|
Plagegeister aller Art und deren Bekämpfung: ILIVIT was Nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.01.2013, 14:58 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ILIVIT was Nun? Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
12.01.2013, 18:17 | #17 |
| ILIVIT was Nun? Hallo
__________________anbei die gewünschten logfiles: 1. logfile Code:
ATTFilter OTL logfile created on: 12.01.2013 16:42:01 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Otto\Desktop\Trojaner Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 60,14% Memory free 6,00 Gb Paging File | 4,13 Gb Available in Paging File | 68,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 264,73 Gb Total Space | 152,12 Gb Free Space | 57,46% Space Free | Partition Type: NTFS Drive D: | 33,36 Gb Total Space | 8,29 Gb Free Space | 24,84% Space Free | Partition Type: NTFS Drive E: | 251,31 Gb Total Space | 84,91 Gb Free Space | 33,78% Space Free | Partition Type: NTFS Drive F: | 104,34 Gb Total Space | 29,70 Gb Free Space | 28,47% Space Free | Partition Type: NTFS Drive G: | 110,10 Gb Total Space | 18,69 Gb Free Space | 16,98% Space Free | Partition Type: NTFS Drive N: | 298,08 Gb Total Space | 61,18 Gb Free Space | 20,52% Space Free | Partition Type: NTFS Computer Name: OTTO-PC | User Name: Otto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Otto\Desktop\Trojaner\OTL.exe (OldTimer Tools) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\Vid HD\Vid.exe (Logitech Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Ashampoo\Ashampoo WinOptimizer 2012\DfSdkS.exe (mst software GmbH, Germany) PRC - C:\Programme\Roxio 2010\5.0\CPMonitor.exe () PRC - C:\Programme\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Programme\Common Files\LogiShrd\SharedBin\LvApi11.dll () MOD - C:\Programme\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe () MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Programme\Logitech\Vid HD\vpxmd.dll () MOD - C:\Programme\Logitech\Vid HD\SDL.dll () MOD - C:\Programme\Roxio 2010\5.0\CPMonitor.exe () MOD - C:\Programme\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Programme\Logitech\Vid HD\QtNetwork4.dll () MOD - C:\Programme\Logitech\Vid HD\QtCore4.dll () MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qico4.dll () MOD - C:\Programme\Logitech\Vid HD\plugins\imageformats\qgif4.dll () MOD - C:\Programme\Logitech\Vid HD\QtWebKit4.dll () MOD - C:\Programme\Logitech\Vid HD\QtXml4.dll () MOD - C:\Programme\Logitech\Vid HD\QtSql4.dll () MOD - C:\Programme\Logitech\Vid HD\QtOpenGL4.dll () MOD - C:\Programme\Logitech\Vid HD\QtGui4.dll () MOD - C:\Programme\Logitech\Vid HD\phonon4.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2012\DfSdkS.exe (mst software GmbH, Germany) SRV - (RoxWatch12) -- C:\Programme\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions) SRV - (RoxMediaDB12) -- C:\Programme\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (kltdi) -- C:\Windows\System32\drivers\kltdi.sys (Kaspersky Lab) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (klkbdflt) -- C:\Windows\System32\drivers\klkbdflt.sys (Kaspersky Lab) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (kneps) -- C:\Windows\System32\drivers\kneps.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation) DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (hotcore3) -- C:\Windows\System32\drivers\hotcore3.sys (Paragon Software Group) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (HCW85BDA) -- C:\Windows\System32\drivers\HCW85BDA.sys (Hauppauge Computer Works) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation) DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 F2 6E C9 C3 93 CC 01 [binary data] IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledAddons: online_banking@kaspersky.com:13.0.1.4250 FF - prefs.js..extensions.enabledAddons: passworddepot@acebit.com:6.2.1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.23 22:46:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.23 22:46:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.23 22:46:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.23 22:46:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.23 22:46:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\passworddepot@acebit.com: C:\Program Files\AceBIT\Password Depot 6\Firefox\ [2012.12.29 12:55:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.02 11:04:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.12 11:54:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.28 12:46:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.25 21:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otto\AppData\Roaming\mozilla\Extensions [2011.11.22 08:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otto\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.11.28 19:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Otto\AppData\Roaming\mozilla\Firefox\Profiles\28129ckv.default\extensions [2012.11.26 15:29:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Otto\AppData\Roaming\mozilla\Firefox\Profiles\28129ckv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.11.23 