109-1CFD-4276-9457-6062E82628A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2B44D17B-DBE4-4CF9-B967-B8142045730C}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D010DD4-8944-4CE0-A14A-A6C2CA7881AD}" = lport=139 | protocol=6 | dir=in | app=system |
"{41D167F7-3DB7-4A31-8F5E-F7E72D893085}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4DDB0C46-C2DA-4CE5-8136-BD481A091EFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55BFA4D1-91B5-4BAC-A116-D667A40869FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{5622F1C6-E96C-47D9-BA37-B9170383DB40}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C252FFB-EF8B-4128-B331-3648FEB04CA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74D0A447-3D95-42D5-9FB0-8213C623081C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{812AD510-0C93-449E-B686-CC881AAAA6FA}" = rport=139 | protocol=6 | dir=out | app=system |
"{89C1CB03-D85C-44C0-ADDA-2916E1274841}" = rport=445 | protocol=6 | dir=out | app=system |
"{94899F9E-DC6F-4042-8906-D56430D3C408}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B4E9F4CB-05F3-4C09-B51E-3197F5DABDCF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5CC0E95-DA49-4263-89E4-B96E7D1BF5CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C8484A22-4D5F-4829-9F63-5D8BAD8CF0C0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CC2FA0D6-5B02-4495-8C1B-A11EC8903521}" = lport=445 | protocol=6 | dir=in | app=system |
"{E61AF743-3398-4083-A792-ACE03892F3EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2F69FB4-19ED-4ED8-8FAF-5726A21359CE}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7BBE574-8F1E-49D7-8D9C-E18CB1C3976B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098623B7-B92A-40AB-BE47-B5E7B3D592BD}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{137BFCEB-5211-4845-A7FD-7178B50B7D19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{14415694-516E-4D3B-91CC-042C8A20E9C3}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{18959763-F794-4C31-8CA6-C448877202CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C2E4A56-26D4-47B5-8B57-E0559A755F4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D911AD1-3B33-4B66-880B-5493A34E5692}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E64BD05-FB7D-4611-A139-765FE68A780C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4C14638A-68EA-4CDA-932A-29D6CEC6DF3A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4C28A515-0AAF-4B54-9B59-4DB1CA6FA9AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A79CD41-F472-40EB-9860-09FE3492AA49}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5CCB4772-EB2B-4BB8-B832-CFE498B5E0D8}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"{61096F67-9AF0-4EA5-8F50-F857AC9E858E}" = protocol=6 | dir=out | app=system |
"{615E45B5-3100-4D42-8CB5-0FE8A370C552}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A5F84F0-AA80-4E6B-942F-BE8F13CD6C79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{722F3E6D-2221-4BC0-B1E2-2A0D0889048B}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe |
"{7942F14D-16C0-444E-92E5-A07FC069EC1F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{79A71D02-10FF-4C6C-B709-069C0B05AE8A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7A344F2E-5691-4A08-B09E-B884E93A0045}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{93FD101A-C929-4563-B5C5-B154F36442A2}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{9419C1DF-4821-4515-9C58-76304F99425C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{954D9DDD-A4C2-4D00-B716-C22404BF4FE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A0D46AB8-5660-4053-A9DE-B134C5BDFFE6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A523861A-B8C7-403B-B151-3048496FD61C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C65DB3A7-E945-4DA1-9777-427095BACF8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBE2E2E5-DCF7-4855-83F9-59B0EE6FB978}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC706CE8-0376-4903-863C-E8037F45E2FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CD93F4A1-7AAD-4FB9-8D59-6CE7EC93CB70}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D112FF6B-B980-4C1D-B832-0BC0012FCEA2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D1F87E2D-6F07-4FB9-B5B7-287237F6A9E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E43D12D0-E81D-4B07-AA88-9118E045B644}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8E343EC-6956-423A-A95B-97BB384DE00C}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{FDB5FE99-1F41-4BD7-9644-FA060F0298DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{043B111B-11E2-45F8-9411-664322E4ED3F}C:\program files\ptc\creo 2.0\common files\m020\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo 2.0\common files\m020\x86e_win64\nms\nmsd.exe |
