| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner ... hat mich auch erwischt :(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.12.2012, 17:16
| #1 |
 |  GVU-Trojaner ... hat mich auch erwischt :( Hallo Trojaner - Board, mich hat der GVU - Trojaner offenbar auch auf dem Hauptrechner erwischt ... Während des Betriebs war der Rechner kurz blockiert / ausgelastet, dann habe ich die GVU Seite gesehen. Ich konnte den Rechner im abgesicherten Modus starten und habe das System auf den letzten Wiederherstellungspunkt zurück gesetzt. Dann habe ich erst mal den Virenscanner (GData) den Rechner prüfen lassen. Der hat nichts gefunden! Inzwischen habe ich hier gelesen und der Malwarebytes Scanner läuft. Dieser hat inzwischen auch schon eine infizierte Datei (Users\...\Java\Deployment...) gefunden. Bei dem Zugriff von Malwarebytes auf die Datei schlug gleichzeitig auch der GData an ... => Exploit.Java.CVE.Z Aber der Scanner läuft noch. Wenn ich das Logfile habe, melde ich mich wieder. Danke für Eure Mühe mit dem Board !!!  Ciao, Mike Hier das erste Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.30.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXXX :: PC-XXX [limitiert] 30.12.2012 15:58:16 mbam-log-2012-12-30 (15-58-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 783067 Laufzeit: 1 Stunde(n), 45 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\XXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-4dd8c918 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) C:\Users\XXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-4dd8c918 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. Jetzt starte ich OTL ... otl.txt Code:
ATTFilter OTL logfile created on: 30.12.2012 17:57:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 73,84% Memory free 15,99 Gb Paging File | 13,77 Gb Available in Paging File | 86,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 80,36 Gb Free Space | 54,86% Space Free | Partition Type: NTFS Drive D: | 367,97 Gb Total Space | 318,97 Gb Free Space | 86,68% Space Free | Partition Type: NTFS Drive E: | 416,96 Gb Total Space | 395,26 Gb Free Space | 94,80% Space Free | Partition Type: NTFS Computer Name: PC-BUERO | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\orgaMAX\orgamaxmobil_service.exe (deltra Business Software GmbH & Co. KG) PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\orgaMAX\DB-Server\bin\delserv.exe (Firebird Project) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () PRC - C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin) PRC - C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe () PRC - C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\orgaMAX\DB-Server\bin\DelGuard.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - C:\Programme\ASUS\Six Engine\pngio.dll () MOD - C:\Programme\ASUS\Six Engine\AsSpindownTimeout.dll () MOD - C:\Programme\ASUS\TurboV EVO\HookKey32.dll () MOD - C:\Programme\ASUS\Six Engine\AsusService.dll () MOD - C:\Programme\ASUS\TurboV EVO\pngio.dll () MOD - C:\Windows\SysWOW64\AsIO.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (orgaMAXMobileService) -- C:\orgaMAX\orgamaxmobil_service.exe (deltra Business Software GmbH & Co. KG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (deltraDBServer) -- C:\orgaMAX\DB-Server\bin\delserv.exe (Firebird Project) SRV - (DirMngr) -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (VMwareServerWebAccess) -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe () SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (deltraDBGuard) -- C:\orgaMAX\DB-Server\bin\delguard.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin) DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV - (GRD) -- C:\Windows\SysWOW64\drivers\GRD.sys (G Data Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 73 28 F2 5F DF CD 01 [binary data] IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: silvermelxt%40pardal.de:1.5.4 FF - prefs.js..extensions.enabledAddons: yslow%40yahoo-inc.com:3.1.4 FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.6 FF - prefs.js..extensions.enabledAddons: %7B3b56bcc7-54e5-44a2-9b44-66c3ef58c13e%7D:0.9.5.1 FF - prefs.js..extensions.enabledAddons: %7B4093c4de-454a-4329-8aff-c6b0b123c386%7D:0.8.11 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.41 FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1 FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3 FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0 FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.26 FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2 FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.1.3 FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1 FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0 FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1 FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.6 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 07:26:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 07:26:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:42:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 