19:21:22 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\28129ckv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.27 14:55:32 | 000,001,052 | ---- | M] () -- C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\28129ckv.default\searchplugins\ashampoo-de-customized-web-search.xml [2012.11.25 15:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.26 11:26:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.31 17:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.25 15:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2011.10.26 12:28:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2011.10.26 12:28:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.12.29 12:55:42 | 000,000,000 | ---D | M] (Password Depot Extension) -- C:\PROGRAM FILES\ACEBIT\PASSWORD DEPOT 6\FIREFOX [2012.12.23 22:46:52 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2012.06.26 11:26:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.08.31 17:38:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.25 15:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.07.16 17:18:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.16 17:18:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.16 17:18:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.16 17:18:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.16 17:18:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.16 17:18:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.16 17:18:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchqu.com/406 O1 HOSTS File: ([2013.01.12 09:19:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Password Depot 6) - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\pdIEAddOn32.dll (AceBIT) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio 2010\5.0\CPMonitor.exe () O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_MX_Plus\Trayserver_DE.exe (MAGIX AG) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Password Depot 6 - {9F79B165-70F7-4C46-B1A5-8828E2FF21F9} - C:\Program Files\AceBIT\Password Depot 6\PasswordDepot.exe (AceBIT GmbH) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4F6A13A-9784-4DDA-AAAA-583CE94E9CAA}: NameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 19:34:22 | 000,000,000 | ---D | C] -- C:\_OTL [2013.01.09 21:41:59 | 000,000,000 | ---D | C] -- C:\Users\Otto\Desktop\Trojaner [2013.01.09 19:53:06 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.09 19:52:08 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.01.09 19:52:07 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.01.09 19:52:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.01.09 19:52:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 19:52:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 19:52:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 19:52:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 19:52:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 19:52:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.01.09 19:52:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 19:52:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 19:52:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 19:52:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.01.09 19:52:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 19:52:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 19:52:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 19:52:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 19:52:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 19:52:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.01.09 19:51:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs [2013.01.09 19:51:03 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs [2013.01.09 19:51:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs [2013.01.09 19:51:03 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs [2013.01.09 19:51:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs [2013.01.09 19:51:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs [2013.01.09 19:51:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2013.01.09 19:51:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs [2013.01.09 19:51:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs [2013.01.09 19:51:02 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013.01.09 19:51:02 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2013.01.09 19:51:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs [2013.01.09 19:51:01 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs [2013.01.09 19:51:01 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2013.01.09 19:51:01 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs [2013.01.09 19:51:01 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs [2013.01.09 19:50:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.09 19:50:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013.01.08 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\Otto\Desktop\Neuer Ordner [2013.01.08 16:25:40 | 000,000,000 | ---D | C] -- C:\Users\Otto\AppData\Roaming\Malwarebytes [2013.01.08 