| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner ... hat mich auch erwischt :(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.12.2012, 17:16
| #1 |
 |  GVU-Trojaner ... hat mich auch erwischt :( Hallo Trojaner - Board, mich hat der GVU - Trojaner offenbar auch auf dem Hauptrechner erwischt ... Während des Betriebs war der Rechner kurz blockiert / ausgelastet, dann habe ich die GVU Seite gesehen. Ich konnte den Rechner im abgesicherten Modus starten und habe das System auf den letzten Wiederherstellungspunkt zurück gesetzt. Dann habe ich erst mal den Virenscanner (GData) den Rechner prüfen lassen. Der hat nichts gefunden! Inzwischen habe ich hier gelesen und der Malwarebytes Scanner läuft. Dieser hat inzwischen auch schon eine infizierte Datei (Users\...\Java\Deployment...) gefunden. Bei dem Zugriff von Malwarebytes auf die Datei schlug gleichzeitig auch der GData an ... => Exploit.Java.CVE.Z Aber der Scanner läuft noch. Wenn ich das Logfile habe, melde ich mich wieder. Danke für Eure Mühe mit dem Board !!!  Ciao, Mike Hier das erste Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.30.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXXX :: PC-XXX [limitiert] 30.12.2012 15:58:16 mbam-log-2012-12-30 (15-58-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 783067 Laufzeit: 1 Stunde(n), 45 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\XXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-4dd8c918 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) C:\Users\XXXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-4dd8c918 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt. Jetzt starte ich OTL ... otl.txt Code:
ATTFilter OTL logfile created on: 30.12.2012 17:57:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 73,84% Memory free 15,99 Gb Paging File | 13,77 Gb Available in Paging File | 86,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,48 Gb Total Space | 80,36 Gb Free Space | 54,86% Space Free | Partition Type: NTFS Drive D: | 367,97 Gb Total Space | 318,97 Gb Free Space | 86,68% Space Free | Partition Type: NTFS Drive E: | 416,96 Gb Total Space | 395,26 Gb Free Space | 94,80% Space Free | Partition Type: NTFS Computer Name: PC-BUERO | User Name: Mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mike\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\orgaMAX\orgamaxmobil_service.exe (deltra Business Software GmbH & Co. KG) PRC - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\orgaMAX\DB-Server\bin\delserv.exe (Firebird Project) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () PRC - C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin) PRC - C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe () PRC - C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\orgaMAX\DB-Server\bin\DelGuard.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - C:\Programme\ASUS\Six Engine\pngio.dll () MOD - C:\Programme\ASUS\Six Engine\AsSpindownTimeout.dll () MOD - C:\Programme\ASUS\TurboV EVO\HookKey32.dll () MOD - C:\Programme\ASUS\Six Engine\AsusService.dll () MOD - C:\Programme\ASUS\TurboV EVO\pngio.dll () MOD - C:\Windows\SysWOW64\AsIO.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (orgaMAXMobileService) -- C:\orgaMAX\orgamaxmobil_service.exe (deltra Business Software GmbH & Co. KG) SRV - (AVKService) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe (G Data Software AG) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (deltraDBServer) -- C:\orgaMAX\DB-Server\bin\delserv.exe (Firebird Project) SRV - (DirMngr) -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe () SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (VMwareServerWebAccess) -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe (Apache Software Foundation) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMwareHostd) -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe () SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (deltraDBGuard) -- C:\orgaMAX\DB-Server\bin\delguard.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin) DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV - (GRD) -- C:\Windows\SysWOW64\drivers\GRD.sys (G Data Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 73 28 F2 5F DF CD 01 [binary data] IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: silvermelxt%40pardal.de:1.5.4 FF - prefs.js..extensions.enabledAddons: yslow%40yahoo-inc.com:3.1.4 FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.6 FF - prefs.js..extensions.enabledAddons: %7B3b56bcc7-54e5-44a2-9b44-66c3ef58c13e%7D:0.9.5.1 FF - prefs.js..extensions.enabledAddons: %7B4093c4de-454a-4329-8aff-c6b0b123c386%7D:0.8.11 FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2 FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.41 FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1 FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3 FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0 FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.26 FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2 FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.1.3 FF - prefs.js..extensions.enabledAddons: %7B906305f7-aafc-45e9-8bbd-941950a84dad%7D:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1 FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0 FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1 FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.6 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: VMwareVMRC@vmware.com:2.5.0.122581 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.12.21.