07:26:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 07:26:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:42:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.24 18:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions [2010.07.31 22:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.24 18:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.12.25 23:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions [2012.11.30 12:26:58 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.12.25 10:23:31 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2012.08.24 06:12:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2011.12.23 00:47:18 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2012.08.28 23:18:13 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2011.01.07 21:42:01 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2012.12.25 23:16:32 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\keefox@chris.tomlinson [2012.12.12 21:17:06 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\firebug@software.joehewitt.com.xpi [2012.07.25 09:17:42 | 000,007,590 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\ping.telemetry@mozilla.com.xpi [2012.10.03 09:38:49 | 000,055,163 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\silvermelxt@pardal.de.xpi [2012.08.10 19:01:14 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\yslow@yahoo-inc.com.xpi [2012.06.08 14:33:27 | 000,135,517 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2012.11.29 23:45:09 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2012.10.02 21:46:55 | 003,420,076 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}.xpi [2012.09.06 06:25:53 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.06.08 14:33:27 | 000,068,257 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011.12.22 09:33:03 | 000,000,933 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\11-suche.xml [2011.12.22 09:33:03 | 000,002,419 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\englische-ergebnisse.xml [2011.12.22 09:33:03 | 000,010,525 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\gmx-suche.xml [2011.04.15 23:29:52 | 000,002,099 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\googlede.xml [2011.12.22 09:33:03 | 000,002,457 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\lastminute.xml [2011.12.22 09:33:03 | 000,005,508 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\webde-suche.xml [2012.12.05 07:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.30 14:35:02 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.12.05 07:26:09 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.12.05 07:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.05 07:26:07 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.05 07:26:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.12.05 07:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.05 07:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.05 07:26:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.28 13:08:25 | 000,001,547 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 192.168.1.7 www.miketest.vm O1 - Hosts: 192.168.1.7 www.oldecb.vm O1 - Hosts: 192.168.1.7 www.unittest.vm O1 - Hosts: 192.168.1.7 www.websbranch.vm O1 - Hosts: 192.168.1.7 www.webstest.vm O1 - Hosts: 192.168.1.7 www.stb-coenen.vm O1 - Hosts: 192.168.1.7 www.shop-search.vm O1 - Hosts: 192.168.1.11 www.spielwiese.vm O1 - Hosts: 192.168.1.4 serps-check.nas O1 - Hosts: 46.252.18.242 www.lotteundanna.de O1 - Hosts: 46.252.18.242 lotteundanna.de O1 - Hosts: 46.252.18.242 www.geschenkefuerhunde.de O1 - Hosts: 46.252.18.242 geschenkefuerhunde.de O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-710196268-2007762323-1593895949-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk = C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\..Trusted Domains: pc-buero ([]https in Vertrauenswürdige Sites) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class) O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B93E11D-96D1-416E-B47B-D2189C607313}: NameServer = 195.50.140.178,195.50.140.246 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2012.12.30 17:52:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2012.12.30 15:57:50 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes [2012.12.30 15:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.30 15:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.30 15:57:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.30 15:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.30 15:57:27 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Programs [2012.12.29 20:34:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Auto [2012.12.25 23:17:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\KeePass [2012.12.25 22:58:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\KeePass [2012.12.25 22:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2 [2012.12.23 19:22:36 | 000,000,000 | ---D | C] -- C:\orgaMAX - Kopie [2012.12.21 11:58:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 11:58:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 11:58:14 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 11:58:14 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.13 03:01:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 03:01:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.13 03:01:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 03:01:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 03:01:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 03:01:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 03:01:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.13 03:01:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.13 03:01:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 03:01:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.13 03:01:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.13 03:01:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 03:01:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.13 03:01:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.13 03:01:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 20:08:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 20:08:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 20:08:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 20:08:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 20:08:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 20:08:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 20:08:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 20:08:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 20:08:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 20:08:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 20:08:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 20:08:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 20:08:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 20:08:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 20:08:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 20:08:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 20:08:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 20:08:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 20:08:30 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 20:08:30 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.05 07:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.02 00:44:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\LolClient [2012.12.01 00:52:53 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2012.12.01 00:52:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012.12.01 00:52:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2012.12.01 00:23:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\PMB Files [2012.12.01 00:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.12.01 00:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.12.01 00:23:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\.swt ========== Files - Modified Within 30 Days ========== [2012.12.30 18:02:02 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 18:02:02 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 17:54:46 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.30 17:54:24 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr [2012.12.30 17:54:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.30 17:54:14 | 2145,947,647 | -HS- | M] () -- C:\hiberfil.sys [2012.12.30 17:53:22 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.12.30 17:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2012.12.30 17:35:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.30 17:19:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.30 16:36:56 | 000,039,633 | ---- | M] () -- C:\Users\Mike\Desktop\sUnbenannt.PNG [2012.12.30 15:57:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.30 14:38:39 | 000,933,259 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.12.30 14:38:39 | 000,050,615 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.12.30 02:30:33 | 000,000,600 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\winscp.rnd [2012.12.29 22:11:57 | 000,000,600 | ---- | M] () -- C:\Users\Mike\AppData\Local\PUTTY.RND [2012.12.28 14:28:58 | 000,004,148 | ---- | M] () -- C:\Users\Mike\Desktop\20121227105135.xml [2012.12.28 12:21:00 | 000,048,388 | ---- | M] () -- C:\Users\Mike\Desktop\orgamax-suchfeld_2.PNG [2012.12.28 12:19:53 | 000,005,334 | ---- | M] () -- C:\Users\Mike\Desktop\orgamax-suchfeld.PNG [2012.12.28 10:10:27 | 001,506,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.28 10:10:27 | 000,656,834 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.28 10:10:27 | 000,618,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.28 10:10:27 | 000,131,232 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.28 10:10:27 | 000,107,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.22 23:46:12 | 000,022,572 | ---- | M] () -- C:\Users\Mike\AppData\Local\recently-used.xbel [2012.12.22 17:12:04 | 