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.08 16:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.08 16:24:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.08 16:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.08 16:24:38 | 000,000,000 | ---D | C] -- C:\Users\Otto\AppData\Local\Programs [2013.01.04 10:24:57 | 000,000,000 | ---D | C] -- C:\Users\Otto\Documents\Roxio [2012.12.29 12:55:42 | 000,729,424 | ---- | C] (WeOnlyDo Software) -- C:\Windows\System32\wodSFTP.dll [2012.12.29 12:55:42 | 000,672,024 | ---- | C] (WeOnlyDo! COM) -- C:\Windows\System32\wodKeys.dll [2012.12.23 22:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2012.12.23 22:23:17 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2012.12.21 15:56:31 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.21 15:56:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll ========== Files - Modified Within 30 Days ========== [2013.01.12 16:17:50 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 16:17:50 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 16:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 16:09:21 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2013.01.12 09:19:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2013.01.11 12:21:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.10 08:31:44 | 000,494,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.09 21:47:25 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.09 21:47:25 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.09 19:58:37 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.09 19:58:37 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.09 19:58:37 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.09 19:58:37 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.09 09:42:13 | 000,000,000 | ---- | M] () -- C:\Users\Otto\defogger_reenable [2013.01.04 10:31:38 | 000,008,432 | ---- | M] () -- C:\Users\Otto\AppData\Local\rx_audio.Cache [2013.01.04 08:48:44 | 000,000,000 | ---- | M] () -- C:\Users\Otto\AppData\Local\rx_image32.Cache [2012.12.29 12:55:43 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Password Depot 6.lnk [2012.12.25 17:00:07 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.24 10:01:05 | 000,002,290 | ---- | M] () -- C:\Users\Otto\Desktop\Sicherer Zahlungsverkehr.lnk [2012.12.23 22:46:30 | 000,043,608 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\kltdi.sys [2012.12.23 22:46:29 | 000,589,144 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.12.23 22:46:29 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klmouflt.sys [2012.12.23 22:46:29 | 000,025,944 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klkbdflt.sys [2012.12.23 22:24:22 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.01.12 11:54:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.01.09 09:42:13 | 000,000,000 | ---- | C] () -- C:\Users\Otto\defogger_reenable [2013.01.04 08:49:34 | 000,008,432 | ---- | C] () -- C:\Users\Otto\AppData\Local\rx_audio.Cache [2013.01.04 08:48:44 | 000,000,000 | ---- | C] () -- C:\Users\Otto\AppData\Local\rx_image32.Cache [2012.12.25 16:56:49 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.23 22:31:11 | 000,002,290 | ---- | C] () -- C:\Users\Otto\Desktop\Sicherer Zahlungsverkehr.lnk [2012.12.23 22:26:00 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2012.04.29 18:26:55 | 000,000,883 | ---- | C] () -- C:\Users\Otto\.recently-used.xbel [2012.02.13 11:13:44 | 000,000,068 | ---- | C] () -- C:\Windows\spwdrg.INI [2012.02.13 11:13:34 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini [2012.02.13 11:13:13 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2012.02.13 11:13:13 | 000,019,584 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2012.02.13 11:13:13 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2012.02.13 11:13:13 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2012.02.13 11:13:09 | 000,178,176 | ---- | C] () -- C:\Windows\System32\StellarProfile.dll [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2012.01.18 05:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2012.01.09 20:19:10 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.04 11:35:26 | 000,017,408 | ---- | C] () -- C:\Users\Otto\AppData\Local\WebpageIcons.db [2011.10.27 17:30:18 | 000,003,584 | ---- | C] () -- C:\Users\Otto\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.25 18:47:26 | 000,262,678 | ---- | C] () -- C:\Windows\hpwins23.dat [2011.10.25 18:47:25 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.01.2013 16:42:01 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Otto\Desktop\Trojaner Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 60,14% Memory free 6,00 Gb Paging File | 4,13 Gb Available in Paging File | 68,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 264,73 Gb Total Space | 152,12 Gb Free Space | 57,46% Space Free | Partition Type: NTFS Drive D: | 33,36 Gb Total Space | 8,29 Gb Free Space | 24,84% Space Free | Partition Type: NTFS Drive E: | 251,31 Gb Total Space | 84,91 Gb Free Space | 33,78% Space Free | Partition Type: NTFS Drive F: | 104,34 Gb Total Space | 