| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google redirect (unerwünschte Umleitungen auf andere Seiten)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2013, 23:11
| #1 |
 |  Google redirect (unerwünschte Umleitungen auf andere Seiten) Hallo Bei der Suche mit Google werde ich auf unerwünschte Seiten umgeleitet. Firefox habe ich bereits neu installiert. Seit mehreren Abenden versuche ich mit verschiedenen Malware-Programmen diesen Virus zu entfernen, ohne Erfolg. McAfee Total Protection hat trotz entsprechenden Schutz nicht gewirkt, auch ein Scan hat keine Viren erkannt. OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/9/2013 9:33:29 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**********\Desktop\Trojaner Board 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 3.75 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 34.81% Memory free 7.49 Gb Paging File | 5.12 Gb Available in Paging File | 68.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452.97 Gb Total Space | 299.74 Gb Free Space | 66.17% Space Free | Partition Type: NTFS Computer Name: ANDREAUTHOMAS | User Name: ********** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\**********\Desktop\Trojaner Board\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\OLYMPUS\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony) PRC - C:\Windows\SysWOW64\mmrtkrnl.exe (AlcaTech) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) PRC - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (LaCieDesktopManagerService) -- C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe () SRV:64bit: - (ePowerSvc) -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Updater Service) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe (McAfee, Inc.) SRV - (McAWFwk) -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.) DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.) DRV:64bit: - (McPvDrv) -- C:\Windows\SysNative\drivers\McPvDrv.sys (McAfee, Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (OXSDIDRV_x64) -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747 IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..\SearchScopes\{DA114767-4E4F-490B-83B3-F22ECAE3C9B3}: "URL" = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/" FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/22 16:52:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/02/01 15:43:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 17:20:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/19 12:54:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/12 12:23:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/11 12:13:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/22 16:52:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/12 12:23:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/12/27 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Extensions [2010/12/27 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013/02/04 19:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\Firefox\Profiles\t3j1ljzl.default\extensions [2013/01/29 21:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/02/06 11:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions [2013/02/06 11:56:06 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/02/01 15:43:05 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2013/02/06 17:20:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013/01/17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/01/17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2007/07/26 12:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml [2013/01/17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013/01/17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/09/21 17:13:09 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2013/01/17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013/01/17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - Extension: SiteAdvisor = C:\Users\**********\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2:64bit: - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Program Files (x86)\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LaCie Desktop Manager Launcher] "C:\Program Files\LaCie\Desktop Manager\lacie_launcherd.exe" File not found O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony) O4 - HKLM..\Run: [HotShot] c:\program files\HotShot\otshot.exe -minimize File not found O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Olympus ib] C:\Program Files (x86)\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM File not found O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\SysWow64\mmrtkrnl.exe (AlcaTech) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\Run: [Samsung.PCSync] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog File not found O4 - HKU\S-1-5-18..\Run: [Samsung.PCSync] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001..\Run: [LaCie Desktop Manager Startup] C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe () O4 - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001..