000,009,063 | ---- | M] () -- C:\Users\Mike\Desktop\webshop-om12.png [2012.12.22 17:11:01 | 000,006,250 | ---- | M] () -- C:\Users\Mike\Desktop\webshop-om13.png [2012.12.22 11:25:26 | 000,146,176 | ---- | M] () -- C:\Users\Mike\Desktop\virus xtc-load.PNG [2012.12.21 12:00:02 | 000,419,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.11 20:19:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.11 20:19:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.10 22:04:08 | 000,001,026 | ---- | M] () -- C:\Users\Mike\Desktop\Miranda IM.lnk [2012.12.03 10:56:36 | 004,400,752 | ---- | M] (RAPWare) -- C:\Windows\SysNative\RwEasyMAPI64.exe [2012.12.01 01:11:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.01 00:52:54 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk ========== Files Created - No Company Name ========== [2012.12.30 17:54:24 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr [2012.12.30 16:36:56 | 000,039,633 | ---- | C] () -- C:\Users\Mike\Desktop\sUnbenannt.PNG [2012.12.30 15:57:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.28 14:28:16 | 000,004,148 | ---- | C] () -- C:\Users\Mike\Desktop\20121227105135.xml [2012.12.28 12:21:00 | 000,048,388 | ---- | C] () -- C:\Users\Mike\Desktop\orgamax-suchfeld_2.PNG [2012.12.28 12:19:53 | 000,005,334 | ---- | C] () -- C:\Users\Mike\Desktop\orgamax-suchfeld.PNG [2012.12.25 22:54:29 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [2012.12.22 23:46:12 | 000,022,572 | ---- | C] () -- C:\Users\Mike\AppData\Local\recently-used.xbel [2012.12.22 17:12:04 | 000,009,063 | ---- | C] () -- C:\Users\Mike\Desktop\webshop-om12.png [2012.12.22 17:11:01 | 000,006,250 | ---- | C] () -- C:\Users\Mike\Desktop\webshop-om13.png [2012.12.22 11:25:26 | 000,146,176 | ---- | C] () -- C:\Users\Mike\Desktop\virus xtc-load.PNG [2012.12.01 01:11:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.01 00:52:54 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.10.06 13:43:35 | 000,000,600 | ---- | C] () -- C:\Users\Mike\PUTTY.RND [2012.08.21 20:12:26 | 000,000,104 | ---- | C] () -- C:\Users\Mike\.gtk-bookmarks [2012.08.19 21:18:28 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI [2012.08.19 21:13:16 | 000,000,199 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.08.03 20:51:36 | 000,000,355 | ---- | C] () -- C:\Users\Mike\Computer - Verknüpfung.lnk [2011.07.24 20:24:36 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2011.07.16 13:06:16 | 000,933,259 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2010.10.16 17:19:49 | 000,011,264 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.25 09:23:46 | 000,000,017 | ---- | C] () -- C:\Users\Mike\AppData\Local\resmon.resmoncfg [2010.08.17 14:17:07 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\PUTTY.RND [2010.08.01 09:32:16 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Local\PUTTY.RND [2010.08.01 09:23:15 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\winscp.rnd ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.12.2012 17:57:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 73,84% Memory free
15,99 Gb Paging File | 13,77 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 80,36 Gb Free Space | 54,86% Space Free | Partition Type: NTFS
Drive D: | 367,97 Gb Total Space | 318,97 Gb Free Space | 86,68% Space Free | Partition Type: NTFS
Drive E: | 416,96 Gb Total Space | 395,26 Gb Free Space | 94,80% Space Free | Partition Type: NTFS
Computer Name: PC-BUERO | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-710196268-2007762323-1593895949-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B12A76-292B-481F-B077-4AB8C4521297}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{053F1169-58FB-4643-983D-B6878E3B880C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{05E96484-07C5-4B61-B13B-606D80F306EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06C2B86F-A8D9-42B7-A3EF-8D38C71748C6}" = lport=56274 | protocol=6 | dir=in | name=pando media booster |
"{0F3719A6-11CB-4E41-A2E7-91908D5BB2EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{100DBE69-D507-4744-9F4D-B5331108696C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2060ACB9-A381-4C5C-A5F7-B20BEB5C44C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{28B2D48D-E6FC-49E8-94DC-C4584289BD54}" = rport=138 | protocol=17 | dir=out | app=system |
"{373F9E8D-FE8D-47F3-BC33-9C571438A614}" = lport=139 | protocol=6 | dir=in | app=system |
"{560189F7-F272-44D8-9AC1-8ECF82A060A4}" = lport=5143 | protocol=6 | dir=in | svc=* | name=portfreigabe orgamax |
"{5BCCE30A-B078-4642-AC2E-5C4806BE384F}" = lport=56274 | protocol=17 | dir=in | name=pando media booster |
"{5D405AAD-D944-486C-AC91-1A46A6712D0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FD7A7C9-805B-4543-9B19-F30CF9DD00E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{69CC0C57-5A31-44C8-A57F-EF855AB5B032}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C5FAB8C-8283-44CF-8ACE-D9634CB8A598}" = lport=56274 | protocol=6 | dir=in | name=pando media booster |