"TCP Query User{BF2A99C8-6DC7-469C-B5B4-B4C760732973}C:\program files\ptc\creo 2.0\common files\m020\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo 2.0\common files\m020\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{CAD7D8B0-3FE0-46DF-91D7-0B4B8584D62E}C:\program files\ptc\creo 2.0\common files\m020\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\ptc\creo 2.0\common files\m020\x86e_win64\obj\xtop.exe |
"UDP Query User{2CC7730E-0DF2-4A18-9513-39ADCEE10C3C}C:\program files\ptc\creo 2.0\common files\m020\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo 2.0\common files\m020\x86e_win64\nms\nmsd.exe |
"UDP Query User{8BA501CC-6865-4BB0-93BB-D6ADC0BCD711}C:\program files\ptc\creo 2.0\common files\m020\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo 2.0\common files\m020\x86e_win64\obj\xtop.exe |
"UDP Query User{E142A1CF-1AE5-4E84-9126-99AF19F90B59}C:\program files\ptc\creo 2.0\common files\m020\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\ptc\creo 2.0\common files\m020\x86e_win64\obj\pro_comm_msg.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series" = Canon MP550 series MP Drivers
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{30023972-0000-0903-9ABB-000BDB5CF35D}" = MKS Platform Components 9.x
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-1000-0000000FF1CE}_Office14.VISIOR_{1F29ED16-958F-4278-B8DD-5F421E1166DA}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B9EE2364-A67C-40DD-8413-495E2C7FBCD0}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F0B52181-4318-4EF9-A835-187EC09569DD}" = Creo Thumbnail Viewer 2.0
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2BD897DEE9289F769D9176245811D5330A360B0B" = Windows-Treiberpaket - ASUS (ATP) Mouse (08/27/2012 1.0.0.125)
"GAMS win64 23.9_is1" = GAMS win64 23.9.5
"Maple 16" = Maple 16
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"myBitCast" = myBitCast 1.0.0.3
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"ProInst" = Intel PROSet Wireless
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3D2C04FC-1F9B-4C13-BA4A-E21E5C6A26C5}" = Creo Platform 2.10
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}" = Intel(R) WiDi
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
"{830F55B6-4398-4B72-A0D8-66397B902C0E}" = Brother MFL-Pro Suite MFC-J5910DW
"{836CC6A9-9789-4A4A-A950-D06B1C54C10A}" = PTC Quality Agent
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B7B60C4F-0DB8-42EF-8EDC-5F21D4C2D73F}" = ASUS PWR Option
"{CD49AEDB-FFB4-4A9A-A3C2-E9AF814FE6FE}" = Intel® AT Service signup
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel(R) Rapid Start Technology
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Creo Direct Version 2.0 Datecode [M020]" = Creo Direct Version 2.0 Datecode [M020]
"Creo Distributed Services Manager Version 2.0 Datecode [M020]" = Creo Distributed Services Manager Version 2.0 Datecode [M020]
"Creo Parametric Version 2.0 Datecode [M020]" = Creo Parametric Version 2.0 Datecode [M020]
"Creo Simulate Version 2.0 Datecode [M020]" = Creo Simulate Version 2.0 Datecode [M020]
"Game Park Console" = Game Park Console
"Google Chrome" = Google Chrome
"InstallShield_{54A168C9-2250-4058-80EB-1F4A4192548A}" = AX88772B Windows 7 Drivers
"Maple 16" = Maple 16
"MSC" = McAfee Internet Security
"PTC Portmapper Version 2.0 Datecode [M020]" = PTC Portmapper Version 2.0 Datecode [M020]
"scilab-5.4.0_is1" = scilab-5.4.0
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.12.2012 06:58:06 | Computer Name = Fritz-PC | Source = Iminent | ID = 0
Description =
Error - 06.12.2012 16:55:53 | Computer Name = Fritz-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.0.0.396,
Zeitstempel: 0x4cc5e97b Name des fehlerhaften Moduls: AGM.dll, Version: 4.21.16.1,
Zeitstempel: 0x4cc5f80d Ausnahmecode: 0xc0000005 Fehleroffset: 0x000362be ID des fehlerhaften
Prozesses: 0xe88 Startzeit der fehlerhaften Anwendung: 0x01cdd3e5654512fa Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AGM.dll
Berichtskennung:
5278e975-3fe7-11e2-87bc-c48508312549
Error - 07.12.2012 09:06:27 | Computer Name = Fritz-PC | Source = Iminent | ID = 0
Description =
Error - 09.12.2012 09:26:05 | Computer Name = Fritz-PC | Source = Iminent | ID = 0
Description =
Error - 09.12.2012 09:52:53 | Computer Name = Fritz-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/09 14:52:53.625]: [00001072]: BrStiIf: GetDeviceList
Failed! pStiInfo = 0x0..