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.6 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 07:26:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 07:26:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:42:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 07:26:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.05 07:26:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:42:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.24 18:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions [2010.07.31 22:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.24 18:47:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.12.25 23:16:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions [2012.11.30 12:26:58 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.12.25 10:23:31 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2012.08.24 06:12:09 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2011.12.23 00:47:18 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2012.08.28 23:18:13 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2011.01.07 21:42:01 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2012.12.25 23:16:32 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\Mike\AppData\Roaming\mozilla\Firefox\Profiles\w8fcyimq.default\extensions\keefox@chris.tomlinson [2012.12.12 21:17:06 | 002,151,598 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\firebug@software.joehewitt.com.xpi [2012.07.25 09:17:42 | 000,007,590 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\ping.telemetry@mozilla.com.xpi [2012.10.03 09:38:49 | 000,055,163 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\silvermelxt@pardal.de.xpi [2012.08.10 19:01:14 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\yslow@yahoo-inc.com.xpi [2012.06.08 14:33:27 | 000,135,517 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{4093c4de-454a-4329-8aff-c6b0b123c386}.xpi [2012.11.29 23:45:09 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2012.10.02 21:46:55 | 003,420,076 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}.xpi [2012.09.06 06:25:53 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.06.08 14:33:27 | 000,068,257 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2011.12.22 09:33:03 | 000,000,933 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\11-suche.xml [2011.12.22 09:33:03 | 000,002,419 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\englische-ergebnisse.xml [2011.12.22 09:33:03 | 000,010,525 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\gmx-suche.xml [2011.04.15 23:29:52 | 000,002,099 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\googlede.xml [2011.12.22 09:33:03 | 000,002,457 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\lastminute.xml [2011.12.22 09:33:03 | 000,005,508 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\mozilla\firefox\profiles\w8fcyimq.default\searchplugins\webde-suche.xml [2012.12.05 07:26:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.30 14:35:02 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.12.05 07:26:09 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.12.05 07:26:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.05 07:26:07 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.05 07:26:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.12.05 07:26:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.05 07:26:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.05 07:26:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.28 13:08:25 | 000,001,547 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 192.168.1.7 www.miketest.vm O1 - Hosts: 192.168.1.7 www.oldecb.vm O1 - Hosts: 192.168.1.7 www.unittest.vm O1 - Hosts: 192.168.1.7 www.websbranch.vm O1 - Hosts: 192.168.1.7 www.webstest.vm O1 - Hosts: 192.168.1.7 www.stb-coenen.vm O1 - Hosts: 192.168.1.7 www.shop-search.vm O1 - Hosts: 192.168.1.11 www.spielwiese.vm O1 - Hosts: 192.168.1.4 serps-check.nas O1 - Hosts: 46.252.18.242 www.lotteundanna.de O1 - Hosts: 46.252.18.242 lotteundanna.de O1 - Hosts: 46.252.18.242 www.geschenkefuerhunde.de O1 - Hosts: 46.252.18.242 geschenkefuerhunde.de O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-710196268-2007762323-1593895949-1003..