"{8D51BE02-66B0-4BA7-A5E0-96B5747E9F72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{968642DC-57E6-41E5-AC08-C8F8154CB485}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9AD8BF2E-C7DB-4041-8D64-AB6933BF04FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A17E6FDF-2ABF-4A84-B5A3-654188EF64F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BC0146D1-441E-4CF8-A01B-4C9664CC03F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C013E17E-297B-469C-A0EB-BE58C23FCBFB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA4C6CA5-12B1-4661-894D-B6DAB0BEAA8E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5EE594D-CA4F-4A87-8BCB-B2D1EB5A9782}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7650016-F7CA-45E5-8AE2-13DC65422603}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1691CC1-AD68-447B-BFC6-302BBD4681F8}" = rport=137 | protocol=17 | dir=out | app=system |
"{E226F476-95AD-4C1C-A8EA-CDCAC45CB5C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E54076D5-55C6-45A4-A7B1-5543352109CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA8D7D8D-85BA-4C38-9D4C-7C550C4AB6C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC7BB7CD-5579-46FF-BCBD-62C23B436C4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{F88BFDB9-0DBF-4981-BDAF-984B07FD358E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9DC891A-5EA5-4B32-ABB4-798866E3F374}" = lport=56274 | protocol=17 | dir=in | name=pando media booster |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059B82C5-2DEC-4909-9735-760D499B438E}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{08F30D98-777F-4CE1-95A0-F1ABC8F2263F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{10CD115E-ED15-49B8-B954-2CF9767B5335}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{12DBDB63-21A4-4377-9373-355F9C11E3D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1759D680-DDF0-43C2-9EEC-68D3C3BD571F}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{19C14E3C-E474-4DB3-AFA1-675B09759E8F}" = protocol=6 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"{1A0D2E60-F3EB-4909-9D6C-953566997CF2}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{1F85E13A-33CD-4B69-A495-21506E5175BD}" = protocol=17 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"{30C30F6B-942B-41FB-B36F-5024E55B1959}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3194D8BC-E48D-4D6F-835A-0EFBA7297A34}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{3A381757-AA8B-4730-9B44-798FB7C5DCB5}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-hostd.exe |
"{42714F6C-7AD2-448A-9213-E77B4F529FBE}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-authd.exe |
"{428EBA60-3C99-41DD-BFAB-CE735B6E690D}" = protocol=6 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |
"{43922667-EB02-4CFE-9609-06D7BEA9CE65}" = protocol=6 | dir=in | app=c:\program files (x86)\netbeans 7.2\bin\netbeans.exe |
"{47097DB5-5D5C-455C-B315-F1B332C8D123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48717E25-0A92-4464-B18E-E146F21DA820}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{49B5D640-1F48-4252-91C6-7F143C31C5A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4EBF8780-F3E3-4341-A776-22D4C58D4C82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{509D9A04-0712-4596-A105-FD8D09412F18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51A24088-F5F5-4B8B-BB78-5033CB0F2536}" = protocol=6 | dir=in | app=e:\origin games\battlefield 1942\bf1942.exe |
"{5758B301-A86F-488C-95F9-1355D8E14E80}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A6FCC93-0580-49E5-AA12-3729B7C251AD}" = protocol=17 | dir=in | app=c:\program files (x86)\netbeans 7.2\bin\netbeans.exe |
"{5B9788AE-1A5C-4BCE-B001-5E58DAA3785B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5E7ECB57-58F3-4AF5-8F2F-EEF4B613ED08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{610FE88F-AA2F-4A6F-BE9E-1606FBE85E7A}" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"{64536EE4-638C-4B34-9E09-D42B1EC5FB12}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7133F023-8280-4927-A308-FA38B16B2143}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{769BE238-9699-4361-9118-F32B15A51308}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{786331B1-5F15-4320-A9B0-B91E29050001}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-hostd.exe |
"{792E2DD9-AE74-4366-8F2D-A49F81022E2E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7C0EF6AF-2319-42AA-A9EC-61C404464449}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{912A0EFB-A945-428E-8963-72185FFC2DBE}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{990473AD-0F7A-40FC-BDD0-2448D870223E}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{AC9365C0-1F95-4441-ABDB-858E196A740A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AD9875CB-7742-4F50-AE9C-89E20575F1B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADFF8E1A-73C7-4ED8-ABB9-FE031FD31B80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B041B97D-F9B6-4D4D-9199-9CFDEA8C413E}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-authd.exe |
