| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HEUR:Exploit.Java.CVE-2012-0507.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2013, 15:57
| #31 |
 |  HEUR:Exploit.Java.CVE-2012-0507.gen Hallo hier die gewünschten Logs. JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Bathe Kai-Uwe on 19.03.2013 at 12:36:55,18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{9e131a93-eed7-4beb-b015-a0adb30b5646}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}
~~~ Registry Keys
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{000f18f2-09eb-4a59-82b2-5ae4184c39c3}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{000f18f2-09eb-4a59-82b2-5ae4184c39c3}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Bathe Kai-Uwe\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\firefox\profiles\jl0mzi20.default\user.js
Successfully deleted: [File] C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\firefox\profiles\jl0mzi20.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\firefox\profiles\jl0mzi20.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\firefox\profiles\jl0mzi20.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\firefox\profiles\jl0mzi20.default\extensions\crossriderapp5060@crossrider.com
Successfully deleted the following from C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\firefox\profiles\jl0mzi20.default\prefs.js
user_pref("CT2629906..clientLogIsEnabled", true);
user_pref("CT2629906..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2629906..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2629906.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2629906.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2629906.CTID", "CT2629906");
user_pref("CT2629906.CurrentServerDate", "23-9-2012");
user_pref("CT2629906.DialogsAlignMode", "LTR");
user_pref("CT2629906.DialogsGetterLastCheckTime", "Fri Sep 21 2012 15:52:14 GMT+0200");
user_pref("CT2629906.DownloadReferralCookieData", "");
user_pref("CT2629906.EMailNotifierPollDate", "Wed Jun 27 2012 22:29:54 GMT+0200");
user_pref("CT2629906.FirstServerDate", "16-4-2011");
user_pref("CT2629906.FirstTime", true);
user_pref("CT2629906.FirstTimeFF3", true);
user_pref("CT2629906.FixPageNotFoundErrors", true);
user_pref("CT2629906.GroupingServerCheckInterval", 1440);
user_pref("CT2629906.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2629906.HasUserGlobalKeys", true);
user_pref("CT2629906.HomePageProtectorEnabled", false);
user_pref("CT2629906.HomepageBeforeUnload", "hxxp://www.google.de/");
user_pref("CT2629906.Initialize", true);
user_pref("CT2629906.InitializeCommonPrefs", true);
user_pref("CT2629906.InstallationAndCookieDataSentCount", 3);
user_pref("CT2629906.InstallationId", "Integrated_CT2629906.exe");
user_pref("CT2629906.InstallationType", "ConduitIntegration");
user_pref("CT2629906.InstalledDate", "Sat Apr 16 2011 19:05:47 GMT+0200");
user_pref("CT2629906.InvalidateCache", false);
user_pref("CT2629906.IsAlertDBUpdated", true);
user_pref("CT2629906.IsGrouping", false);
user_pref("CT2629906.IsMulticommunity", false);
user_pref("CT2629906.IsOpenThankYouPage", false);
user_pref("CT2629906.IsOpenUninstallPage", true);
user_pref("CT2629906.LanguagePackLastCheckTime", "Sun Sep 23 2012 18:17:13 GMT+0200");
user_pref("CT2629906.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2629906.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2629906.LastLogin_3.14.1.0", "Fri Sep 21 2012 15:52:13 GMT+0200");
user_pref("CT2629906.LastLogin_3.15.1.0", "Sun Sep 23 2012 18:17:12 GMT+0200");
user_pref("CT2629906.LastLogin_3.2.2.0", "Wed Jun 27 2012 22:29:55 GMT+0200");
user_pref("CT2629906.LatestVersion", "3.14.1.0");
user_pref("CT2629906.Locale", "de");
user_pref("CT2629906.MCDetectTooltipHeight", "83");
user_pref("CT2629906.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2629906.MCDetectTooltipWidth", "295");
user_pref("CT2629906.MyStuffEnabledAtInstallation", true);
user_pref("CT2629906.RadioIsPodcast", false);
user_pref("CT2629906.RadioLastCheckTime", "Sun Sep 23 2012 18:17:13 GMT+0200");
user_pref("CT2629906.RadioLastUpdateIPServer", "3");
user_pref("CT2629906.RadioLastUpdateServer", "129185059414430000");
user_pref("CT2629906.RadioMediaID", "20622675");
user_pref("CT2629906.RadioMediaType", "Media Player");
user_pref("CT2629906.RadioMenuSelectedID", "EBRadioMenu_CT262990620622675");
user_pref("CT2629906.RadioShrinkedFromSetup", false);
user_pref("CT2629906.RadioStationName", "Sky.FM%20Classic%20Rap");
user_pref("CT2629906.RadioStationURL", "hxxp://sradio.tv/stream/572.m3u");
user_pref("CT2629906.SearchEngineBeforeUnload", "Ask.com");
user_pref("CT2629906.SearchFromAddressBarIsInit", true);
user_pref("CT2629906.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2629906&q=");
user_pref("CT2629906.SearchInNewTabEnabled", true);
user_pref("CT2629906.SearchInNewTabIntervalMM", 1440);
user_pref("CT2629906.SearchInNewTabLastCheckTime", "Sun Sep 23 2012 18:17:13 GMT+0200");
user_pref("CT2629906.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2629906.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2629906.SearchProtectorEnabled", false);
user_pref("CT2629906.SearchProtectorToolbarDisabled", false);
user_pref("CT2629906.ServiceMapLastCheckTime", "Sun Sep 23 2012 18:17:12 GMT+0200");
user_pref("CT2629906.SettingsLastCheckTime", "Sun Sep 23 2012 18:17:09 GMT+0200");
user_pref("CT2629906.SettingsLastUpdate", "1347287073");
user_pref("CT2629906.ThirdPartyComponentsInterval", 504);
user_pref("CT2629906.ThirdPartyComponentsLastCheck", "Thu Sep 13 2012 13:49:07 GMT+0200");
user_pref("CT2629906.ThirdPartyComponentsLastUpdate", "1331806000");
user_pref("CT2629906.ToolbarShrinkedFromSetup", false);
user_pref("CT2629906.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2629906");
user_pref("CT2629906.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2629906.UserID", "UN65694140045183081");
user_pref("CT2629906.WeatherNetwork", "");
user_pref("CT2629906.WeatherPollDate", "Sun Sep 23 2012 18:17:13 GMT+0200");
user_pref("CT2629906.WeatherUnit", "C");
user_pref("CT2629906.alertChannelId", "1022635");
user_pref("CT2629906.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2629906.globalFirstTimeInfoLastCheckTime", "Fri Sep 21 2012 15:52:14 GMT+0200");
user_pref("CT2629906.homepageProtectorEnableByLogin", true);
user_pref("CT2629906.initDone", true);
user_pref("CT2629906.isAppTrackingManagerOn", false);
user_pref("CT2629906.isFirstRadioInstallation", false);
user_pref("CT2629906.myStuffEnabled", true);
user_pref("CT2629906.myStuffPublihserMinWidth", 400);
user_pref("CT2629906.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2629906.myStuffServiceIntervalMM", 1440);
user_pref("CT2629906.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2629906.oldAppsList", "129184848041186558,129184848041342809,111,129291086503675739,129302310216225375,129399275905588303,129184966883220752,129184985473061901,10
user_pref("CT2629906.revertSettingsEnabled", true);
user_pref("CT2629906.searchProtectorDialogDelayInSec", 10);
user_pref("CT2629906.searchProtectorEnableByLogin", true);
user_pref("CT2629906.testingCtid", "");
user_pref("CT2629906.toolbarAppMetaDataLastCheckTime", "Sun Sep 23 2012 18:17:13 GMT+0200");
user_pref("CT2629906.toolbarContextMenuLastCheckTime", "Fri Sep 21 2012 15:52:14 GMT+0200");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2629906/CT2629906", "\"0208f8a224e9e074cc8b0b56ec1832772\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1022635/1018349/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2629906", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de", "oIwsta2spzadhjRgiY1Nhw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de", "WiZSpHJzJ/uTUKvfHHyj/w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de", "9H/gICSaMqbmx+Gd+8W4Sg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de", "eJfMrdrGnhGHiiPiYjgAww==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2629906", "\"f1c77625c0e9bd1c80a2fd6901845fa9\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2629906&octid=CT2629906", "\"1321973101\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2629906/CT2629906", "\"1321973101\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/equalizer_dead.gif", "\"0594c8b730c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/minimize.gif", "\"03dd14b630c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/play.gif", "\"0e68497830c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/stop.gif", "\"086aabd830c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/vol.gif", "\"066c1cd630c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6c9bfe644c7f5c2cde0c38573e0aacef\"");
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{0f369707-379f-46df-a5c5-d04390f3459b}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "funload.de");
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Bathe Kai-Uwe\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\jl0mzi20.default\\conduitCommon\\modules\\3.15.1.