\Run: [OM2_Monitor] "C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3831717678-3645215030-4056517808-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0918734-0F6B-414C-B389-32861335B555}: DhcpNameServer = 192.168.0.2 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/01/29 18:43:10 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/07 20:52:04 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\**********\Desktop\mbam-setup-1-70-0-1100.exe [2013/02/07 19:42:14 | 000,000,000 | ---D | C] -- C:\Users\**********\Desktop\Trojaner Board [2013/02/06 17:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/02/06 17:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013/02/05 21:53:31 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013/02/05 12:22:24 | 000,000,000 | ---D | C] -- C:\Users\**********\Documents\SCANIA Truck Driving Simulator [2013/01/31 19:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/01/31 17:30:22 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Systweak [2013/01/31 17:30:20 | 000,019,896 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe [2013/01/29 21:23:54 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/01/29 21:23:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/29 21:23:33 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/29 21:23:33 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/29 20:50:16 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\CrystalIdea Software [2013/01/29 18:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/01/29 17:43:31 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\SpeedMaxPc [2013/01/29 17:43:31 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\DriverCure [2013/01/29 17:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc [2013/01/26 14:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTax 2012 BL [2013/01/19 12:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/12 12:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013/01/11 12:16:11 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\McAfee File Lock [2013/01/10 22:01:59 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2013/01/10 21:59:43 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2010/02/14 15:35:58 | 004,411,392 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/09 21:29:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/09 21:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/09 19:26:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/09 16:29:11 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/09 16:15:22 | 000,002,106 | ---- | M] () -- C:\Users\**********\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013/02/09 15:18:14 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/09 15:18:13 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/09 13:44:53 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/09 13:44:53 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/09 13:35:28 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\EEPPOWUPIU.job [2013/02/09 13:35:18 | 3018,461,184 | -HS- | M] () -- C:\hiberfil.sys [2013/02/07 20:52:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\**********\Desktop\mbam-setup-1-70-0-1100.exe [2013/02/07 19:12:34 | 000,000,000 | ---- | M] () -- C:\Users\**********\defogger_reenable [2013/02/06 18:17:25 | 000,000,732 | ---- | M] () -- C:\Windows\wininit.ini [2013/02/05 21:53:31 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013/02/05 19:46:58 | 001,780,472 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/05 19:46:58 | 000,764,542 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/02/05 19:46:58 | 000,707,716 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/05 19:46:58 | 000,171,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/02/05 19:46:58 | 000,139,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/31 19:48:11 | 000,002,184 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/01/31 19:48:11 | 000,002,184 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/01/29 21:23:12 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/29 21:23:11 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/01/29 21:23:11 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/01/29 21:23:11 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/01/29 21:23:11 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/29 21:23:11 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/29 21:03:20 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/29 20:54:05 | 000,040,662 | ---- | M] () -- C:\Users\**********\Desktop\bookmarks.html [2013/01/29 18:43:10 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013/01/29 18:18:32 | 000,000,126 | RH-- | M] () -- C:\Users\**********\Desktop\stinger10-2-0-845.opt [2013/01/26 14:20:47 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Snapform Viewer.lnk [2013/01/26 14:20:04 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\EasyTax 2012 BL.lnk [2013/01/18 21:36:22 | 000,233,519 | ---- | M] () -- C:\Windows\hpoins47.dat [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/09 16:15:22 | 000,002,106 | ---- | C] () -- C:\Users\**********\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013/02/07 19:12:34 | 000,000,000 | ---- | C] () -- C:\Users\**********\defogger_reenable [2013/01/31 19:48:11 | 000,002,184 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/01/29 21:03:20 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/29 