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!fax.lnk = C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-710196268-2007762323-1593895949-1003\..Trusted Domains: pc-buero ([]https in Vertrauenswürdige Sites) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class) O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B93E11D-96D1-416E-B47B-D2189C607313}: NameServer = 195.50.140.178,195.50.140.246 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2012.12.30 17:52:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2012.12.30 15:57:50 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\Malwarebytes [2012.12.30 15:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.30 15:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.30 15:57:41 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.30 15:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.30 15:57:27 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\Programs [2012.12.29 20:34:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Auto [2012.12.25 23:17:07 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\KeePass [2012.12.25 22:58:03 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\KeePass [2012.12.25 22:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2 [2012.12.23 19:22:36 | 000,000,000 | ---D | C] -- C:\orgaMAX - Kopie [2012.12.21 11:58:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 11:58:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 11:58:14 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 11:58:14 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.13 03:01:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.13 03:01:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.13 03:01:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.13 03:01:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.13 03:01:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.13 03:01:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.13 03:01:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.13 03:01:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.13 03:01:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.13 03:01:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.13 03:01:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.13 03:01:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.13 03:01:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.13 03:01:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.13 03:01:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 20:08:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 20:08:38 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 20:08:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 20:08:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 20:08:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 20:08:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 20:08:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 20:08:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 20:08:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 20:08:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 20:08:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 20:08:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 20:08:38 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 20:08:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 20:08:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 20:08:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 20:08:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 20:08:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 20:08:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 20:08:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 20:08:30 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 20:08:30 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.05 07:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.12.02 00:44:01 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\LolClient [2012.12.01 00:52:53 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2012.12.01 00:52:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012.12.01 00:52:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2012.12.01 00:23:42 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\PMB Files [2012.12.01 00:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.12.01 00:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.12.01 00:23:13 | 000,000,000 | ---D | C] -- C:\Users\Mike\.swt ========== Files - Modified Within 30 Days ========== [2012.12.30 18:02:02 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 18:02:02 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.30 17:54:46 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.30 17:54:24 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr [2012.12.30 17:54:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.30 17:54:14 | 2145,947,647 | -HS- | M] () -- C:\hiberfil.sys [2012.12.30 17:53:22 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2012.12.30 17:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike\Desktop\OTL.exe [2012.12.30 17:35:11 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.30 17:19:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.30 16:36:56 | 000,039,633 | ---- | M] () -- C:\Users\Mike\Desktop\sUnbenannt.PNG [2012.12.30 15:57:43 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.30 14:38:39 | 000,933,259 