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2629906");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{0f369707-379f-46df-a5c5-d04390f3459b}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "funload.de");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2629906");
user_pref("CommunityToolbar.ToolbarsList2", "CT2629906");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 27 2012 22:29:49 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 26 2012 23:26:34 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "6d894af3-f3c7-498e-9181-45dd62150a2e");
user_pref("CommunityToolbar.globalUserId", "7f254387-f9e5-4066-b9e2-5c70a6bd5b96");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.killedEngine", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Sep 21 2012 15:52:15 GMT+0200");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Sep 23 2012 18:17:25 GMT+0200");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Sep 23 2012 18:17:17 GMT+0200");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "0dbfcccf-cce6-4993-a2a1-f81215eb1ac9");
user_pref("CommunityToolbar.undefined", "");
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Claro Search");
user_pref("browser.search.order.1", "Claro Search");
user_pref("browser.search.selectedEngine", "Claro Search");
user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=114508&tt=4112_8&babsrc=HP_clro&mntrId=2432ee6d000000000000001f1fcdc1d5");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "tt=090212_ctrl");
user_pref("extensions.BabylonToolbar.bbDpng", 23);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "2432ee6d000000000000001f1fcdc1d5");
user_pref("extensions.BabylonToolbar.instlDay", "15386");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=109986&tt=090212_ctrl&babsrc=adbartrp&mntrId=2432ee6d000000000000001f1fcdc1d5&q=");
user_pref("extensions.BabylonToolbar.lastDP", 23);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:58:09");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 86977036);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:58:09");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "tt=090212_ctrl");
user_pref("extensions.BabylonToolbar_i.hardId", "2432ee6d000000000000001f1fcdc1d5");
user_pref("extensions.BabylonToolbar_i.id", "2432ee6d000000000000001f1fcdc1d5");
user_pref("extensions.BabylonToolbar_i.instlDay", "15386");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:58:09");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.apn_dbr", "ie_9.0.8112.16421");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "T8");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2012.06.26+13.41.40-toolbar008iad-DE-UGFkZXJib3JuLEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0218");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?AF=109986&tt=090212_ctrl&babsrc=adbartrp&mntrId=2432ee6d000000000000001f1fcdc1d5&q=");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "366e8ca9-fabb-44f7-9331-8ed7e71af9a6");
user_pref("extensions.asktb.hpr", "YES");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1340745981405");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.location", "Paderborn,Germany");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.nthp", "YES");
user_pref("extensions.asktb.nthp_prev", "1");
user_pref("extensions.asktb.o", "14670");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "2");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "9DA6BE36-33E6-4141-B665-92FC032F971E");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "26.06.2012 22:42:41");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.4.100013");
user_pref("extensions.asktb.version", "5.15.4.23821");
user_pref("extensions.asktb.volume", "");
user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,onlinegamesdownloader@gamesdownloader.net:2.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
user_pref("extensions.crossriderapp5060.adsOldValue", -1);
user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114508&tt=4112_8&babsrc=KW_clro&mntrId=2432ee6d000000000000001f1fcdc1d5&q=");
user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114508&tt=4112_8&babsrc=KW_clro&mntrId=2432ee6d000000000000001f1fcdc1d5&q=");
user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
user_pref("keyword.URL", "hxxp://www.claro-search.com/?affID=114508&tt=4112_8&babsrc=KW_clro&mntrId=2432ee6d000000000000001f1fcdc1d5&q=");
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Bathe Kai-Uwe\appdata\local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Successfully deleted: [Folder] C:\Users\Bathe Kai-Uwe\appdata\local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgafcinpmmpklohkojmllohdhomoefph
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 13:23:44,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 19/03/2013 um 14:35:59 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : Bathe Kai-Uwe - BATHEKAI-UWE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Bathe Kai-Uwe\Desktop\AdwCleaner2115.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Bathe Kai-Uwe\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Bathe Kai-Uwe\AppData\LocalLow\FoxyDeal
Ordner Gelöscht : C:\Users\Bathe Kai-Uwe\AppData\Roaming\FoxyDeal
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\Claro LTD
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\592dddbe169ea15
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\Software\Claro LTD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\592dddbe169ea15
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v13.0.1 (de)
Datei : C:\Users\Bathe Kai-Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\jl0mzi20.default\prefs.js
Gelöscht : user_pref("CT2629906.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2629906/CT2629906[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1022635/1018349/DE", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2629906", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2629906",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"84df7a85bec3b2[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2629906&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2629906/CT2629906[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/equalizer_dea[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/minimize.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/play.gif", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/stop.gif", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/vol.gif", "\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"6c9[...]
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Bathe Kai-Uwe\\AppData\\Roaming\\Mo[...]
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.2.0,ich@maltegoetz.de:1.4.2,linkfilter@[...]