29,70 Gb Free Space | 28,47% Space Free | Partition Type: NTFS Drive G: | 110,10 Gb Total Space | 18,69 Gb Free Space | 16,98% Space Free | Partition Type: NTFS Drive N: | 298,08 Gb Total Space | 61,18 Gb Free Space | 20,52% Space Free | Partition Type: NTFS Computer Name: OTTO-PC | User Name: Otto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{083BF138-6E84-4E1F-BE40-4CEF0F898AE7}" = lport=139 | protocol=6 | dir=in | app=system | "{114C2081-F2F5-4FC3-AD6E-F5B1D2F7B5DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1B5E58F3-C714-482F-AD02-94803B81DDDB}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 | "{20AC2EB2-1AAE-4236-BEC6-89F874F9AF79}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{27B8973E-53D3-4835-A7A8-161E0AB0F5C3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2B20E75A-74CA-4701-B8CB-65EB74C40E2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2F5F6C7B-9FC1-4F92-A24C-4E4308DD4416}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{350DC5E4-2115-4FAF-BDA7-7E2D922E01FA}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 | "{4613D81B-4125-4412-8C46-7DE764EF5041}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{48822FA1-7D09-4BFF-BA37-41DFFB5C4C0C}" = lport=2869 | protocol=6 | dir=in | app=system | "{53274272-9A6F-4B4D-A850-EC1E499BB10F}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 | "{6AE4A552-F0E1-4F9B-AC34-2F7464AD86BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{711A5652-9F88-4063-96E0-5CB7AD0444A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{74BC890F-1826-41D3-9CA4-EDCB18481DFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{75697AF8-4552-4215-95D1-A47FA1E9C90E}" = lport=445 | protocol=6 | dir=in | app=system | "{8DC5B286-2562-4902-8CEA-3A5FB8358EE1}" = lport=10243 | protocol=6 | dir=in | app=system | "{9C900D4A-01D6-4D66-AC4C-C8827C83F8E5}" = lport=138 | protocol=17 | dir=in | app=system | "{9D3D6206-E480-4419-85C0-B49A90CDCB37}" = rport=139 | protocol=6 | dir=out | app=system | "{AD960569-CB3E-4996-A84B-0C55DACA0DC9}" = rport=138 | protocol=17 | dir=out | app=system | "{AF0EC3FA-4B97-4A4F-97D8-B7496C360E50}" = rport=445 | protocol=6 | dir=out | app=system | "{BCA9564C-AC77-4B3C-A089-60932B5363EE}" = lport=137 | protocol=17 | dir=in | app=system | "{C94A7DDA-9D65-46FC-86C3-5F2C4E0141E5}" = rport=10243 | protocol=6 | dir=out | app=system | "{D7CD75AE-18C2-49D0-98FD-9A0F0234E46B}" = rport=137 | protocol=17 | dir=out | app=system | "{D9AA1CF9-748F-4674-9A79-2B172070F4BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F4692A46-BC0F-4608-9F75-9313F0667E42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FBBA0F5E-F034-40C5-8433-249454C4526A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06F315F8-F04B-4A4A-B2CA-42908CA633A7}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | "{08741185-B729-4561-9185-0D1BDD1DEFA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{0CC806EE-4F14-4BB1-B24F-4F92A4A9A111}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0E294D10-DED2-45F4-9B65-F6EE96475C53}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "{154E4980-3C34-4304-B575-1BFE7713DBF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{1628B41C-DF9C-45A4-AB6A-E2AE360DEF53}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "{1998E0B6-AC61-488D-867A-7BC84C8F8CF4}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{1A1A291E-278E-437B-8F6B-BE462FACE4D5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{1AB3EF78-CE6B-4098-A589-738801999C73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{231227B6-1F7E-4032-9BC4-E4ADEEB1836E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2D9C4E26-1049-4504-9CC6-0E9F027A68FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{301B82FE-59A6-4715-A243-70F0F9A3C45B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{305857A2-2382-48E3-8773-39A703A8F62B}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | "{3188C832-530A-4596-B6E8-F556FE24701B}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{32205048-F589-4C1F-A308-ACF1E255749C}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "{3750EDE9-BBB6-4682-91A4-6D82A8248D8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4128BC4F-E13C-4581-9E30-13A79A5EA74A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{43AD642B-D416-47E7-8132-2DC791F4744A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{4806C9B3-8DD3-4FBB-AE5E-54E81F706932}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{51E88E01-C49E-46AA-AFF3-1F63320D7391}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | "{56AE19B4-4166-4FF9-97D8-5CC276BC193E}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{602CEA32-7888-4EBD-A1A2-D32E8343E5DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6595EAB7-CE4B-4E12-85E6-B41DC72A7AAF}" = protocol=6 | dir=out | app=system | "{65E9FFC6-4EEC-437C-BFFD-1746E05D2CC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{78601BB6-24C4-4A8B-9C53-16BFB318C14D}" = protocol=6 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | "{8AD2D5C4-4E1A-465E-8C03-240C04D5C186}" = dir=in | app=c:\users\otto\appdata\local\microsoft\skydrive\skydrive.exe | "{8C968F11-00F0-4D93-9EBA-3D9693F9C140}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{986A9947-358C-4F1D-9F20-33F9D7E99394}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{A0507EFC-B513-499E-94D9-445BA5C9662B}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | "{A0BCF92A-0201-4632-8FCD-D9EA33D332F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{AAA12C1D-D447-4AA1-8A2F-DA975330D83C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{AFAB0714-102D-4419-BA0C-E5C645A22A38}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B15BF81B-0B46-4FC6-8CD3-A77FC59B3E8D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B5D894E2-F799-4385-B97D-C7F445B46786}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B7CCBAA2-A91E-49DE-B980-B1C7434B920E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B94C5D7B-BE0E-43CB-B564-D5DBDEDAB39F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{B9AFCA81-D87D-4A1A-AC88-5B36588A47D3}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{C147427D-37FE-4446-8DFA-4160EA8BFEC9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{C420A589-5CFD-478D-AF60-8EB0A07162DF}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{C486245C-6DBB-4CB7-9074-8FFF492BFCF3}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{C4F0D6F6-D825-43DA-A0AE-19FDE1967380}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{C8BA1CDB-3F4F-49EB-98C6-B4F80046A8E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CAC26B64-50F2-4CE8-81F7-55B012C2D575}" = dir=in | app=c:\program files\rapidsolution\audials 9\audials.exe | "{CBAAD424-AD5B-4AE2-A428-2B0CEF452AB7}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "{CD8DB808-A7C5-4AA1-8E7D-19BC44462F77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CEDC1D06-9EF9-4D9F-A51E-B67AA67A73F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D3DBB4AC-F436-4313-A3B7-AC78FEDA47C6}" = protocol=17 | dir=in | app=c:\program files\starmoney 8.0\app\starmoney.exe | "{DE030006-6650-4D17-B202-95625D66B40F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E32AC352-6D3E-4234-AF7E-05DEEC387D18}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{E3EC3FE1-7278-4F34-B8FC-FA80DD41B9E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{EB84F299-490F-4BD2-9FBE-92842BF9A3A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{EBC2585C-0F9D-480C-BD74-291D09DC0E4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F168A59A-C7D6-4ACF-9539-15DEBA0A9B10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F437F8AB-5145-4A20-8B14-977F046BF84F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD45AC57-CA0C-4593-922F-4E4691DD9151}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "TCP Query User{BACFDD7E-1E08-41FE-86D6-718DA07EDD1A}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "UDP Query User{AA7C322C-6381-4AC4-A6D7-1DAFCEF37F88}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{026B0D6F-C5E5-4950-AB17-66B2335E6160}" = Roxio WinOnCD 2010 "{0435DCA4-2633-4290-BB5C-58A52F2B77A3}" = MagicMaps Tour Explorer 25 Deutschland 5 Demo "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{067D2172-F8F3-477D-B4EE-0B0AA967D544}" = Vasco da Gama 5 HDPro "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{09431E25-F7CE-488F-9910-9279F00A742A}" = MAGIX Fotos auf DVD 2013 Deluxe (Filmtrailer) "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network "{0DE9B74C-4FF3-4AFF-8026-58CE0DA157EF}" = MAGIX Music Maker Soundtrack Edition (Synthesizer und Effekte) "{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{13608872-D05A-43C8-A9A3-F565B504DD61}" = MAGIX Music Maker Soundtrack Edition "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{1442E56B-CCAD-4F3E-86A5-748CCAAAB143}" = MAGIX Fotos auf DVD 2013 Deluxe (Bild-in-Bild Demo-Projekt) "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2394D226-2129-41B1-A42E-163251318D91}" = MAGIX Music Maker Soundtrack Edition Soundpools "{24109D13-A0E6-460C-99E2-12CA7C09EAA7}" = MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 2) "{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV "{258D56DE-24F2-479E-BED2-8103CB0B9D58}" = MAGIX Video deluxe 2013 Plus "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2EFD2A73-A219-44AF-8017-BFBCA4DB455C}" = MAGIX Video deluxe 2013 Plus (Überblendeffekte) "{35F6D705-750C-4635-AF60-035FAEDA2FC0}" = MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 1) "{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition "{3ACC4600-1D54-4484-9484-AF9BD4DB262C}" = MAGIX Video deluxe MX Plus "{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D8C348D-FE2E-46FA-8899-23B043D673D2}" = MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 1) "{3DC4C012-CC0A-4663-9F64-1D956F97ADE2}" = MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 2) "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{432C4A13-0414-4B0C-AB3F-F89B99F453AB}" = MAGIX Video deluxe 2013 Plus (Designelemente) "{437B9AF4-4734-4BE7-A656-8FA5A6756DD7}" = MAGIX Video deluxe Plus 2013 Update "{455E207E-5625-4D07-A420-CAF153BEC7E9}" = MAGIX Goya burnR (MSI) "{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}" = MAGIX Slideshow Maker 