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.12.30 14:38:39 | 000,050,615 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.12.30 02:30:33 | 000,000,600 | ---- | M] () -- C:\Users\Mike\AppData\Roaming\winscp.rnd [2012.12.29 22:11:57 | 000,000,600 | ---- | M] () -- C:\Users\Mike\AppData\Local\PUTTY.RND [2012.12.28 14:28:58 | 000,004,148 | ---- | M] () -- C:\Users\Mike\Desktop\20121227105135.xml [2012.12.28 12:21:00 | 000,048,388 | ---- | M] () -- C:\Users\Mike\Desktop\orgamax-suchfeld_2.PNG [2012.12.28 12:19:53 | 000,005,334 | ---- | M] () -- C:\Users\Mike\Desktop\orgamax-suchfeld.PNG [2012.12.28 10:10:27 | 001,506,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.28 10:10:27 | 000,656,834 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.28 10:10:27 | 000,618,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.28 10:10:27 | 000,131,232 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.28 10:10:27 | 000,107,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.22 23:46:12 | 000,022,572 | ---- | M] () -- C:\Users\Mike\AppData\Local\recently-used.xbel [2012.12.22 17:12:04 | 000,009,063 | ---- | M] () -- C:\Users\Mike\Desktop\webshop-om12.png [2012.12.22 17:11:01 | 000,006,250 | ---- | M] () -- C:\Users\Mike\Desktop\webshop-om13.png [2012.12.22 11:25:26 | 000,146,176 | ---- | M] () -- C:\Users\Mike\Desktop\virus xtc-load.PNG [2012.12.21 12:00:02 | 000,419,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.11 20:19:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.11 20:19:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.10 22:04:08 | 000,001,026 | ---- | M] () -- C:\Users\Mike\Desktop\Miranda IM.lnk [2012.12.03 10:56:36 | 004,400,752 | ---- | M] (RAPWare) -- C:\Windows\SysNative\RwEasyMAPI64.exe [2012.12.01 01:11:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.01 00:52:54 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk ========== Files Created - No Company Name ========== [2012.12.30 17:54:24 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr [2012.12.30 16:36:56 | 000,039,633 | ---- | C] () -- C:\Users\Mike\Desktop\sUnbenannt.PNG [2012.12.30 15:57:43 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.28 14:28:16 | 000,004,148 | ---- | C] () -- C:\Users\Mike\Desktop\20121227105135.xml [2012.12.28 12:21:00 | 000,048,388 | ---- | C] () -- C:\Users\Mike\Desktop\orgamax-suchfeld_2.PNG [2012.12.28 12:19:53 | 000,005,334 | ---- | C] () -- C:\Users\Mike\Desktop\orgamax-suchfeld.PNG [2012.12.25 22:54:29 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [2012.12.22 23:46:12 | 000,022,572 | ---- | C] () -- C:\Users\Mike\AppData\Local\recently-used.xbel [2012.12.22 17:12:04 | 000,009,063 | ---- | C] () -- C:\Users\Mike\Desktop\webshop-om12.png [2012.12.22 17:11:01 | 000,006,250 | ---- | C] () -- C:\Users\Mike\Desktop\webshop-om13.png [2012.12.22 11:25:26 | 000,146,176 | ---- | C] () -- C:\Users\Mike\Desktop\virus xtc-load.PNG [2012.12.01 01:11:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.01 00:52:54 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.10.06 13:43:35 | 000,000,600 | ---- | C] () -- C:\Users\Mike\PUTTY.RND [2012.08.21 20:12:26 | 000,000,104 | ---- | C] () -- C:\Users\Mike\.gtk-bookmarks [2012.08.19 21:18:28 | 000,000,145 | ---- | C] () -- C:\Windows\ODBC.INI [2012.08.19 21:13:16 | 000,000,199 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.08.03 20:51:36 | 000,000,355 | ---- | C] () -- C:\Users\Mike\Computer - Verknüpfung.lnk [2011.07.24 20:24:36 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2011.07.16 13:06:16 | 000,933,259 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2010.10.16 17:19:49 | 000,011,264 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.25 09:23:46 | 000,000,017 | ---- | C] () -- C:\Users\Mike\AppData\Local\resmon.resmoncfg [2010.08.17 14:17:07 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\PUTTY.RND [2010.08.01 09:32:16 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Local\PUTTY.RND [2010.08.01 09:23:15 | 000,000,600 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\winscp.rnd ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.12.2012 17:57:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 73,84% Memory free
15,99 Gb Paging File | 13,77 Gb Available in Paging File | 86,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 80,36 Gb Free Space | 54,86% Space Free | Partition Type: NTFS
Drive D: | 367,97 Gb Total Space | 318,97 Gb Free Space | 86,68% Space Free | Partition Type: NTFS
Drive E: | 416,96 Gb Total Space | 395,26 Gb Free Space | 94,80% Space Free | Partition Type: NTFS
Computer Name: PC-BUERO | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-710196268-2007762323-1593895949-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B12A76-292B-481F-B077-4AB8C4521297}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{053F1169-58FB-4643-983D-B6878E3B880C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{05E96484-07C5-4B61-B13B-606D80F306EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{06C2B86F-A8D9-42B7-A3EF-8D38C71748C6}" = lport=56274 | protocol=6 | dir=in | name=pando media booster |