21:03:19 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/01/29 20:54:05 | 000,040,662 | ---- | C] () -- C:\Users\**********\Desktop\bookmarks.html [2013/01/29 18:43:10 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013/01/26 14:20:04 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\EasyTax 2012 BL.lnk [2013/01/10 22:01:32 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf [2013/01/10 22:01:30 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf [2012/11/22 20:42:02 | 000,126,976 | RHS- | C] () -- C:\Windows\SysWow64\TsWpfWrpg.dll [2012/11/22 16:39:02 | 000,233,519 | ---- | C] () -- C:\Windows\hpoins47.dat [2011/11/26 19:23:05 | 000,000,732 | ---- | C] () -- C:\Windows\wininit.ini [2011/09/09 11:29:27 | 000,000,000 | ---- | C] () -- C:\Users\**********\AppData\Local\{B9DCE834-51D0-4AAD-9EAE-CCFB3F0FA82A} [2011/01/29 19:35:14 | 097,979,392 | ---- | C] () -- C:\Program Files (x86)\Samsung New PC Studio.msi [2011/01/29 19:35:14 | 000,113,152 | ---- | C] () -- C:\Program Files (x86)\1031.MST [2011/01/29 19:35:14 | 000,015,832 | ---- | C] () -- C:\Program Files (x86)\0x0407.ini [2011/01/15 20:41:16 | 000,000,000 | ---- | C] () -- C:\Users\**********\AppData\Roaming\AVSDVDPlayer.m3u ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/01/13 19:22:54 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\AlcaTech [2012/08/11 20:22:24 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\astragon Software GmbH [2013/01/29 20:50:16 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\CrystalIdea Software [2013/01/29 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\DriverCure [2012/01/15 08:53:11 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\DVDVideoSoft [2012/01/15 08:52:36 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\DVDVideoSoftIEHelpers [2013/01/26 14:22:21 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\EasyTax [2011/03/12 11:31:26 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\NCH Swift Sound [2010/12/27 17:00:46 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Packard Bell [2011/01/22 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\PC Suite [2011/02/13 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\PhotoScape [2011/01/29 19:38:30 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Samsung [2011/01/02 15:58:28 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\SNS [2013/01/29 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\SpeedMaxPc [2013/01/31 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Systweak [2011/09/06 03:50:17 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Thunderbird [2010/12/28 21:23:16 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\WildTangent [2012/12/29 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\Wuala [2012/12/23 22:00:47 | 000,000,000 | ---D | M] -- C:\Users\**********\AppData\Roaming\ZalmanInstaller_otshot ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/7/2013 7:39:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**********\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
3.75 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 52.34% Memory free
7.49 Gb Paging File | 5.48 Gb Available in Paging File | 73.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 299.82 Gb Free Space | 66.19% Space Free | Partition Type: NTFS
Computer Name: ANDREAUTHOMAS | User Name: ********** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3831717678-3645215030-4056517808-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039DA749-9651-4B90-B522-B7C5F7032ABB}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{0EC8B103-D7E4-47A4-A8BD-467803D8A907}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FE0C6EC-45DB-47A1-8395-75E43449ED35}" = lport=10243 | protocol=6 | dir=in | app=system |
"{25BAA2B7-3052-4C48-B601-2C399BA2C745}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28AEFB77-4CE6-4BE2-B43D-FF5528DB998F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3048FDBA-2C4D-4887-9789-298D19FAEF4F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{31881B79-BA00-4339-BC52-86C7CA1B4569}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3F4CA727-715F-46A8-A865-92F0D00CD8B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40C64817-3EB9-4BF8-94CF-C2AEDA4DF7FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{55A5B0BB-97CD-41FB-8DBF-1DA50623C608}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B044D16-8F48-4D50-B824-0D8A36036904}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C1A1178-C621-4A48-BAD4-2C9CE83EEA01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D2261ED-5C82-4D2B-A7D2-39ED5D182947}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6697A889-E22E-4B4D-8778-47222012EE3C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C4B7564-04EA-48ED-8598-653292CECFA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FBD73E6-972D-4EE6-A017-1EB507EC884D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74BFBD25-C034-4FFD-8318-0585D958F1B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{7D3B15C9-2AC2-4B51-AF77-295887FAFE16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B85C24C-1F03-495A-BF44-A6A3AA96BA1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95DC99B5-4EF0-4AD4-A5C8-D1B1431C1D59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD02B6E6-4B83-4E7E-AE78-3F5BAFBCEC84}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B06F1685-A620-46D9-AE7E-1750D7BDCE56}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{BA5EF8D7-0C03-43D7-BB8E-62A1F1F580F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6C687A3-DC6C-487C-8888-33B2A163C3A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{CA1ED476-92EE-41FD-9B89-10BBADAF13CF}" = lport=139 | protocol=6 | dir=in | app=system |