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [15505 octets] - [19/03/2013 14:35:59]
########## EOF - C:\AdwCleaner[S1].txt - [15566 octets] ##########
|
|
19.03.2013, 15:59
| #32 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen Die beiden OTL Logs habe ich in der letzten Antwort vergessen deswegen poste ich sie hier.
__________________OTL: Code:
ATTFilter OTL logfile created on: 19.03.2013 15:35:47 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bathe Kai-Uwe\Desktop\Trojaner Board\OTL 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,43% Memory free 8,00 Gb Paging File | 6,04 Gb Available in Paging File | 75,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918,22 Gb Total Space | 505,04 Gb Free Space | 55,00% Space Free | Partition Type: NTFS Drive D: | 13,20 Gb Total Space | 2,35 Gb Free Space | 17,79% Space Free | Partition Type: NTFS Drive E: | 269,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BATHEKAI-UWE-PC | User Name: Bathe Kai-Uwe | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Users\Bathe Kai-Uwe\Desktop\Trojaner Board\OTL\OTL.exe (OldTimer Tools) PRC - C:\Users\Bathe Kai-Uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Users\Bathe Kai-Uwe\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft) PRC - C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\SYDATEC\Phoenix Backup Professional\pbtray.exe (SYDATEC) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe (Labtec Inc.) PRC - C:\Program Files (x86)\Labtec\WebCam10\WebCam10.exe () PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,) ========== Modules (No Company Name) ========== MOD - C:\Users\Bathe Kai-Uwe\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll () MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7d3a95d2123d5a7982a451f1319fab8d\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36b839247bd1d22a7fd014a74abe9729\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files (x86)\Samsung\Kies\Theme\Kies.Theme.dll () MOD - C:\Program Files (x86)\Samsung\Kies\Common\Kies.UI.dll () MOD - C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll () MOD - C:\Program Files (x86)\Samsung\Kies\MVVM\Kies.MVVM.dll () MOD - C:\Program Files (x86)\Samsung\Kies\Common\ASF_cSharpAPI.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll () MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () MOD - C:\Program Files (x86)\Labtec\WebCam10\LAppRes.dll () MOD - C:\Program Files (x86)\Labtec\WebCam10\WebCam10.exe () MOD - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) SRV - (mitsijm2011) -- C:\Programme\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe () SRV - (Realtek11nSU) -- C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Labtec Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH) DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys () DRV:64bit: - (PcaSp50) -- C:\Windows\SysNative\drivers\PcaSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Labtec Inc.) DRV:64bit: - (PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Labtec Inc.) DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\drivers\LVMVdrv.sys (Labtec Inc.) DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\drivers\LVCKap64.sys (Labtec Inc.) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{079DFAA1-762A-4C20-ADC9-F03C427ACFEA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{762E9D06-E269-41B0-9DE1-7FE6F005F7AF}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE:64bit: - HKLM\..\SearchScopes\{C44AFE91-ABF0-4701-B0C3-25D81ED33D20}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{079DFAA1-762A-4C20-ADC9-F03C427ACFEA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{762E9D06-E269-41B0-9DE1-7FE6F005F7AF}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\..\SearchScopes\{C44AFE91-ABF0-4701-B0C3-25D81ED33D20}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\..\SearchScopes\{079DFAA1-762A-4C20-ADC9-F03C427ACFEA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de IE - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\..\SearchScopes\{762E9D06-E269-41B0-9DE1-7FE6F005F7AF}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\..\SearchScopes\{C44AFE91-ABF0-4701-B0C3-25D81ED33D20}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\BATHEK~1\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Software Company) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bathe Kai-Uwe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bathe Kai-Uwe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 15:59:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 15:59:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 15:59:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 15:59:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 15:59:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 21:36:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.27 21:30:50 | 000,000,000 | ---D | M] [2011.01.14 17:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\Extensions [2013.03.19 13:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\Firefox\Profiles\jl0mzi20.default\extensions [2012.09.23 17:16:54 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\Firefox\Profiles\jl0mzi20.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2013.01.11 14:27:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\Firefox\Profiles\jl0mzi20.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.06.27 21:46:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\Firefox\Profiles\jl0mzi20.default\extensions\ich@maltegoetz.de [2011.02.03 19:33:31 | 000,000,000 | ---D | M] (Online Games Downloader) -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\Firefox\Profiles\jl0mzi20.default\extensions\onlinegamesdownloader@gamesdownloader.net [2013.01.11 14:26:47 | 000,804,627 | R--- | M] () (No name found) -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\mozilla\firefox\profiles\jl0mzi20.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.27 21:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.21 16:38:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.759.138\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION File not found (No name found) -- C:\USERS\BATHE KAI-UWE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL0MZI20.DEFAULT\EXTENSIONS\CROSSRIDERAPP5060@CROSSRIDER.COM [2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Application Manager (Enabled) = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bathe Kai-Uwe\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Anti-Banner = C:\Users\Bathe Kai-Uwe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013.03.15 17:20:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Flash Catcher) - {3AF255C7-8742-4B96-8971-1268EEE04974} - C:\Program Files (x86)\Online Games Downloader\SWFCatcher.dll (VTools) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (foxy) - {DAEB27B6-FFA6-417F-B060-C5413E6269AA} - C:\Users\Bathe Kai-Uwe\AppData\Roaming\foxydeal\IE\foxyDeal.dll File not found O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe () O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Labtec\WebCam10\WebCam10.exe () O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft) O4 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000..\Run: [Facebook Update] C:\Users\Bathe Kai-Uwe\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000..