"{0F3719A6-11CB-4E41-A2E7-91908D5BB2EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{100DBE69-D507-4744-9F4D-B5331108696C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2060ACB9-A381-4C5C-A5F7-B20BEB5C44C9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{28B2D48D-E6FC-49E8-94DC-C4584289BD54}" = rport=138 | protocol=17 | dir=out | app=system |
"{373F9E8D-FE8D-47F3-BC33-9C571438A614}" = lport=139 | protocol=6 | dir=in | app=system |
"{560189F7-F272-44D8-9AC1-8ECF82A060A4}" = lport=5143 | protocol=6 | dir=in | svc=* | name=portfreigabe orgamax |
"{5BCCE30A-B078-4642-AC2E-5C4806BE384F}" = lport=56274 | protocol=17 | dir=in | name=pando media booster |
"{5D405AAD-D944-486C-AC91-1A46A6712D0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FD7A7C9-805B-4543-9B19-F30CF9DD00E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{69CC0C57-5A31-44C8-A57F-EF855AB5B032}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C5FAB8C-8283-44CF-8ACE-D9634CB8A598}" = lport=56274 | protocol=6 | dir=in | name=pando media booster |
"{8D51BE02-66B0-4BA7-A5E0-96B5747E9F72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{968642DC-57E6-41E5-AC08-C8F8154CB485}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9AD8BF2E-C7DB-4041-8D64-AB6933BF04FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{A17E6FDF-2ABF-4A84-B5A3-654188EF64F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BC0146D1-441E-4CF8-A01B-4C9664CC03F2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C013E17E-297B-469C-A0EB-BE58C23FCBFB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA4C6CA5-12B1-4661-894D-B6DAB0BEAA8E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5EE594D-CA4F-4A87-8BCB-B2D1EB5A9782}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7650016-F7CA-45E5-8AE2-13DC65422603}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1691CC1-AD68-447B-BFC6-302BBD4681F8}" = rport=137 | protocol=17 | dir=out | app=system |
"{E226F476-95AD-4C1C-A8EA-CDCAC45CB5C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E54076D5-55C6-45A4-A7B1-5543352109CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA8D7D8D-85BA-4C38-9D4C-7C550C4AB6C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC7BB7CD-5579-46FF-BCBD-62C23B436C4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{F88BFDB9-0DBF-4981-BDAF-984B07FD358E}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9DC891A-5EA5-4B32-ABB4-798866E3F374}" = lport=56274 | protocol=17 | dir=in | name=pando media booster |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059B82C5-2DEC-4909-9735-760D499B438E}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{08F30D98-777F-4CE1-95A0-F1ABC8F2263F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{10CD115E-ED15-49B8-B954-2CF9767B5335}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{12DBDB63-21A4-4377-9373-355F9C11E3D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1759D680-DDF0-43C2-9EEC-68D3C3BD571F}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{19C14E3C-E474-4DB3-AFA1-675B09759E8F}" = protocol=6 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"{1A0D2E60-F3EB-4909-9D6C-953566997CF2}" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{1F85E13A-33CD-4B69-A495-21506E5175BD}" = protocol=17 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"{30C30F6B-942B-41FB-B36F-5024E55B1959}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3194D8BC-E48D-4D6F-835A-0EFBA7297A34}" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"{3A381757-AA8B-4730-9B44-798FB7C5DCB5}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-hostd.exe |
"{42714F6C-7AD2-448A-9213-E77B4F529FBE}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-authd.exe |
"{428EBA60-3C99-41DD-BFAB-CE735B6E690D}" = protocol=6 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |
"{43922667-EB02-4CFE-9609-06D7BEA9CE65}" = protocol=6 | dir=in | app=c:\program files (x86)\netbeans 7.2\bin\netbeans.exe |
"{47097DB5-5D5C-455C-B315-F1B332C8D123}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48717E25-0A92-4464-B18E-E146F21DA820}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{49B5D640-1F48-4252-91C6-7F143C31C5A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{4EBF8780-F3E3-4341-A776-22D4C58D4C82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{509D9A04-0712-4596-A105-FD8D09412F18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51A24088-F5F5-4B8B-BB78-5033CB0F2536}" = protocol=6 | dir=in | app=e:\origin games\battlefield 1942\bf1942.exe |
"{5758B301-A86F-488C-95F9-1355D8E14E80}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A6FCC93-0580-49E5-AA12-3729B7C251AD}" = protocol=17 | dir=in | app=c:\program files (x86)\netbeans 7.2\bin\netbeans.exe |
"{5B9788AE-1A5C-4BCE-B001-5E58DAA3785B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5E7ECB57-58F3-4AF5-8F2F-EEF4B613ED08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{610FE88F-AA2F-4A6F-BE9E-1606FBE85E7A}" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"{64536EE4-638C-4B34-9E09-D42B1EC5FB12}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7133F023-8280-4927-A308-FA38B16B2143}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{769BE238-9699-4361-9118-F32B15A51308}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{786331B1-5F15-4320-A9B0-B91E29050001}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-hostd.exe |