"{CBBB186F-1F69-48AD-BB33-F5EEE52A09E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E2A4468D-3BD0-4253-8241-4DCE69314180}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E71AFB6C-9C05-42FA-925C-8BE2599340F3}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AB5737-E7EF-45D4-82E4-28A7B61A1BE4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{050FE91E-7838-450E-A4A8-3F825535F563}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05E5D19C-1F76-4982-9217-1E58A4834DBB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{06E3514D-9A24-44A9-B8BE-EB4D48BEAF68}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{13929590-9A63-4F42-B8B8-5718A62D1906}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2036E06E-99A4-445B-BB80-DCE523EED076}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{242035DA-19DB-479E-AAB0-34C3B8C088B9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{28A85059-E99D-4547-B3D5-371F87B72B66}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28E0BBCD-F492-4B07-873E-FA9D029EACB3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A47B26D-E8EF-4AB7-A5F4-07FAA24178D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{307C7F7A-3139-422E-8DB5-E62A5696B423}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{30CDF660-2412-4E05-AF6F-261DBC210B7E}" = protocol=6 | dir=out | app=system |
"{323CEEF8-10C0-42CD-BCE8-275CCDE11E62}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3853C795-1006-4C14-B14F-BD6414C4662C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3C0B5FD2-6960-4682-997D-DE6DD40A58B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E265A7F-C8CF-42A1-AE22-2E237A4A204D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{46A67BB4-1E37-4FF9-B5EC-C59CDEFDB19C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{474421BA-6DD6-45A6-B42F-95AB3BF141CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{4B801306-638B-4191-BD9D-D4D4AEAC3737}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4C5483C7-8769-4BE5-A9BA-BEDA2BF332B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{53F434A0-EA71-438D-AAAE-D7DB1111EB48}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6112533F-0167-4C12-A067-82BD28FCBC43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6ACE2961-8A6D-4A12-8BCF-E3F5E5875230}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6BCA07CE-833A-4D2D-8FE2-02A2282A058F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{710EF621-32F5-404C-AA39-5A0B52FCE3F3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{822D7120-D965-416C-90B8-523F9B22A113}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{829CFE38-57AA-4A6D-A839-1FEA0B5758E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{89EB97DA-1B47-4FAF-BF3C-2A2DF8AD8D3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{8B9616F6-3584-4F15-8DBD-AB514C1F5EAE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{93583D9E-CA42-4E78-871F-AF18658D95C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{97BC8897-1988-4555-AC4B-853A9C592D51}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{9A76C6C3-64BE-4854-9D3F-7E6AB9210F75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B32279A-EF86-4B95-936A-1F938525A413}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A4A07D08-F137-41E4-BF91-717CC352A4D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA9E6134-3C0D-4F16-AF51-C056066D7D91}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B47D3B2A-FB07-4C8C-A404-EF7349E3A907}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BAAB137C-A61A-4F6B-915B-B14CE287FE17}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BFFC9009-B40B-4B30-94D6-2ADCEBB107C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C144699C-0439-45FE-A4DD-2FBDFBC7ACE6}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{C6CB5BD4-B512-4AE3-B0B6-83D7DB14CF2B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C735FB5B-812A-4705-8BB5-6F8473F37A20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDC78339-656D-4FF5-80BC-A9B1F3D5E82F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE188F8D-AB7B-483B-A5B9-6F0A96D28036}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D647723F-EAF4-4384-BB19-070E9BC196F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E3C1C00A-55F1-41CB-B432-4FAEB9A854C3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9C122EC-AB0A-46F7-BF90-2B98CF0DA2B7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F1A0E13C-E6F5-4771-B87E-579D4178A201}" = dir=in | app=d:\setup\hpznui40.exe |
"{FD6EB346-0386-44BB-BA6B-3A8D74AB101A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0E088150-3645-4D2E-AD5D-CB906E74ED57}C:\users\**********\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\**********\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1C6C1394-ED05-4BA5-8D5F-F13EE00FE631}C:\users\**********\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\**********\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1" = LaCie Desktop Manager 1.4.5