\Run: [Phoenix Backup] C:\PROGRA~2\SYDATEC\PHOENI~1\pbtray.exe (SYDATEC) O4 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Bathe Kai-Uwe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bathe Kai-Uwe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data] O7 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Video Converter... - C:\Program Files (x86)\Media Player Utilities 5.15\AVIConverter\grab.html () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Video Converter... - C:\Program Files (x86)\Media Player Utilities 5.15\AVIConverter\grab.html () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2771515313-2181166731-3815752651-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7180E873-3EF8-4CCF-8D40-C0BCF9718B1B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA751D41-C438-414C-8FA2-2D9A9A1B7A37}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA338F91-0C8C-46B5-9CC1-8FEDE9D4A240}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB8F240-84AC-48CD-AD0F-6D3FF164BD9B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.11.14 18:15:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [1997.09.25 10:00:00 | 000,000,507 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.03.16 00:05:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.16 00:04:31 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.15 18:49:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.15 17:20:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.03.15 16:40:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.15 16:23:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.15 16:23:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.15 16:23:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.15 16:23:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.15 16:22:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.15 03:06:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.15 03:06:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.15 03:06:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.15 03:06:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.15 03:06:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.15 03:06:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.15 03:06:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.15 03:06:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.15 03:06:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.15 03:06:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.15 03:06:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.15 03:06:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.15 03:06:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.15 03:06:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.15 03:06:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.15 03:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.15 03:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.15 03:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.06 18:05:11 | 000,000,000 | ---D | C] -- C:\Users\Bathe Kai-Uwe\AppData\Local\Unity [2013.03.05 23:42:16 | 000,000,000 | ---D | C] -- C:\Users\Bathe Kai-Uwe\Documents\surgeonsimulator2013_win [2013.02.19 13:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.18 14:09:52 | 000,000,000 | ---D | C] -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\LolClient [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.19 15:30:51 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.19 15:30:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.19 15:30:42 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.19 14:51:00 | 000,000,960 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771515313-2181166731-3815752651-1000UA.job [2013.03.19 14:48:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 14:48:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 14:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.19 14:40:20 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2013.03.19 14:37:40 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.19 12:21:07 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771515313-2181166731-3815752651-1000Core.job [2013.03.15 17:20:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.14 13:34:30 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.14 13:34:30 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.28 15:45:14 | 000,002,350 | ---- | M] () -- C:\Users\Bathe Kai-Uwe\Desktop\Sicherer Zahlungsverkehr.lnk [2013.02.22 20:21:28 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.22 20:21:28 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.22 20:21:28 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.22 20:21:28 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.22 20:21:28 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.17 23:24:02 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.19 14:36:10 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.15 16:23:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.15 16:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.15 16:23:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.15 16:23:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.15 16:23:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.17 23:24:02 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk [2012.06.26 15:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.02.28 16:36:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE [2011.12.16 15:47:47 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.12.16 15:47:43 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.13 15:02:16 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2011.11.29 19:57:14 | 000,017,408 | ---- | C] () -- C:\Users\Bathe Kai-Uwe\AppData\Local\WebpageIcons.db [2011.05.12 17:02:01 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2010.08.11 23:24:48 | 000,011,264 | ---- | C] () -- C:\Users\Bathe Kai-Uwe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.05 20:37:59 | 000,000,000 | ---- | C] () -- C:\Users\Bathe Kai-Uwe\AppData\Roaming\wklnhst.dat [2009.12.27 19:00:06 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:8AB6C1D7 < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 15:35:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bathe Kai-Uwe\Desktop\Trojaner Board\OTL
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,43% Memory free
8,00 Gb Paging File | 6,04 Gb Available in Paging File | 75,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918,22 Gb Total Space | 505,04 Gb Free Space | 55,00% Space Free | Partition Type: NTFS
Drive D: | 13,20 Gb Total Space | 2,35 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive E: | 269,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: BATHEKAI-UWE-PC | User Name: Bathe Kai-Uwe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-2771515313-2181166731-3815752651-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1612B7AE-A2D9-4851-B4EA-1E9692C97BFD}" = rport=138 | protocol=17 | dir=out | app=system |
"{20B101B7-AA0F-439D-BB32-8DDD30C3900F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{341C2D0E-7A19-4EC5-A078-E84FF4CE906A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DE57676-67EF-4CF1-BDCC-CEAF3126387E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DEAFAB7-DF50-40ED-A0A6-1401C4B3AEAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{656BAA53-208C-4CD7-A462-63543530492C}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{6D831A52-467A-4B61-AD6C-5EE11ADF5028}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{7150A822-7757-4CAA-BC15-39326BDCA889}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E652DCA-9A02-4779-8458-21AFC950060B}" = rport=445 | protocol=6 | dir=out | app=system |
"{907700B4-C4D6-442D-AE78-ED8D18450810}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98C9A637-7DD9-4328-89A5-158B956F06DC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9C122CB2-B331-4E60-84CD-472AC4B5EAF2}" = rport=137 | protocol=17 | dir=out | app=system |
"{A57B5C0E-EF7B-4C95-AAAC-125BC6A86ABB}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{AF16444D-9CA5-47C5-A6D1-A5F08432EFC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C1CF54EA-2FCF-4F07-A865-0051F23F7D8D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C646373F-BEAA-46B4-ADCE-B05011D93BAF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C8806733-8843-4D56-A7F1-AFDEB6D50AEA}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{CDC07D77-D4FC-4945-AF27-E5C9175B6EC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0C2FA72-18B6-419B-AFFD-793FF00D861C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5D294F9-0CE1-4797-A6C8-A58317069616}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1AE0E6B-8CF3-4420-9757-1A8827B3BC71}" = lport=139 | protocol=6 | dir=in | app=system |