"{792E2DD9-AE74-4366-8F2D-A49F81022E2E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7C0EF6AF-2319-42AA-A9EC-61C404464449}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{912A0EFB-A945-428E-8963-72185FFC2DBE}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{990473AD-0F7A-40FC-BDD0-2448D870223E}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{AC9365C0-1F95-4441-ABDB-858E196A740A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{AD9875CB-7742-4F50-AE9C-89E20575F1B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ADFF8E1A-73C7-4ED8-ABB9-FE031FD31B80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B041B97D-F9B6-4D4D-9199-9CFDEA8C413E}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-authd.exe |
"{B860EF70-B7FD-453E-8386-5F80F626E5EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BAC089AE-5170-41C6-85A7-E53807E4AF9A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{BD77C035-9358-404A-9944-30DD815C0BA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE977229-BDB7-4784-B082-DD5655ECF833}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8AA48FA-A08F-451E-8DB7-42C90C71102D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D24A7C77-30B6-4F8F-9728-B569F1AECD71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2BD1516-51B5-4D8F-AEBC-73D0901B30B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D42B65BB-A038-403A-A0F2-9BFAAA1568EE}" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"{D58B2B55-E5B5-438E-A55C-ADBD533FE84F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6C0EA74-988B-456F-B8AA-C8E0ADC8D2E1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D8E9A36F-5A4F-4E91-8F0A-8051E967B4CC}" = protocol=17 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |
"{DAA7607E-9A3C-4935-B785-290F1F5F0510}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-hostd.exe |
"{E02AF0ED-9D21-4771-A839-05044C7A1A5D}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{E59D11FA-881D-47F4-9345-267C66CEC702}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E80AF879-840C-4E46-80CE-046CEE44F880}" = protocol=6 | dir=out | app=system |
"{EC8D9061-ACFD-4E0F-986E-8122F06672B6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F07500C9-3CA5-40F3-A376-74A5D3B1BC62}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-hostd.exe |
"{F53CCEEB-F15D-4042-90C8-CCB0AB3BBCF6}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-authd.exe |
"{F70D73D3-82FC-430B-AB80-83E08DF44606}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe |
"{F7CA2525-6FBE-4BC5-A60B-C490338EE9B9}" = protocol=17 | dir=in | app=e:\origin games\battlefield 1942\bf1942.exe |
"{F7E7149C-DC01-4F17-B68A-909608E46309}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{FA26B526-3134-40AB-8D0A-87FA82C6D7B6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB036DDF-E101-42F1-B369-FD13144FF8D8}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware server\vmware-authd.exe |
"TCP Query User{37C5317C-D829-4B57-8719-4A9D664D0B75}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{725ADF21-8368-4FDF-8D81-F1E02468D558}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{72FBD669-B270-41F9-AB47-8772F88BB216}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{839F22BB-A53E-420E-9456-0E820CD20DE0}C:\program files (x86)\netbeans 7.2\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netbeans 7.2\bin\netbeans.exe |
"TCP Query User{8FE8851D-A973-4EF1-A6D3-D01D92D6DFC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9C2C9688-661F-48CB-8916-2D0DA2569A11}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{C34676E2-6B6B-4B8C-84A2-E24CD7B0444E}E:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"TCP Query User{D45C3718-2F74-4DDF-9DAA-81A5CA44D4D2}C:\program files\netbeans 7.1\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |
"TCP Query User{E68489C6-AED3-4F01-9390-93D48A32F5D5}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"UDP Query User{02D0A4D1-5425-440D-84A6-AF968CF1C608}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{36946ECD-3D76-4C22-9CBE-A0C215F17ED9}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{3C708125-D350-49A8-B910-C2D98BA68DFB}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{A0DD343A-924B-4228-8220-B6EBE4A2E8A1}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{A3EBAEBB-2254-40C4-98B0-E36028D75047}C:\program files (x86)\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\totalcmd\totalcmd.exe |
"UDP Query User{AD3576EA-89D4-4B74-833B-03628622E6D7}E:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\httpd.exe |
"UDP Query User{BFAC7736-89C0-421D-BA42-DFE706D93A22}C:\program files\netbeans 7.1\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.1\bin\netbeans.exe |
"UDP Query User{D46127E2-CC77-45C8-992D-8D04609C9AA9}C:\program files (x86)\netbeans 7.2\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netbeans 7.2\bin\netbeans.exe |