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A0158415-15CA-B2A0-928D-E755DD506C0D}" = ATI Catalyst Install Manager
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"{AD136254-E6F2-EAE8-7E36-9D65E13B0A7E}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB" = Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A1F857-F5C6-0842-333A-FA7806FAF70A}" = CCC Help Danish
"{038EBE9A-2AD4-9B6D-C7FB-377FF5112C16}" = CCC Help Swedish
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08840099-3121-798D-88BB-76C5087890AF}" = CCC Help Czech
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D7E84F5-7AA3-CD1F-3EA1-975313E9293A}" = CCC Help Portuguese
"{1ED4CA4A-2ABA-9302-D7F3-A0597294828B}" = Catalyst Control Center Graphics Light
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22037905-EB4C-3427-DD8C-6ABBBE306B0D}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{284B8BD0-0046-288F-79E3-160F17D18904}" = CCC Help Spanish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}" = OLYMPUS Digital Camera Updater
"{2B33E393-D2DE-E00C-95A2-96AB49FC2DBB}" = CCC Help Norwegian
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{37E6B486-08A4-3383-29BB-BD0591BD0E9D}" = Catalyst Control Center Core Implementation
"{3b53cb85-2662-4bb8-968c-a4f4e8e06353}" = Nero 9 Essentials
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{401F4EB7-FDF4-1B7A-54F6-5EE7CF0C0F8F}" = CCC Help Chinese Standard
"{427DB714-23EF-6CBC-4DD1-015674AF8AB7}" = CCC Help Finnish
"{43BEEE26-01A8-4EEE-8632-2353261E3B55}" = RemoteComms driver
"{4493F494-3E4D-E35C-BF37-1EF22539DCE3}" = CCC Help Korean
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{573EC8CA-E2FD-B1F7-4DAB-671AD39888A7}" = CCC Help Japanese
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5869CFDE-54D8-D3F1-A8F5-4FCA8A910BFB}" = Catalyst Control Center Graphics Previews Common
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B5CF192-F4BB-A213-CE03-7C8FB7A5E3E2}" = Catalyst Control Center Graphics Full New
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{679A43C5-1A03-CF8F-B73E-C4A095C2687D}" = CCC Help French
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7177EE4E-3D1D-4F45-85B5-B93DC758BA0B}" = OLYMPUS Viewer 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B037B61-22B4-C382-DCD9-05DB38D1149D}" = CCC Help Italian
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{81E6A85A-EF55-F1F4-3CBB-BE01F03CE3F3}" = CCC Help Hungarian
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D705770-8266-3A59-3AD8-6E666EC4CF77}" = CCC Help Thai
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E0FC21F-1DC1-0B4C-E8E0-74420102C75B}" = CCC Help Chinese Traditional
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A479E320-40DB-BDA6-6CEB-A08C9DEDE80C}" = ccc-core-static
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B1B7FDAA-9DC3-2408-18B2-9B4CB8CF0F80}" = CCC Help German
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3282FB8-874B-4054-8356-9EB391A826F9}" = OLYMPUS muvee theaterPack
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCFDADA0-04B1-6335-6362-BB854A216C23}" = CCC Help Russian
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C214A856-F569-0065-714F-8D2A4A092C6C}" = CCC Help Turkish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9413C02-2978-BC8B-D67C-6FF88ADBD1A3}" = CCC Help English
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D0485C2A-6BED-4E6A-8517-A1ED3F990AB2}" = Catalyst Control Center Graphics Full Existing
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D78667E4-E8EB-2B30-5029-29B9C3367B85}" = CCC Help Dutch
"{DB17E288-610C-45DC-E160-E7EB09A1FA88}" = Catalyst Control Center Localization All
"{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E45E3860-CDA5-93DF-8DAA-9AC4E556BF11}" = CCC Help Greek
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F623B2D2-9070-FF31-F47A-287802544F71}" = Catalyst Control Center InstallProxy
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"2841-5017-1617-4151" = Snapform Viewer 1.7.31
"7381-2256-9934-9039" = EasyTax 2012 BL 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Fahr-Simulator 2009_is1" = Fahr-Simulator 2009
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}" = Olympus ib
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}" = Alcor Micro USB Card Reader
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Kurierservice – Die Simulation_is1" = Kurierservice – Die Simulation
"LManager" = Launch Manager
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PhotoScape" = PhotoScape
"Tastaturschreiben" = Tastaturschreiben
"VLC media player" = VLC media player 1.1.5
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT088216" = Agatha Christie - Death on the Nile
"WT088226" = Bejeweled 2 Deluxe
"WT088228" = Build-a-lot 2
"WT088235" = Chuzzle Deluxe
"WT088238" = Diner Dash 2 Restaurant Rescue
"WT088260" = Farm Frenzy
"WT088268" = Insaniquarium Deluxe
"WT088269" = Jewel Quest Solitaire 2
"WT088283" = Plants vs. Zombies
"WT088292" = Zuma Deluxe
"WT088416" = FATE
"WT088420" = Final Drive Nitro
"WT088448" = John Deere Drive Green
"WT088452" = Penguins!