"{E3051A34-60CA-44E8-9DC3-EDCE9202BE2C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E4890061-C4DD-4E51-8C58-70795CD42B5B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA44CCB4-DB95-495C-A35C-5ADB9B0C86C5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB420821-2E48-47E8-9D11-E612E8ECA7D4}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE6A791F-BCDE-4230-B705-199F623A1681}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F02306E9-4D4F-45BA-A6C5-C533CE02E0A7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{F1AD55D9-A86E-484A-896F-93FCA805E391}" = lport=137 | protocol=17 | dir=in | app=system |
"{F945EE55-69C8-4004-8FE0-509DC0C62B1E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A7DF9E-33B5-4131-8077-23A40CFDC17D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{065D5BBD-6DC5-453F-B46E-545A1F6E5765}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{0716DAFA-3B7F-4EB0-BEE0-BA7DF7ADA057}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0927A642-E8BC-4003-B188-63F601067A90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{099ED599-D526-4EED-816B-6C304FA23E34}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{10E33252-8921-4DA9-BC9E-9BADED62BA41}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{112CAF25-FB43-4640-AA59-C65BC07768DE}" = dir=in | app=c:\users\bathe kai-uwe\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1542C08C-CB69-4DEF-86E4-EEE8BE06A45F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2070F979-E29C-4A55-BB90-8300FEB6C726}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{209B1E30-A5CB-4438-9C23-CDEE88F6D9A6}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{2693396C-68F2-4989-86DA-07E7ED4EA349}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2A1D4453-D401-43F1-AA2B-78402F1ED5E5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2D5D2E27-A80C-4C9A-AC5C-8F5EFDE0D74E}" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"{2EDECCBA-A772-4A57-9F98-3336B72991AC}" = protocol=6 | dir=out | app=system |
"{3104DBBF-8017-499F-A215-9BE98B57CF9F}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{31231862-A8BF-480A-A396-902AECACA3F7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{35756D80-BEC1-4974-8B97-68A64E1CC0E2}" = protocol=17 | dir=in | app=c:\program files (x86)\edimax\11n usb wireless lan utility\rtwlan.exe |
"{3DE21277-2B93-48B9-9550-28F335B42168}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4127969F-23FC-41E1-945C-C608D931EF31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{450B3FD3-3CB3-4F0D-BFEB-B2DA03E3C5A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4553DDDE-7CF0-44E0-8B34-2175C4BBE079}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{45DA80EB-528D-47D2-BA00-E9BA6E911637}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{49ACE8DA-FF8E-4F83-97BC-D9FEEA473551}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AED8886-7DFC-46D2-AF2F-6894705AAC7A}" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\appdata\roaming\dropbox\bin\dropbox.exe |
"{4CC6255E-403E-4AA8-940D-CE01A9791E0B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{54291BB4-3EBC-4663-BBF1-2A21ED995C35}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{6170F03F-B89E-4919-871F-3F00B0C9276A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{62E4C9BE-8049-465A-8E2E-EC39E1F7F9F7}" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\appdata\roaming\dropbox\bin\dropbox.exe |
"{62E9729B-6A92-4C8D-9037-EC61CAEE8BD0}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{65391E1E-03D0-4579-AA51-08FDAF8060C3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{672B70A2-B301-4042-A559-7C8B9521959C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{687C280B-AAF1-40C4-A401-48073099723D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6B85C5EC-5969-4326-A83A-41D7DBDAA0B6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{7E3C6C30-EE9D-4C2C-BB64-03AB25159E55}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{85004FD4-8B48-495C-A56C-262E5261EE60}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{85A55047-0D9B-4DAE-8B92-0AF6F752B46F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{87952AC4-930F-414F-BB18-D7FFDB082859}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{879D7345-B027-42F7-B286-6A2E00DBE961}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{884E4DF9-08D0-44B1-A638-817B704B90A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89F0ACCC-076C-4958-B802-71B3481A0209}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8DA8CEEA-35DE-4EE7-ACCE-53CADD76F9D5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{A2E825E8-23C4-40DC-BDD9-A59A89ECEDF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{A5989434-B5E5-4A39-9909-5AA933A744FD}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{A5B5B53F-5F2D-4343-9770-0C56ED1F3A8E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{AD174F74-806C-4D55-B86D-EB1F094D432D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AD8DDDB9-3A2D-46F3-8F61-214548F0E522}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{AEE7D9A7-1108-4BBB-8E70-B6CBACCEB9AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8663DA2-0816-4BE0-9507-4F300F76DD3D}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B94CFE18-72AA-4804-86D8-AA30E1C0AD3E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\bin\qsdklauncher.exe |
"{B9BAB288-DC01-4560-A7DC-A114B1CAD6DB}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B9D124C8-1B17-4B89-8A41-3B4618E405AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB5263C6-727E-4ED2-B38F-BEA45EBF14FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C353DC20-EEAC-4A71-92F6-B526EA5E85E6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C4EB77CB-8519-4BC2-854A-0F6980493984}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{C51424C6-92E5-48D1-84F3-71D2856C7384}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sourcefilmmaker\game\sfm.exe |
"{C67A3C4D-82EE-4055-A2C2-4A142950B603}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CBFD0BDB-5AA3-4E4C-8FED-AD4B6C8A2B53}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CDB455E1-2D31-4B84-A9B9-F8D7B9D85770}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CED2CC59-4664-41D1-ABB5-0F5AAC16E0CF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CF0F3301-5D78-452C-9FF2-689FB81F00FB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D1CB45A6-6537-4EEE-9407-454138069878}" = protocol=6 | dir=in | app=c:\program files (x86)\edimax\11n usb wireless lan utility\rtwlan.exe |
"{D443B965-15F7-4A37-ABC5-DCF476782DE9}" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"{DA39384B-0F3F-4FF3-A883-15E19D82C9D7}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{DB8459E9-D359-4AC5-9A64-C2ADFF1F1F61}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DD7200D7-8247-4A3E-BFE7-D3890CDC97D1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E00AF078-960A-4658-869D-3435478B6922}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{E033D797-FEC4-4696-A1E8-6F6BD3AF680A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0AFC442-4348-4201-83A6-824CCEC0B3CA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{E7356214-4826-4E21-9C88-0D1DC6955AC7}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{EE0A02E9-6EBE-4B88-A903-1AADE6685A1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE1C68E5-C1DE-48A0-AD33-91504B8D2AFD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{EFABF1F6-B304-4D90-B0CD-A70FFD174AFC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F72A0607-7E72-4F82-B1A4-3608F01F7260}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{FCB0E7A5-2188-4516-B248-1C76167167C1}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FE81DF56-FA5F-4555-8640-7F7C2EEC1334}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{05C68EE3-0B20-4C3D-9843-83C584FD821B}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{079630A4-6793-410B-954C-7723E98B4190}H:\spiele\cod4\iw3mp.exe" = protocol=6 | dir=in | app=h:\spiele\cod4\iw3mp.exe |
"TCP Query User{0D58ECF7-5B37-4D04-93E5-C571E5F2C39C}E:\rct.exe" = protocol=6 | dir=in | app=e:\rct.exe |