"UDP Query User{EB1751A3-211F-4C8E-B50E-7C347D1E1BFF}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DD03A94-C815-46EF-A43A-B36694002A7C}" = TortoiseSVN 1.6.16.21511 (64 bit)
"{23170F69-40C1-2702-0915-000001000000}" = 7-Zip 9.15 (x64 edition)
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E3FABF5-C3B9-7F7E-4AAE-977D77D48C51}" = ATI Catalyst Install Manager
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B93D47B2-0862-E2E6-8115-B5DAF7AE3C01}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Firebird ODBC Driver_is1" = Firebird/InterBase(r) ODBC driver 2.0.0.151
"GIMP-2_is1" = GIMP 2.8.2
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"nbi-nb-base-7.1.0.0.0" = NetBeans IDE 7.1
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PuTTY_is1" = PuTTY 0.60 x64
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SP6" = Logitech SetPoint 6.15
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Ultravnc2_is1" = UltraVNC 1.0.8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5662D815-DB58-5082-315B-0326B37EB7CB}" = CCC Help English
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C65C65C-530F-B2DB-BBD7-AF554ABEBBA1}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF08C71F-F822-4416-87A9-2BBF5A8A5F12}" = VMware Server
"{B0F08ACB-6BBA-49A8-8BE9-BBB4C2D8B574}" = G Data AntiVirus 2013
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2F28E39-9813-41D3-8EC9-BAADA38C426D}" = VMware Remote Console Plug-in
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D69D4AE5-717C-5E56-A56F-542EF5F6A84C}" = Catalyst Control Center Graphics Previews Vista
"{DB837E02-82D0-3888-6DEC-D29587CCDC2F}" = ccc-core-static
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F86B6849-38E0-7818-F21E-6DC637932076}" = Catalyst Control Center InstallProxy
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FileZilla Client" = FileZilla Client 3.6.0.2
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!
"GPG4Win" = Gpg4win (2.0.4)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Miranda IM" = Miranda IM 0.10.9
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MyTomTom" = MyTomTom 3.2.0.802
"nbi-nb-base-7.2.0.0.201207171143" = NetBeans IDE 7.2
"Notepad++" = Notepad++
"orgaMAX_is1" = orgaMAX Business Software
"Origin" = Origin
"TeamViewer 7" = TeamViewer 7
"The Regex Coach_is1" = The Regex Coach 0.9.2
"Totalcmd" = Total Commander (Remove or Repair)
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"winscp3_is1" = WinSCP 5.1.2
"xampp" = XAMPP 1.7.4
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2011 01:42:08 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 9.10\Ubuntu
Server 9.10.vmx
Error - 22.12.2011 01:42:09 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Win XP Master\Win XP Master.vmx
Error - 22.12.2011 01:42:10 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 11.04\Ubuntu
Server 11.04.vmx
Error - 23.12.2011 04:26:24 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 9.10\Ubuntu
Server 9.10.vmx
Error - 23.12.2011 04:26:25 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Win XP Master\Win XP Master.vmx
Error - 23.12.2011 04:26:26 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 11.04\Ubuntu
Server 11.04.vmx
Error - 23.12.2011 09:52:07 | Computer Name = PC-Buero | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 24.12.2011 04:32:33 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 9.10\Ubuntu
Server 9.10.vmx
Error - 24.12.2011 04:32:34 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Win XP Master\Win XP Master.vmx
Error - 24.12.2011 04:32:35 | Computer Name = PC-Buero | Source = vmauthd | ID = 100
Description = Cannot connect to VMX: D:\Virtual Machines\Ubuntu Server 11.04\Ubuntu
Server 11.04.vmx
[ System Events ]
Error - 30.12.2012 09:27:38 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:27:38 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:27:38 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:27:38 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:27:55 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 09:27:55 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 09:27:55 | Computer Name = PC-Buero | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 30.12.2012 09:28:18 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 09:28:19 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
Error - 30.12.2012 09:31:27 | Computer Name = PC-Buero | Source = DCOM | ID = 10005
Description =
< End of report >
Geändert von mike_x (30.12.2012 um 18:16 Uhr) |
| Themen zu GVU-Trojaner ... hat mich auch erwischt :( |
| 7-zip, abgesicherten, ausgelastet, betriebs, blockiert, board, canon, datei, dsgsdgdsgdsgw.pad, erwischt, gdata, gleichzeitig, gvu - trojaner, infizierte, install.exe, java, league of legends, logfile, malwarebytes, modus, nichts, origin, pando media booster, plug-in, prüfen, rechner, richtlinie, scan, scanner, seite, spielen, starten, system, total commander, trojaner, user agent, vdeck.exe, virenscan, virenscanner, visual studio, zugriff |
Baum-Darstellung