"{B860EF70-B7FD-453E-8386-5F80F626E5EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BAC089AE-5170-41C6-85A7-E53807E4AF9A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{BD77C035-9358-404A-9944-30DD815C0BA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE977229-BDB7-4784-B082-DD5655ECF833}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8AA48FA-A08F-451E-8DB7-42C90C71102D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D24A7C77-30B6-4F8F-9728-B569F1AECD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2BD1516-51B5-4D8F-AEBC-73D0901B30B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D42B65BB-A038-403A-A0F2-9BFAAA1568EE}" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"{D58B2B55-E5B5-438E-A55C-ADBD533FE84F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6C0EA74-988B-456F-B8AA-C8E0ADC8D2E1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D8E9A36F-5A4F-4E91-8F0A-8051E967B4CC}" = protocol=17 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |
"{DAA7607E-9A3C-4935-B785-290F1F5F0510}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-hostd.exe |
"{E02AF0ED-9D21-4771-A839-05044C7A1A5D}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{E59D11FA-881D-47F4-9345-267C66CEC702}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E80AF879-840C-4E46-80CE-046CEE44F880}" = protocol=6 | dir=out | app=system |
"{EC8D9061-ACFD-4E0F-986E-8122F06672B6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F07500C9-3CA5-40F3-A376-74A5D3B1BC62}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-hostd.exe |
"{F53CCEEB-F15D-4042-90C8-CCB0AB3BBCF6}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-authd.exe |
"{F70D73D3-82FC-430B-AB80-83E08DF44606}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{F7CA2525-6FBE-4BC5-A60B-C490338EE9B9}" = protocol=17 | dir=in | app=e:\origin games\battlefield 1942\bf1942.exe |
"{F7E7149C-DC01-4F17-B68A-909608E46309}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{FA26B526-3134-40AB-8D0A-87FA82C6D7B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB036DDF-E101-42F1-B369-FD13144FF8D8}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-authd.exe |
"TCP Query User{37C5317C-D829-4B57-8719-4A9D664D0B75}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{725ADF21-8368-4FDF-8D81-F1E02468D558}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{72FBD669-B270-41F9-AB47-8772F88BB216}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{839F22BB-A53E-420E-9456-0E820CD20DE0}C:\program files (x86)\netbeans 7.2\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netbeans 7.2\bin\netbeans.exe |
"TCP Query User{8FE8851D-A973-4EF1-A6D3-D01D92D6DFC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9C2C9688-661F-48CB-8916-2D0DA2569A11}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{C34676E2-6B6B-4B8C-84A2-E24CD7B0444E}E:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"TCP Query User{D45C3718-2F74-4DDF-9DAA-81A5CA44D4D2}C:\program files\netbeans 7.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |
"TCP Query User{E68489C6-AED3-4F01-9390-93D48A32F5D5}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"UDP Query User{02D0A4D1-5425-440D-84A6-AF968CF1C608}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{36946ECD-3D76-4C22-9CBE-A0C215F17ED9}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{3C708125-D350-49A8-B910-C2D98BA68DFB}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{A0DD343A-924B-4228-8220-B6EBE4A2E8A1}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{A3EBAEBB-2254-40C4-98B0-E36028D75047}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"UDP Query User{AD3576EA-89D4-4B74-833B-03628622E6D7}E:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"UDP Query User{BFAC7736-89C0-421D-BA42-DFE706D93A22}C:\program files\netbeans 7.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |
"UDP Query User{D46127E2-CC77-45C8-992D-8D04609C9AA9}C:\program files (x86)\netbeans 7.2\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netbeans 7.2\bin\netbeans.exe |
"UDP Query User{EB1751A3-211F-4C8E-B50E-7C347D1E1BFF}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DD03A94-C815-46EF-A43A-B36694002A7C}" = TortoiseSVN 1.6.16.21511 (64 bit)
"{23170F69-40C1-2702-0915-000001000000}" = 7-Zip 9.15 (x64 edition)
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Firebird ODBC Driver_is1" = Firebird/InterBase(r) ODBC driver 2.0.0.151
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"nbi-nb-base-7.1.0.0.0" = NetBeans IDE 7.1
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PuTTY_is1" = PuTTY 0.60 x64
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Ultravnc2_is1" = UltraVNC 1.0.8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574}" = G Data AntiVirus 2013
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FileZilla Client" = FileZilla Client 3.6.0.2
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!
"GPG4Win" = Gpg4win (2.0.4)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Miranda IM" = Miranda IM 0.10.9
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyTomTom" = MyTomTom 3.2.0.802
"nbi-nb-base-7.2.0.0.201207171143" = NetBeans IDE 7.2