"TCP Query User{0E2335D7-F4AD-4CB6-B90F-8744F344F02A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{1827A3B6-715B-4820-B740-17B8485C0EF4}C:\users\bathe kai-uwe\desktop\kuba\spiele\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\empire interactive\flatout2\flatout2.exe |
"TCP Query User{1A858949-61DC-4EFB-A276-5401C02B040F}G:\counterstrike source\hl2.exe" = protocol=6 | dir=in | app=g:\counterstrike source\hl2.exe |
"TCP Query User{1EA52812-718B-478F-8989-612989089839}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{2542E852-AC01-4F5D-804F-9BEB51C4E3F3}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{285305E5-0A3E-4559-96A1-FCA8AB6830B9}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"TCP Query User{29FB79F4-5AC6-4E3D-BAF0-6DED111B763A}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"TCP Query User{2D707CD0-C15C-4CE1-9261-A3446B51CE0E}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare\iw3mp.exe |
"TCP Query User{336F8EBD-73BF-4D71-A586-D4CC98C0324F}C:\users\bathe kai-uwe\desktop\kuba\spiele\left 4 dead\srcds.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\left 4 dead\srcds.exe |
"TCP Query User{3FE18AF9-514B-488A-AD2D-962CA0DD35D2}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{483EF46C-6891-4326-9D5E-0E36159E8F01}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{492919C1-B200-46BA-97C8-E6C99248129F}C:\users\bathe kai-uwe\desktop\deer hunter 2005\dh2005.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\deer hunter 2005\dh2005.exe |
"TCP Query User{49884BD9-B217-44C6-ADC2-C8D348D46422}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{51E5A9BE-E4FA-47FA-B110-1B5188271A64}C:\program files (x86)\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"TCP Query User{70716499-0EB9-4773-8EAC-6C5773749C36}C:\program files (x86)\warsow 0.6\warsow_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warsow 0.6\warsow_x64.exe |
"TCP Query User{75E54C98-7B30-4700-AB2C-4D025C08E0BB}C:\program files (x86)\warsow 0.6\warsow_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warsow 0.6\warsow_x64.exe |
"TCP Query User{7B9EF784-F65C-40D6-B7D6-C5C9421E2BD3}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
"TCP Query User{80A00318-9F3C-453D-B982-CF7EE61936B7}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{8AB65694-CCF6-498F-A8E9-EA0B94986AA2}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{8AD17895-E3F7-4453-B87C-FEC4ACC48216}H:\spiele\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=h:\spiele\left 4 dead 2\left4dead2.exe |
"TCP Query User{92547B9B-C7F6-4A73-A6D3-8EB1217CD122}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer\call of duty 4\setup\data\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer\call of duty 4\setup\data\iw3mp.exe |
"TCP Query User{97263EBC-FAC6-4BF6-8E7D-E028BA9A5E4D}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare\iw3mp.exe |
"TCP Query User{984DC5FB-EFAB-4F94-B871-C3E1660BC128}C:\users\bathe kai-uwe\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{9E0762C3-065A-43E0-836D-0C9DAE262F0D}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer\call of duty 4\setup\data\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer\call of duty 4\setup\data\iw3mp.exe |
"TCP Query User{A13C97D2-37FD-4B57-8E1F-590008119F1F}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"TCP Query User{A747F680-3152-4C98-B989-2BDF458013F7}C:\users\bathe kai-uwe\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"TCP Query User{B13AE649-C277-43C2-A73F-764A03BCCF72}C:\users\bathe kai-uwe\desktop\counterstrike source 2\hl2.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\counterstrike source 2\hl2.exe |
"TCP Query User{B23EF7EF-AFBC-4751-95E3-1AF9A9652C72}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{B64AC637-7830-4CB9-AD84-0A9F7047706B}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty black ops\call of duty black ops.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty black ops\call of duty black ops.exe |
"TCP Query User{BB2E90C8-90F8-437A-B3F1-43AC3BAA57C3}C:\users\bathe kai-uwe\desktop\kuba\spiele\quake\quake3.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\quake\quake3.exe |
"TCP Query User{BC58E24D-1127-4684-AB40-068F7768CFF2}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer 2\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer 2\iw3mp.exe |
"TCP Query User{C3F9DAA9-E221-4FAE-B82F-15FE68A0405B}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{C50DF638-0A03-4ABC-B7A5-F78236CB0BD9}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty black ops\blackopsmp.exe |
"TCP Query User{CDC340C4-A5A6-4055-87A7-D3A888D9873E}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"TCP Query User{D01DCC47-F41D-4EB5-9C4F-464A39B2A143}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{D0A64ED8-D272-4F5D-B4E2-FAA6D66FD258}C:\users\bathe kai-uwe\appdata\local\temp\rarsfx0\hl.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\appdata\local\temp\rarsfx0\hl.exe |
"TCP Query User{D6734850-1FE5-446B-AD71-4EE5DEE627B8}C:\users\bathe kai-uwe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DC966EB7-FC76-4547-9A4A-B8F95264C563}C:\users\bathe kai-uwe\desktop\cod\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\cod\iw3mp.exe |
"TCP Query User{E3D2E155-D8F5-45D7-8981-F25B98DCF58A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{EA5668E6-12DB-44A7-AC65-BA27AB8A2BA0}C:\users\bathe kai-uwe\desktop\quake\quake3.exe" = protocol=6 | dir=in | app=c:\users\bathe kai-uwe\desktop\quake\quake3.exe |
"TCP Query User{F9B762C5-1B9A-4666-B81E-C8EF3BF0A2A0}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{FB13B9FB-C0EF-41AD-8FD7-9CBE456372F6}C:\program files (x86)\clonk rage\clonk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\clonk rage\clonk.exe |
"UDP Query User{01D1E5B6-ABCA-4DC3-8F35-AF74DBB58F6D}C:\program files (x86)\warsow 0.6\warsow_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warsow 0.6\warsow_x64.exe |
"UDP Query User{0FBA8608-AE87-4C1D-B991-F23037AF5334}H:\spiele\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=h:\spiele\left 4 dead 2\left4dead2.exe |
"UDP Query User{10EDDB29-3C69-4ED7-84F6-FFCF8B0066C8}G:\counterstrike source\hl2.exe" = protocol=17 | dir=in | app=g:\counterstrike source\hl2.exe |
"UDP Query User{14661AD5-4646-46DE-831E-979515613AE3}C:\users\bathe kai-uwe\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\appdata\local\temp\fritz!wlan repeater 300e\fsetup.exe |
"UDP Query User{14BA0A45-2A27-4FC5-A0C5-8E423FBC9DB7}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer 2\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer 2\iw3mp.exe |
"UDP Query User{1A6DCAC9-7F83-44C1-A66F-87BE3E4CBD6D}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{1AD0EB6C-F9E4-463E-946B-9460C6B04BA9}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty black ops\blackopsmp.exe |
"UDP Query User{22FBE224-D738-42D4-9102-0A98FC0D3E46}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{271E7831-5E6D-4886-B261-893813B37543}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{2BDAA604-A253-4A7C-9BF4-542E3EDA92B6}E:\rct.exe" = protocol=17 | dir=in | app=e:\rct.exe |
"UDP Query User{2DA354E6-298D-4E43-BEA8-8392AE6DB001}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{39C0377A-6B41-4CDB-AAB8-29523F75B0B9}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{3B7FBEC7-DD7C-4F7D-AC57-26DB141F377E}C:\users\bathe kai-uwe\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{3F66F29A-E6B4-4AD9-BC6B-C7226FC65D9B}C:\program files (x86)\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"UDP Query User{43466C28-8227-46B1-8CB6-C1E00A3448B3}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer\call of duty 4\setup\data\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer\call of duty 4\setup\data\iw3mp.exe |
"UDP Query User{45F13853-E958-43F2-AF95-482828E6CA72}C:\users\bathe kai-uwe\appdata\local\temp\rarsfx0\hl.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\appdata\local\temp\rarsfx0\hl.exe |