2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4CAD11B3-9066-4106-B7A0-CCFB466DED13}" = MAGIX Foto Manager MX Deluxe "{4D0AAB66-E604-4E82-A5AF-01AB97CB506D}" = Roxio WinOnCD 2010 Content "{539C8989-6AED-480F-AAFF-F66BC420E723}" = MAGIX Video deluxe 2013 Plus (Titeleffekte) "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{56EC4F76-BF2D-476E-947F-DF627EA71630}" = MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 2) "{57F4B170-E76D-47F9-B6BA-F3D4FB7445B6}" = MAGIX Fotos auf DVD 2013 Deluxe "{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5B5A4F65-E053-4F25-0001-2DAEF860F2F8}" = QuickConvert Media deLuxe "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{619A0D15-9CC3-477D-B4B0-EFC4E7122EEE}" = ODF Add-In für Microsoft Office "{645130F2-E3A2-4426-9BFD-D5E1691D8FA3}" = MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 2) "{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext "{697B2DF7-8E11-49F2-9DE6-27860D400161}" = MAGIX Foto Manager 10 Deluxe Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{7008FDC2-9B1A-4398-BE02-5365B578471A}" = MAGIX Music Maker Soundtrack Edition (Demosongs) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer "{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.12 SE "{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio WinOnCD 2010 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2 "{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7FA32C2E-E218-4A04-966D-DECCB0B9C81E}" = MAGIX Speed 2 (MSI) "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{837E620D-B93E-4D84-A753-BE1DBEB716B1}" = StarMoney "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB "{86F4B795-EA3D-48BD-ADFA-DA44B39059F9}" = StarMoney "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{897E988E-A520-412B-99B9-3D04904FA6D3}" = MAGIX Fotos auf DVD 2013 Deluxe (Soundtrack Maker-Stile) "{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio WinOnCD 2010 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{94E0FA7F-B3CD-4B61-B311-B067C610C10F}" = Steuer-Spar-Erklärung Vermieter 2011 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{953D4F60-9038-44EB-A867-6DFCDFFB6AA8}" = MAGIX Fotos auf DVD 2013 Deluxe (Überblendeffekte) "{96F42FA9-4F2C-4FF8-A2A7-9ED57B9621B1}" = Vita String Ensemble "{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A13E8FDC-955C-495D-BC66-345F034D8EBA}" = MAGIX Fotos auf DVD MX Download-Version "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2CC226F-19E6-4ECB-B089-5E944E044AF1}" = MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 1) "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A497603A-4E61-4174-A010-727C479745B3}" = MAGIX Video deluxe 2013 Plus (Individuelle Menüvorlagen) "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver "{A6220638-BD21-4541-B53E-6AB730C0CF43}" = MAGIX Foto Manager 10 "{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A86D16EF-7036-4A2D-A9C4-BB394563F943}" = AudialsOne "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92969A9-5595-4919-9D7B-34CE35C7E8EF}" = MAGIX Video deluxe 2013 Plus (Soundtrack Maker-Stile) "{AA5D931C-C171-4D07-82B6-C052105F74DC}" = MAGIX Screenshare "{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs "{AAE587E4-E661-4DB5-96DF-6E31C548F186}_is1" = Password Depot 6 "{AAE67184-CE3D-4B92-BD5D-1B448301BCCE}" = MAGIX Speed burnR (MSI) "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013 "{AEF35DCE-5F53-43CF-AA71-6BE270C3AF10}" = MAGIX Fotos auf DVD 2013 Deluxe (Nachvertonungsarchiv) "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B402AD7F-4F13-432E-B42C-39FA8B2EA215}" = MAGIX Video deluxe 2013 Plus (Menüvorlagen 1) "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE55D9F0-3F12-4C7E-8AA2-7432FE145D35}" = NebenkostenAbrechnung "{C607265F-86AA-4B42-9F9B-D0ED2E4AACA6}" = 6500_E709a "{C989667E-9CB4-49EA-BCA8-FECB9B25C8C5}" = MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 1) "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012 "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{DA078193-6951-49D6-9702-0E92B569E182}" = Audials "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution "{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E47E6040-9649-11DE-8BF6-005056C00008}" = Paragon System Upgrade Utilities™ 2010 "{E586CDBD-B2F6-4AF9-89EA-C206F3A4BD91}" = MAGIX Video deluxe 2013 Plus (Filmvorlagen) "{E6B6A382-204E-4115-B276-B866939D1591}" = MAGIX Video deluxe 2013 Plus (Menüvorlagen 2) "{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2 "{EB13DF91-4D92-43A7-93BC-4D080D2E8227}" = MAGIX Fotos auf DVD 2013 Deluxe (Individuelle Menüvorlagen) "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F18C20D6-948B-4C85-9404-447FDF2D18D7}" = StarMoney 8.0 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FBA359C1-5530-45AB-ACA3-56C7693612DA}" = MAGIX Fotos auf DVD 2013 Deluxe (Titeleffekte) "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Ashampoo WinOptimizer 2012_is1" = Ashampoo WinOptimizer 2012 v.8.1.4 "de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service "Foxit Reader_is1" = Foxit Reader "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPOCR" = OCR Software by