"Notepad++" = Notepad++
"orgaMAX_is1" = orgaMAX Business Software
"Origin" = Origin
"TeamViewer 7" = TeamViewer 7
"The Regex Coach_is1" = The Regex Coach 0.9.2
"Totalcmd" = Total Commander (Remove or Repair)
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"winscp3_is1" = WinSCP 5.1.2
"xampp" = XAMPP 1.7.4
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2011 01:42:08 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 9.10\Ubuntu
Server 9.10.vmx
Error - 22.12.2011 01:42:09 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Win XP Master\Win XP Master.vmx
Error - 22.12.2011 01:42:10 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 11.04\Ubuntu
Server 11.04.vmx
Error - 23.12.2011 04:26:24 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 9.10\Ubuntu
Server 9.10.vmx
Error - 23.12.2011 04:26:25 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Win XP Master\Win XP Master.vmx
Error - 23.12.2011 04:26:26 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 11.04\Ubuntu
Server 11.04.vmx
Error - 23.12.2011 09:52:07 | Computer Name = PC-Buero | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 24.12.2011 04:32:33 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 9.10\Ubuntu
Server 9.10.vmx
Error - 24.12.2011 04:32:34 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Win XP Master\Win XP Master.vmx
Error - 24.12.2011 04:32:35 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 11.04\Ubuntu
Server 11.04.vmx
[ System Events ]
Error - 30.12.2012 09:27:38 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:27:38 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:27:38 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:27:38 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:27:55 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 09:27:55 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 09:27:55 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:28:18 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 09:28:19 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 09:31:27 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
< End of report >
Geändert von mike_x (30.12.2012 um 18:16 Uhr) |
|
31.12.2012, 09:34
| #2 |
| /// Helfer-Team  | GVU-Trojaner ... hat mich auch erwischt :( sieht gut aus. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
danach: Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
31.12.2012, 10:35
| #3 | |
| | GVU-Trojaner ... hat mich auch erwischt :( Hi t'john,
__________________wow, heute ist Sylvester, oder? Danke, dass Ihr Zeit findet! Ich muss gestehen, dass ich wegen der Feiertage nicht mit so schneller Hilfe gerechnet habe. Daher habe ich das TB gestern noch rauf und runter gelesen (und sind die Logfiles schon aus der Nacht ...) Nach den zuletzt geposteten Logs kam noch eine Meldung des GData, als ich im Thunderbird war ... Zitat:
AdwCleaner[R1] Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 19:35:32 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mike - PC-BUERO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w8fcyimq.default\searchplugins\11-suche.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w8fcyimq.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [932 octets] - [30/12/2012 19:35:32]
########## EOF - C:\AdwCleaner[R1].txt - [991 octets] ##########
Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 19:35:54 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mike - PC-BUERO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w8fcyimq.default\searchplugins\11-suche.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w8fcyimq.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1057 octets] - [30/12/2012 19:35:32]
AdwCleaner[S1].txt - [994 octets] - [30/12/2012 19:35:54]
########## EOF - C:\AdwCleaner[S1].txt - [1053 octets] ##########
AdwCleaner[R2] Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 19:39:01 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mike - PC-BUERO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w8fcyimq.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1057 octets] - [30/12/2012 19:35:32]
AdwCleaner[R2].txt - [780 octets] - [30/12/2012 19:39:01]
AdwCleaner[S1].txt - [1120 octets] - [30/12/2012 19:35:54]
########## EOF - C:\AdwCleaner[R2].txt - [899 octets] ##########
Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 19:39:17 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mike - PC-BUERO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w8fcyimq.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1057 octets] - [30/12/2012 19:35:32]
AdwCleaner[R2].txt - [967 octets] - [30/12/2012 19:39:01]
AdwCleaner[R3].txt - [839 octets] - [30/12/2012 19:39:17]
AdwCleaner[S1].txt - [1120 octets] - [30/12/2012 19:35:54]
########## EOF - C:\AdwCleaner[R3].txt - [958 octets] ##########
AdwCleaner[S2] Code:
ATTFilter # AdwCleaner v2.104 - Datei am 30/12/2012 um 19:39:34 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mike - PC-BUERO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\w8fcyimq.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1057 octets] - [30/12/2012 19:35:32]