"UDP Query User{471D1D2E-F4C1-47C2-A808-72AE23B802FA}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"UDP Query User{50658E00-14D8-46DC-8CBD-B673463E2275}C:\users\bathe kai-uwe\desktop\deer hunter 2005\dh2005.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\deer hunter 2005\dh2005.exe |
"UDP Query User{52896D1E-0D76-4F79-9E8F-07ADE8A982B0}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{550AE906-39EC-4211-B11C-BA8A4C8E2347}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{5C196403-D199-46AD-BBE6-BDA57F00F335}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{614A5F0F-86A4-4A0D-9C2C-F4C67DC091B9}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{63C58721-2CF8-4284-BCC3-95C46360C0C9}C:\users\bathe kai-uwe\desktop\quake\quake3.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\quake\quake3.exe |
"UDP Query User{64741C10-9CD0-4038-87D3-A8A1C3340B41}C:\users\bathe kai-uwe\desktop\kuba\spiele\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\empire interactive\flatout2\flatout2.exe |
"UDP Query User{719E5ADA-E642-4F87-A753-7849C794DCC7}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty black ops\call of duty black ops.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty black ops\call of duty black ops.exe |
"UDP Query User{71B230F2-D651-4908-AAE5-979C4DA9A5DF}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare\iw3mp.exe |
"UDP Query User{7591FA47-22C1-45CD-8756-7DD971A00E78}C:\users\bathe kai-uwe\desktop\kuba\spiele\left 4 dead\srcds.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\left 4 dead\srcds.exe |
"UDP Query User{832AE895-3C43-4275-B0C7-E6A5CF0E3D02}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |
"UDP Query User{9531D461-0EBE-4BD1-9E65-3416064716D6}C:\program files (x86)\clonk rage\clonk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\clonk rage\clonk.exe |
"UDP Query User{9C33CD95-ABCA-41FA-83C6-4675A085E9AC}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{A0B218A9-170C-436B-8F60-5EC8FF090C08}C:\users\bathe kai-uwe\desktop\kuba\spiele\quake\quake3.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\quake\quake3.exe |
"UDP Query User{A7BA58C2-DAF9-4DE8-86CB-336D00CDD509}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{AD58488D-EA15-4B32-BBB7-6ADCC2B0FEF1}C:\users\bathe kai-uwe\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{B02365E0-5E29-47E5-A41C-C4261F3C13C6}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare\iw3mp.exe |
"UDP Query User{C01AEFC4-E73F-4291-9A15-E5D01F2A1BCB}C:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{C53C812F-1AA0-4E3F-A4E5-546017F5F9BF}C:\program files (x86)\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike source\hl2.exe |
"UDP Query User{C61B36FF-D530-442E-B698-B857D69B4392}C:\program files (x86)\warsow 0.6\warsow_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warsow 0.6\warsow_x64.exe |
"UDP Query User{C6679719-1A94-4EB6-B7CB-683166487E05}C:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer\call of duty 4\setup\data\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\kuba\spiele\call of duty modern warfare multiplayer\call of duty 4\setup\data\iw3mp.exe |
"UDP Query User{CBD6BCAF-221D-4713-80CB-9EB84E3900B2}H:\spiele\cod4\iw3mp.exe" = protocol=17 | dir=in | app=h:\spiele\cod4\iw3mp.exe |
"UDP Query User{D2C72FE7-7ADF-4814-A333-A952DDB23EC9}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{D313E836-665B-4901-A687-620C7CAA7072}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{DA191340-AAF1-4181-9388-66316C71096C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{E11E9278-D126-473D-B7FA-E82FE8B38970}C:\users\bathe kai-uwe\desktop\counterstrike source 2\hl2.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\counterstrike source 2\hl2.exe |
"UDP Query User{F3F44C61-E8E7-4FF3-BC7F-DF47A82C60E7}C:\users\bathe kai-uwe\desktop\cod\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\bathe kai-uwe\desktop\cod\iw3mp.exe |
"UDP Query User{FFC6948A-2667-4B3C-ABA5-9756F3228BDC}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88C7AEBE-7C64-49B6-AC85-EA19DCD08E89}" = Logitech Audio Echo Cancellation Component for 64-bit Windows
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0E1D8C3-099F-4705-B4D8-54E0A969B354}" = MVisn64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E601CC5B-6D8F-11DE-4E95-3FE0187790C9}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F4934901-B3C8-9918-F018-2D68F94B380E}" = ATI Catalyst Install Manager
"{FA4DA5D7-5140-4024-BADD-FCB540833E5D}" = Labtec WebCam
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"DWG TrueView 2011" = DWG TrueView 2011
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardwarediagnosetools
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0304767D-5AF0-A6EF-5774-6E0D7A42687A}" = CCC Help Polish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0BF4F0C7-8074-4D37-9650-DBB893670B9A}" = CCC Help English
"{0C747AF8-6910-ED23-4E6B-A198FC5A592B}" = CCC Help Thai
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BD84D49-F8D4-C48B-44C3-454B886B996F}" = CCC Help Swedish
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{230C2422-DEBC-3592-9543-70A3929FBACC}" = CCC Help Danish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.61
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2B929487-3B32-7115-8CDB-B2209464B6A9}" = CCC Help Norwegian
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3EEF7D9E-9650-4335-A41B-A693CB57A496}" = Foxit Reader
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54625876-FFA9-CDD4-AE9F-F229CE6F1CFC}" = CCC Help Czech
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ED619AE-AF12-0038-32BA-A56C1C1684ED}" = Catalyst Control Center Graphics Full New
"{5EE3FC44-D3B4-DBEF-13C9-DDC0DC8DB5C0}" = CCC Help Greek
"{5F669C27-AD76-5EF1-5DD0-B4F39DDABF82}" = CCC Help Russian
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{646BCF4C-9014-1D5B-194C-AE7E5234E173}" = Catalyst Control Center Graphics Full Existing
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6E5734E9-30D4-2912-A273-3EA6A8D38A4C}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73430D70-34AB-4E6A-93C7-D905FD96F997}_is1" = CLICK & LEARN DiDi 360° 1.2
"{73CFF804-031A-145F-B4B1-54DBADE4BF5A}" = Catalyst Control Center Core Implementation
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7619C9D8-BC52-F5A0-B184-56F1BCA8FDCD}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80D881D9-2241-FDB2-917B-754D27B1711A}" = CCC Help Portuguese
"{812E1043-3795-2164-8607-FBF53B045EC5}" = CCC Help Turkish
"{854FC493-0A42-A237-ADE7-59FDEEAD444D}" = CCC Help Dutch
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88661107-C9FE-F236-5885-BD043F43C290}" = CCC Help Italian
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = Media Player Utilities 5.15
"{8F35D245-64DC-6231-F394-F1C70B1879E2}" = CCC Help French
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{94BB375E-E8DC-555A-EC06-4BF1E1641E6F}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9AE27CE5-2442-EEA6-1D66-ED8D95E2EDF6}" = HydraVision
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Edimax Wireless LAN Driver and Utility
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A3698519-6043-889E-F219-3434BBD87A44}" = CCC Help Japanese
"{A4AA1A93-DFB5-4726-9522-B054EF1A456A}" = Catalyst Control Center - Branding
"{A7AA93B6-6909-4073-B4EC-45CCDEFD4665}" = NHL® 08
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE41A33E-C9B5-47FE-9586-9D47B43E73B5}" = CCC Help Chinese Standard
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{B5F30211-27A0-C178-8D76-D838572EDEBD}" = ccc-core-static
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE7855E6-B7C8-2E8E-9C10-EE996978A644}" = CCC Help Chinese Traditional
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DC792B88-128D-0DF8-B8E0-86369110C15F}" = Catalyst Control Center Graphics Light
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{E1A278B7-38E9-25B7-248A-2D233D9A5104}" = CCC Help Hungarian
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E6930026-9C0D-8D0E-B5A0-B434B6FB9940}" = CCC Help Finnish