I.R.I.S. 14.0 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "IrfanView" = IrfanView (remove only) "Logitech Vid" = Logitech Vid HD "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9 "MAGIX Fotos auf CD & DVD 9 deluxe D" = MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Speed burnR D" = MAGIX Speed burnR "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 "MAGIX_{09431E25-F7CE-488F-9910-9279F00A742A}" = MAGIX Fotos auf DVD 2013 Deluxe (Filmtrailer) "MAGIX_{0DE9B74C-4FF3-4AFF-8026-58CE0DA157EF}" = MAGIX Music Maker Soundtrack Edition (Synthesizer und Effekte) "MAGIX_{13608872-D05A-43C8-A9A3-F565B504DD61}" = MAGIX Music Maker Soundtrack Edition "MAGIX_{1442E56B-CCAD-4F3E-86A5-748CCAAAB143}" = MAGIX Fotos auf DVD 2013 Deluxe (Bild-in-Bild Demo-Projekt) "MAGIX_{24109D13-A0E6-460C-99E2-12CA7C09EAA7}" = MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 2) "MAGIX_{258D56DE-24F2-479E-BED2-8103CB0B9D58}" = MAGIX Video deluxe 2013 Plus "MAGIX_{2EFD2A73-A219-44AF-8017-BFBCA4DB455C}" = MAGIX Video deluxe 2013 Plus (Überblendeffekte) "MAGIX_{35F6D705-750C-4635-AF60-035FAEDA2FC0}" = MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 1) "MAGIX_{3D8C348D-FE2E-46FA-8899-23B043D673D2}" = MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 1) "MAGIX_{3DC4C012-CC0A-4663-9F64-1D956F97ADE2}" = MAGIX Fotos auf DVD 2013 Deluxe (Fotoshow Maker-Stile 2) "MAGIX_{432C4A13-0414-4B0C-AB3F-F89B99F453AB}" = MAGIX Video deluxe 2013 Plus (Designelemente) "MAGIX_{455E207E-5625-4D07-A420-CAF153BEC7E9}" = MAGIX Goya burnR (MSI) "MAGIX_{48897B17-3DD2-4BAA-A81D-4E4EA8E9FD51}" = MAGIX Slideshow Maker 2 "MAGIX_{4CAD11B3-9066-4106-B7A0-CCFB466DED13}" = MAGIX Foto Manager MX Deluxe "MAGIX_{539C8989-6AED-480F-AAFF-F66BC420E723}" = MAGIX Video deluxe 2013 Plus (Titeleffekte) "MAGIX_{56EC4F76-BF2D-476E-947F-DF627EA71630}" = MAGIX Fotos auf DVD 2013 Deluxe (Menüvorlagen 2) "MAGIX_{57F4B170-E76D-47F9-B6BA-F3D4FB7445B6}" = MAGIX Fotos auf DVD 2013 Deluxe "MAGIX_{645130F2-E3A2-4426-9BFD-D5E1691D8FA3}" = MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 2) "MAGIX_{7008FDC2-9B1A-4398-BE02-5365B578471A}" = MAGIX Music Maker Soundtrack Edition (Demosongs) "MAGIX_{897E988E-A520-412B-99B9-3D04904FA6D3}" = MAGIX Fotos auf DVD 2013 Deluxe (Soundtrack Maker-Stile) "MAGIX_{953D4F60-9038-44EB-A867-6DFCDFFB6AA8}" = MAGIX Fotos auf DVD 2013 Deluxe (Überblendeffekte) "MAGIX_{A2CC226F-19E6-4ECB-B089-5E944E044AF1}" = MAGIX Video deluxe 2013 Plus (Fotoshow Maker-Stile 1) "MAGIX_{A497603A-4E61-4174-A010-727C479745B3}" = MAGIX Video deluxe 2013 Plus (Individuelle Menüvorlagen) "MAGIX_{A92969A9-5595-4919-9D7B-34CE35C7E8EF}" = MAGIX Video deluxe 2013 Plus (Soundtrack Maker-Stile) "MAGIX_{AA5D931C-C171-4D07-82B6-C052105F74DC}" = MAGIX Screenshare "MAGIX_{AAE67184-CE3D-4B92-BD5D-1B448301BCCE}" = MAGIX Speed burnR (MSI) "MAGIX_{AEF35DCE-5F53-43CF-AA71-6BE270C3AF10}" = MAGIX Fotos auf DVD 2013 Deluxe (Nachvertonungsarchiv) "MAGIX_{B402AD7F-4F13-432E-B42C-39FA8B2EA215}" = MAGIX Video deluxe 2013 Plus (Menüvorlagen 1) "MAGIX_{C989667E-9CB4-49EA-BCA8-FECB9B25C8C5}" = MAGIX Fotos auf DVD 2013 Deluxe (Designelemente 1) "MAGIX_{E586CDBD-B2F6-4AF9-89EA-C206F3A4BD91}" = MAGIX Video deluxe 2013 Plus (Filmvorlagen) "MAGIX_{E6B6A382-204E-4115-B276-B866939D1591}" = MAGIX Video deluxe 2013 Plus (Menüvorlagen 2) "MAGIX_{EB13DF91-4D92-43A7-93BC-4D080D2E8227}" = MAGIX Fotos auf DVD 2013 Deluxe (Individuelle Menüvorlagen) "MAGIX_{FBA359C1-5530-45AB-ACA3-56C7693612DA}" = MAGIX Fotos auf DVD 2013 Deluxe (Titeleffekte) "MAGIX_GlobalContent" = MAGIX Content und Soundpools "MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10 "MAGIX_MSI_Fotos_auf_CD_DVD_MX" = MAGIX Fotos auf DVD MX Download-Version "MAGIX_MSI_Videodeluxe18_plus" = MAGIX Video deluxe MX Plus "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MozBackup" = MozBackup 1.4.10 "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de) "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "Nokia Suite" = Nokia Suite "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "proDAD-Adorage-3.0" = proDAD Adorage 3.0 "proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5 "SopCast" = SopCast 3.4.7 "SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1 "Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V4.1 "SystemRequirementsLab" = System Requirements Lab "TomTom HOME" = TomTom HOME 2.8.3.2499 "VLC media player" = VLC media player 1.1.5 "WinGimp-2.0_is1" = GIMP 2.6.8 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3143349830-2153452287-2984029701-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.04.2012 14:47:19 | Computer Name = Otto-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 16.04.2012 14:49:02 | Computer Name = Otto-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 17.04.2012 03:28:59 | Computer Name = Otto-PC | Source = VSS | ID = 13 Description = Error - 17.04.2012 03:28:59 | Computer Name = Otto-PC | Source = VSS | ID = 8193 Description = Error - 17.04.2012 03:28:59 | Computer Name = Otto-PC | Source = VSS | ID = 13 Description = Error - 17.04.2012 03:28:59 | Computer Name = Otto-PC | Source = VSS | ID = 8193 Description = Error - 17.04.2012 12:08:25 | Computer Name = Otto-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Videodeluxe.exe, Version: 11.0.3.0, Zeitstempel: 0x4e82dae9 Name des fehlerhaften Moduls: Videodeluxe.exe, Version: 11.0.3.0, Zeitstempel: 0x4e82dae9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002a3685 ID des fehlerhaften Prozesses: 0x1c80 Startzeit der fehlerhaften Anwendung: 0x01cd1cb18bb60f0a Pfad der fehlerhaften Anwendung: C:\Program Files\MAGIX\Video_deluxe_MX_Plus\Videodeluxe.exe Pfad des fehlerhaften Moduls: C:\Program Files\MAGIX\Video_deluxe_MX_Plus\Videodeluxe.exe Berichtskennung: 8f6a42d5-88a7-11e1-8a2a-001d609236a3 [ Media Center Events ] Error - 07.05.2012 02:44:42 | Computer Name = Otto-PC | Source = MCUpdate | ID = 0 Description = 08:44:29 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status 404: Die angeforderte URL ist auf diesem Server nicht vorhanden. ) [ OSession Events ] Error - 28.12.2011 06:21:04 | Computer Name = Otto-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 75 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 12.01.2013 05:13:24 | Computer Name = Otto-PC | Source = DCOM | ID = 10010 Description = Error - 12.01.2013 06:51:42 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Hard Drive Watcher 12 erreicht. Error - 12.01.2013 06:54:13 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 12.01.2013 06:54:13 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 12.01.2013 07:45:29 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Hard Drive Watcher 12 erreicht. Error - 12.01.2013 07:47:59 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 12.01.2013 07:47:59 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 12.01.2013 11:10:14 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Roxio Hard Drive Watcher 12 erreicht. Error - 12.01.2013 11:12:45 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 12.01.2013 11:12:45 | Computer Name = Otto-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Schönen Samstagabend Otto |
13.01.2013, 19:39 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ILIVIT was Nun? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
14.01.2013, 15:03 | #19 |
| ILIVIT was Nun? Hallo, ich melde mich also noch einmal. Mir fällt auf, dass bei den logfiles, die ich am Samstag gepostet habe aber immer noch ein Eintrag: https://www.searchqu.com/406 war. heißt das nichts und ist dies keine Gefahr? Also anbei die logfile: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.14.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Otto :: OTTO-PC [Administrator] Schutz: Aktiviert 14.01.2013 12:18:33 mbam-log-2013-01-14 (12-18-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 634200 Laufzeit: 2 Stunde(n), 41 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke Otto |
14.01.2013, 15:38 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ILIVIT was Nun? Ich seh da nur noch einen Eintrag zu Searchqu - und der ist im ChromeBrowser
__________________ Logfiles bitte immer in CODE-Tags posten |
14.01.2013, 20:23 | #21 |
| ILIVIT was Nun? Hallo cosinus ja, das ist richtig, der Hinweis auf searchqu.com/407 ist da und verweist auf google chrome. Nur was mich daran wundert, ich habe den google chrome browser überhaupt nicht installiert. Ich habe ihn allerdings mal installiert gehabt, um zu testen, wie er ist, habe ihn dann vor einiger Zeit wieder gelöscht. Ist denn dieser Eintrag ein Hinweis auf einen Schädling, oder kann ich es vergessen. Ganz aktuelle, ich habe ESET alles durchchecken lassen. Es wurde ein Schädling gemeldet: Trojaner: win32/startpage.oie trojan Der Onlinescaner hat dies dann gelöscht. Wenn ich dann aber unter "manage quarantine" nachschaue" taucht auf einmal ein Hinweis auf eine geladene Datei von VLC auf. Ich habe diesen Mediaplayer "an Bord". Nun weiß ich gar nichts mehr, ob noch "Schädlinge" oder trojaner an Bord sind. Kannst du mir bitte noch einmal helfen?? Danke Otto |
14.01.2013, 22:18 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ILIVIT was Nun? Wenn du Chrome garnicht mehr installiert hast und auch nicht mehr nutzen wirst ist das eh völlig Banane Einfach nur eine Einstellung im Chrome-Profil wenn du so willst. Und das Log von ESET will ich schon komplett sehen
__________________ Logfiles bitte immer in CODE-Tags posten |
14.01.2013, 23:16 | #23 |
| ILIVIT was Nun? Hallo, leider hat eset keine logfile angelegt. Ich weiß nicht wo ich sie finden könnte. Was soll ich tun? Danke |
15.01.2013, 09:15 | #24 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | ILIVIT was Nun?Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (15.01.2013 um 09:29 Uhr) |
Themen zu ILIVIT was Nun? |
adblock, adobe, adobe flash player, application/pdf:, bho, classpnp.sys, defender, desktop, ebanking, explorer, firefox, flash player, format, google, hijack, hijackthis, home, ilivit !!, internet security 2013, kaspersky, kaspersky internet security 2013, langsam, logfile, nvidia, nvidia update, plug-in, programme, recycle.bin, registry, scan, security, senden, software, starmoney, tastatur, tracker, warum, windows |