Error - 09.12.2012 09:52:53 | Computer Name = Fritz-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/09 14:52:53.625]: [00001072]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 09.12.2012 09:52:53 | Computer Name = Fritz-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/09 14:52:53.625]: [00001072]: Initialize TwdsMain
Class failed!
Error - 09.12.2012 09:52:53 | Computer Name = Fritz-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/09 14:52:53.875]: [00001072]: BrStiIf: GetDeviceList
Failed! pStiInfo = 0x0..
Error - 09.12.2012 09:52:53 | Computer Name = Fritz-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/09 14:52:53.875]: [00001072]: ##### Fatal ERROR!!
Create STI-device failed! #####
Error - 09.12.2012 09:52:53 | Computer Name = Fritz-PC | Source = Brother BrLog | ID = 1001
Description = TWN BrtTWN: [2012/12/09 14:52:53.875]: [00001072]: Initialize TwdsMain
Class failed!
[ System Events ]
Error - 03.12.2012 06:34:21 | Computer Name = Fritz-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 06:58:07 | Computer Name = Fritz-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.178.41 registriert werden. Der Computer mit IP-Adresse 192.168.178.39
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 03.12.2012 07:10:20 | Computer Name = Fritz-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 07:34:23 | Computer Name = Fritz-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 08:10:21 | Computer Name = Fritz-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 08:46:21 | Computer Name = Fritz-PC | Source = bowser | ID = 8003
Description =
Error - 03.12.2012 09:10:20 | Computer Name = Fritz-PC | Source = bowser | ID = 8003
Description =
Error - 05.12.2012 06:53:35 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst BFE erreicht.
Error - 05.12.2012 06:54:05 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst BFE erreicht.
Error - 05.12.2012 06:54:35 | Computer Name = Fritz-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst BFE erreicht.
< End of report >
für eure hilfe wäre ich sehr dankbar. Geändert von Fritz1 (15.12.2012 um 11:34 Uhr) |
|
15.12.2012, 12:48
| #2 | |
| /// TB-Ausbilder   | google chrome lädt falsche website Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Zitat:
Ohne weitere Details sind solche Informationen wertlos. Also poste mir bitte, was wo wann gefunden wurde. Schritt 1 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 2 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 3 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
15.12.2012, 13:40
| #3 |
| | google chrome lädt falsche website Hey Matthias,
__________________danke für deine schnelle antwort. habe einen quick scan mit Malwarebytes Anti-Malware durchgeführt. es wurde folgende datei gelöscht und in quarantäne gestellt: installer_maple_7_4_Deutsch.exe (Adware.Downware) gruß, Fritz nach der durchführung von schritt 1 wurde leider keine logdatei auf meinem desktop erstellt  Geändert von Fritz1 (15.12.2012 um 13:46 Uhr) |
|
15.12.2012, 14:53
| #4 |
| /// TB-Ausbilder | google chrome lädt falsche website Servus, vielen Dank für die Rückmeldungen.  Fahre bitte mit den anderen Schritten fort und poste die Logdateien.  |
|
15.12.2012, 16:12
| #5 |
| | google chrome lädt falsche website hier schon mal die logdatei von schritt 2 |
|
15.12.2012, 16:24
| #6 |
| | google chrome lädt falsche website die TDSSKILLER datei musste ich splitten da sie sonst zu groß gewesen wäre |
|
15.12.2012, 17:34
| #7 |
| /// TB-Ausbilder | google chrome lädt falsche website Servus, Schritt1 Ich sehe, dass du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall uTorrent. Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und das ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass du dir eine infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software / Programme deinstallieren und deinstalliere die oben genannte Software. Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 4 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
15.12.2012, 18:34
| #8 |
| | google chrome lädt falsche website habe das programm deinstalliert, anbei die log dateien |
|
16.12.2012, 11:53
| #9 | |
| /// TB-Ausbilder | google chrome lädt falsche website Servus, Aus deinem Logfile: Zitat:
Dateien, wie crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Außerdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten. Damit ist das Thema beendet. |
|
| Themen zu google chrome lädt falsche website |
| adblock, canon, chrome, datei, falsche, falsche website, fatal error, folge, folgende, führte, google, google chrome, immer wieder, install.exe, lädt, lösch, nicht mehr, nicht sicher, plug-in, problem, sauber, sprotection, systemscan, tritt, troja, trojaner, trojaner problem, usb 2.0, usb 3.0, verseuchte, website, win64 |
WARNUNG an die MITLESER: 
Linear-Darstellung