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA0D9E39-87E0-A1AD-8059-17090989C403}" = Catalyst Control Center HydraVision Full
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED89ADF0-7BA1-5B34-CFA1-203BEFB298C0}" = Catalyst Control Center Localization All
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F55C356C-2B50-BC6F-3221-56E4A46E1A90}" = CCC Help Spanish
"{FE8E1858-8E73-4ACD-0001-393419DB8F1B}" = MyTube BigPack 4 HD
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires" = Microsoft Age of Empires
"Any Video Converter_is1" = Any Video Converter 3.0.7
"aTube Catcher" = aTube Catcher
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"AVMWLANCLI" = AVM FRITZ!WLAN
"Clonk Planet" = Clonk Planet
"Clonk Rage" = Clonk Rage
"Counter-Strike: Source" = Counter-Strike: Source
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EasyBits Magic Desktop" = Magic Desktop
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Google Chrome" = Google Chrome
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Remote Solution" = HP Remote Solution
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Online Games Downloader_is1" = Online Games Downloader v2.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PhotoScape" = PhotoScape
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"QcDrv" = Labtec® Camera-Treiber
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Steam App 218" = Source SDK Base 2007
"SuperTux_is1" = SuperTux 0.1.3
"TeamViewer 7" = TeamViewer 7
"TmNationsForever_is1" = TmNationsForever
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.1
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2771515313-2181166731-3815752651-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{BF34527D-7B27-43AD-9994-7B3ABCEF3625}" = Phoenix Backup Professional
"Dropbox" = Dropbox
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2013 09:35:34 | Computer Name = BatheKai-Uwe-PC | Source = Application Hang | ID = 1002
Description = Programm AdwCleaner2115.exe, Version 2.1.1.5 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1312c Startzeit: 01ce24a64e655570 Endzeit: 0 Anwendungspfad:
C:\Users\Bathe Kai-Uwe\Desktop\adw\AdwCleaner2115.exe Berichts-ID:
Error - 19.03.2013 10:10:12 | Computer Name = BatheKai-Uwe-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
[ OSession Events ]
Error - 02.09.2012 14:20:10 | Computer Name = BatheKai-Uwe-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.03.2013 09:00:18 | Computer Name = BatheKai-Uwe-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
19.03.2013, 16:25
| #33 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | HEUR:Exploit.Java.CVE-2012-0507.gen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
|
20.03.2013, 21:57
| #34 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen Hallo hier schonmal der Bericht von mbar, der Log von ESET dauert noch der läuft mittlerweile 6 Stunden. Ist das normal? Auf jeden Fall ist er bei 99% und hat noch nichts gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.19.08
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bathe Kai-Uwe :: BATHEKAI-UWE-PC [administrator]
19.03.2013 18:17:03
mbar-log-2013-03-19 (18-17-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 35016
Time elapsed: 41 minute(s), 31 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\Windows\Installer\MSI1A83.tmp (Trojan.BHO) -> Delete on reboot.
c:\Windows\Installer\MSI3B02.tmp (Trojan.BHO) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.19.08
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Bathe Kai-Uwe :: BATHEKAI-UWE-PC [administrator]
20.03.2013 20:36:48
mbar-log-2013-03-20 (20-36-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 35023
Time elapsed: 32 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f97fa7c141d1e840bd10769070438c25
# engine=13429
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-19 10:09:11
# local_time=2013-03-19 11:09:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1286 16777214 100 99 15923 18497273 0 0
# compatibility_mode=5893 16776573 100 94 19246 115360801 0 0
# scanned=38738
# found=0
# cleaned=0
# scan_time=15220
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f97fa7c141d1e840bd10769070438c25
# engine=13437
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-21 05:34:26
# local_time=2013-03-21 06:34:26 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1286 16777214 100 99 172238 18653588 0 0
# compatibility_mode=5893 16776573 100 94 175561 115517116 0 0
# scanned=501170
# found=7
# cleaned=0
# scan_time=9271
sh=91832E8575811F7411A9BBFA82E25CC9AD86C6DB ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\Bathe Kai-Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1H916HCX\v-464532[1].htm"
sh=91832E8575811F7411A9BBFA82E25CC9AD86C6DB ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\Bathe Kai-Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2V6GS9YN\v-464532[1].htm"
sh=C78E205D5E93616262F35D6D08F7AA99C0743D5D ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\Bathe Kai-Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9AFHRI04\v-465067[1].htm"
sh=CCC5AF0B5C645E3AF54D2C7AF3375FD90D27F032 ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\Bathe Kai-Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PLFBME77\v-460048[1].htm"
sh=C78E205D5E93616262F35D6D08F7AA99C0743D5D ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\Bathe Kai-Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UNZ00DKL\v-465067[1].htm"
sh=91832E8575811F7411A9BBFA82E25CC9AD86C6DB ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\Bathe Kai-Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y2NIQFSO\v-464532[1].htm"
sh=C78E205D5E93616262F35D6D08F7AA99C0743D5D ft=0 fh=0000000000000000 vn="JS/TrojanDownloader.Iframe.NKE trojan" ac=I fn="C:\Users\Bathe Kai-Uwe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y2NIQFSO\v-465067[1].htm"
|
|
24.03.2013, 02:09
| #35 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen Schön dass du MBAR nochmal gestartetet hast, lieber wär mir aber malwarebytes Anti-Malware gewesen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2013, 14:00
| #36 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen Okay, habe mich da wohl etwas verlesen. Hier ist das Log von mbam. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.24.04 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Bathe Kai-Uwe :: BATHEKAI-UWE-PC [Administrator] 24.03.2013 13:54:28 mbam-log-2013-03-24 (13-54-28).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 223399 Laufzeit: 3 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
24.03.2013, 14:24
| #37 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen Ok, also nur Reste in temp, bitte mit TFC leeren: TFC - Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2013, 15:49
| #38 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen Wird mit dem Programm auch ein Log erstellt, denn ich habe keines gefunden. mfg Dr.Eps |
|
24.03.2013, 17:02
| #39 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen Nein ich brauch kein Log Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2013, 22:13
| #40 |
| | HEUR:Exploit.Java.CVE-2012-0507.gen Ich denke das jetzt alles in Ordnung ist. Ich werde die Tage nochmal Kaspersky laufen lassen und dann meld ich mich nochmal. An dieser Stelle möchte ich mich ganz herzlich für deine Hilfe und Unterstützung bei meinem Problem danken. Ich finde es wirklich erstaunlich wie viel Zeit und arbeit hier investiert wird um Menschen mit Problemen zu helfen. Macht weiter so  .mfg Dr.Eps |
|
25.03.2013, 15:26
| #41 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | HEUR:Exploit.Java.CVE-2012-0507.gen Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu HEUR:Exploit.Java.CVE-2012-0507.gen |
| abend, ahnung, antwort, compu, computer, computern, durchgeführt, erstell, forum, gefunde, google, guten, heur, heur:exploit.java.cve-2012-0507.gen, heute, hoffe, informieren, kaspersky, neues, programm, scan, thema, troja, trojaner, versuch, versucht, virenscan |
Linear-Darstellung