AdwCleaner[R2].txt - [967 octets] - [30/12/2012 19:39:01]
AdwCleaner[R3].txt - [1026 octets] - [30/12/2012 19:39:17]
AdwCleaner[S1].txt - [1120 octets] - [30/12/2012 19:35:54]
AdwCleaner[S2].txt - [961 octets] - [30/12/2012 19:39:34]
########## EOF - C:\AdwCleaner[S2].txt - [1020 octets] ##########
Dann das MBAR Log mbar-log-2012-12-31 (01-14-23): Code:
ATTFilter Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2012.12.30.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: PC-BUERO [administrator]
31.12.2012 01:14:23
mbar-log-2012-12-31 (01-14-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29460
Time elapsed: 6 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 Das aswMBR Log aus der Nacht: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-31 01:23:05
-----------------------------
01:23:05.206 OS Version: Windows x64 6.1.7601 Service Pack 1
01:23:05.206 Number of processors: 4 586 0x1E05
01:23:05.206 ComputerName: PC-BUERO UserName: Mike
01:23:06.407 Initialize success
01:23:11.571 AVAST engine defs: 12123001
01:23:23.895 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:23:23.895 Disk 0 Vendor: ST310005 CC38 Size: 953869MB BusType: 3
01:23:23.910 Disk 0 MBR read successfully
01:23:23.926 Disk 0 MBR scan
01:23:23.926 Disk 0 Windows 7 default MBR code
01:23:23.941 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:23:23.957 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150000 MB offset 206848
01:23:23.957 Disk 0 Partition - 00 0F Extended LBA 376799 MB offset 307406848
01:23:23.988 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 426968 MB offset 1079091200
01:23:24.019 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 376798 MB offset 307408896
01:23:24.066 Disk 0 scanning C:\Windows\system32\drivers
01:23:35.423 Service scanning
01:23:58.262 Modules scanning
01:23:58.776 Disk 0 trace - called modules:
01:23:58.792 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:23:58.792 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800840e060]
01:23:58.808 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d4c050]
01:23:58.823 Scan finished successfully
01:24:46.341 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
01:24:46.341 The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"
|
|
31.12.2012, 14:17
| #4 |
| /// Helfer-Team | GVU-Trojaner ... hat mich auch erwischt :( Sehr gut!  ESET Online Scanner Vorbereitung
|
|
31.12.2012, 17:46
| #5 |
| | GVU-Trojaner ... hat mich auch erwischt :( Auch frei ...  Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=a6c6cf60bc7aa24299b2b0968a5ea035
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-31 04:32:33
# local_time=2012-12-31 05:32:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 82051 108601403 0 0
# scanned=581946
# found=0
# cleaned=0
# scan_time=9892
|
|
31.12.2012, 18:05
| #6 |
| /// Helfer-Team | GVU-Trojaner ... hat mich auch erwischt :( Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________ --> GVU-Trojaner ... hat mich auch erwischt :( |
|
31.12.2012, 18:42
| #7 | |
| | GVU-Trojaner ... hat mich auch erwischt :( Hi t'john, Java habe ich schon aktualisiert (alte deinstalliert, Dateien gelöscht, ...) und das Java Plug-In deaktiviert. Aber: Ich hatte den UpdateCheck auf täglich eingestellt (war monatlich) => Das wird nicht angenommen. Ich Bestätige mit OK und öffne den Dialog wieder, steht das wieder auf monatlich.  Wenn ich nur den Tab "Update" öffne, dann steht was von einem wöchentlichen Check und es ist wieder nur "vor dem Download" als Benachrichtigungsoption selektiert? (Siehe angehängte Screenshots)PluginCheck: Zitat:
 ).NoScript habe ich jetzt für den FireFox auch noch auf allen Rechnern installiert. Noch mehr? |
|
01.01.2013, 12:22
| #8 |
| /// Helfer-Team | GVU-Trojaner ... hat mich auch erwischt :( Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
01.01.2013, 16:23
| #9 |
| |  GVU-Trojaner ... hat mich auch erwischt :( Hallo t'john, Jetzt fühle ich mich schon deutlich besser  Nochmals vielen Dank für Eure Mühe. Ich werde jetzt mal dem Link in Deiner Signatur folgen und PayPal bemühen ...  Viel Erfolg mit Eurer Arbeit und ich hoffe, ich brauche Eure Hilfe nicht mehr in Anspruch nehmen. Beste Grüße, Mike Wurde jetzt eine Überweisung. PayPal Gebühren kann man sich sparen Geändert von mike_x (01.01.2013 um 16:38 Uhr) |
|
01.01.2013, 19:02
| #10 |
| /// Helfer-Team | GVU-Trojaner ... hat mich auch erwischt :(wir wuenschen eine virenfreie Zeit |
|
| Themen zu GVU-Trojaner ... hat mich auch erwischt :( |
| 7-zip, abgesicherten, ausgelastet, betriebs, blockiert, board, canon, datei, dsgsdgdsgdsgw.pad, erwischt, gdata, gleichzeitig, gvu - trojaner, infizierte, install.exe, java, league of legends, logfile, malwarebytes, modus, nichts, origin, pando media booster, plug-in, prüfen, rechner, richtlinie, scan, scanner, seite, spielen, starten, system, total commander, trojaner, user agent, vdeck.exe, virenscan, virenscanner, visual studio, zugriff |
Linear-Darstellung