"WT088456" = Polar Bowler
"WT088460" = Polar Golfer
"WT088508" = Virtual Villagers 4 - The Tree of Life
"WT088531" = Zuma's Revenge
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3831717678-3645215030-4056517808-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Wuala" = Wuala
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/6/2013 7:56:55 AM | Computer Name = AndreauThomas | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3276
Error - 2/6/2013 7:56:56 AM | Computer Name = AndreauThomas | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/6/2013 7:56:56 AM | Computer Name = AndreauThomas | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4274
Error - 2/6/2013 7:56:56 AM | Computer Name = AndreauThomas | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4274
Error - 2/6/2013 7:56:57 AM | Computer Name = AndreauThomas | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2/6/2013 7:56:57 AM | Computer Name = AndreauThomas | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5709
Error - 2/6/2013 7:56:57 AM | Computer Name = AndreauThomas | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5709
Error - 2/7/2013 6:56:47 AM | Computer Name = AndreauThomas | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 2/7/2013 6:58:16 AM | Computer Name = AndreauThomas | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 2/7/2013 7:00:11 AM | Computer Name = AndreauThomas | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 2/7/2013 2:37:28 PM | Computer Name = AndreauThomas | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12c8 Startzeit:
01ce056073faa8c2 Endzeit: 31 Anwendungspfad: C:\Users\**********\Downloads\OTL.exe
Berichts-ID:
[ System Events ]
Error - 2/2/2013 8:25:15 AM | Computer Name = AndreauThomas | Source = DCOM | ID = 10010
Description =
Error - 2/3/2013 3:20:02 PM | Computer Name = AndreauThomas | Source = DCOM | ID = 10010
Description =
Error - 2/5/2013 3:19:46 PM | Computer Name = AndreauThomas | Source = Service Control Manager | ID = 7034
Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 2/5/2013 3:19:46 PM | Computer Name = AndreauThomas | Source = Service Control Manager | ID = 7034
Description = Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 2/5/2013 3:21:02 PM | Computer Name = AndreauThomas | Source = Service Control Manager | ID = 7034
Description = Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 2 Mal
passiert.
Error - 2/5/2013 6:14:30 PM | Computer Name = AndreauThomas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 2/6/2013 6:39:02 AM | Computer Name = AndreauThomas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AudioEndpointBuilder erreicht.
Error - 2/6/2013 8:09:41 AM | Computer Name = AndreauThomas | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 2/6/2013 2:39:02 PM | Computer Name = AndreauThomas | Source = DCOM | ID = 10010
Description =
Error - 2/6/2013 3:17:23 PM | Computer Name = AndreauThomas | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
< End of report >
[code] gmer.exe hat nicht funktioniert. Das Programm ist auf meinem PC abgestürzt und hat einen Bluesceen mit Meldungen erzeugt. Besten Dank für eure Unterstützung. Freundliche Grüsse Lällekönig |
|
10.02.2013, 00:22
| #2 |
| /// Helfer-Team  | Google redirect (unerwünschte Umleitungen auf andere Seiten) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
[2013/02/09 13:35:28 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\EEPPOWUPIU.job
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\**********\*.tmp
C:\Users\**********\AppData\Local\Temp\*.exe
C:\Users\**********\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte  Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
10.02.2013, 19:40
| #3 |
| | Google redirect (unerwünschte Umleitungen auf andere Seiten) Hallo t?john
__________________Danke für den OTL-Fix und die Unterstützung. Schritt 1 Log aus dem OTL-Scipt: [code] All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully. C:\Windows\Tasks\EEPPOWUPIU.job moved successfully. Service esgiguard stopped successfully! Service esgiguard deleted successfully! File C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found not found. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. C:\ProgramData\Temp\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0} folder moved successfully. C:\ProgramData\Temp\{889C6F39-241F-4119-8026-1B2F4A124839} folder moved successfully. C:\ProgramData\Temp\{64EF903E-D00A-414C-94A4-FBA368FFCDC9} folder moved successfully. C:\ProgramData\Temp folder moved successfully. File\Folder C:\Users\*************\*.tmp not found. C:\Users\*************\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe moved successfully. C:\Users\*************\AppData\Local\Temp\mcitinfo_1325106296.exe moved successfully. C:\Users\*************\AppData\Local\Temp\ose00000.exe moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\*************\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\*************\Desktop\cmd.bat deleted successfully. C:\Users\*************\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users [code] Schritt 2 Virenentfernung mit Malwarebytes Anti-Malware habe ich schon vor ein paar Tagen schon durchgeführt und da entsprechende Dateien gelöscht. Der Programmlauf von heute ergibt nachfolgendes Log: [code] Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.10.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ********** :: ****555*** [Administrator] Schutz: Deaktiviert 10.02.2013 15:19:53 mbam-log-2013-02-10 (15-19-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 464969 Laufzeit: 2 Stunde(n), 34 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) [code] Schritt 3 Der AdwCleaner hat nachfolgendes Log erstellt: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 10/02/2013 um 19:17:41 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ********** - ****555***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\**********\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\CToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\Software\SimplyGen
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747 --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\t3j1ljzl.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\**********\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2059 octets] - [10/02/2013 19:17:41]
########## EOF - C:\AdwCleaner[S1].txt - [2119 octets] ##########
[code] Somit sind die 3 Schritte durchgeführt. Beste Grüsse Lällekönig |
|
10.02.2013, 19:47
| #4 |
| /// Helfer-Team | Google redirect (unerwünschte Umleitungen auf andere Seiten) Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
|
10.02.2013, 20:29
| #5 |
| | Google redirect (unerwünschte Umleitungen auf andere Seiten) Hallo t`john Das Scanprogramm aswMBR ist zweimal abgebrochen. Das erste Mal habe ich es ohne aktive Schutzsoftware laufen lassen, ebenso das Modem abgeschhalten. Nach ca. 8 Min. gab es eine Abbruchmeldung (das Programm könne nicht weiterarbeiten und meldet sich wieder, beides mit ok bestätigt, danach ging das Fenster zu), beim zweiten Versuch habe ich die Schutzsoftware aktiviert und das Modem auch wieder eingeschalten, es gabe dieselbe Fehlermeldung und die Bestätigung der Meldungen schloss das Fenster. Wie weiter? Danke für deine Hinweise. Beste Grüsse Lällekönig |
|
10.02.2013, 20:52
| #6 |
| /// Helfer-Team | Google redirect (unerwünschte Umleitungen auf andere Seiten) Mit JRT weitermachen, dann: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Google redirect (unerwünschte Umleitungen auf andere Seiten) |
|
10.02.2013, 21:50
| #7 |
| | Google redirect (unerwünschte Umleitungen auf andere Seiten) Hallo t`john Die Logs des JRT und TDSSKiller sind als ZIP hochgeladen. Danke für die weiteren Anweisungen. Beste Grüsse Lällekönig |
|
10.02.2013, 22:15
| #8 |
| | Google redirect (unerwünschte Umleitungen auf andere Seiten) Hallo t`john Ich habe noch eine Ergänzung. Jetzt erscheint eine Fehlermeldung "Der Windows-Sicherheitsdienstcenter ist deaktiviert". Eine Aktivierung ist nicht möglich, es erscheint ein Fenster "Fehler - Der Windwos-Sicherheitscenter kann nicht gestartet werden". Beste Grüsse Lällekönig |
|
11.02.2013, 01:11
| #9 |
| /// Helfer-Team | Google redirect (unerwünschte Umleitungen auf andere Seiten) OK: Scan mit Combofix
|
|
11.02.2013, 17:13
| #10 |
| | Google redirect (unerwünschte Umleitungen auf andere Seiten) Lieber t`john Anbei das Log des Combodix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-02-07.02 - ********** 11.02.2013 16:50:30.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.41.1031.18.3838.2039 [GMT 1:00]
ausgeführt von:: c:\users\**********\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-11 bis 2013-02-11 ))))))))))))))))))))))))))))))
.
.
2013-02-11 15:59 . 2013-02-11 15:59 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-02-11 15:59 . 2013-02-11 15:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-10 20:57 . 2013-02-10 20:57 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-02-10 20:57 . 2013-02-10 20:57 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-02-10 20:57 . 2013-02-10 20:57 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-02-10 20:57 . 2013-02-10 20:57 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-02-10 20:00 . 2013-02-10 20:00 -------- d-----w- c:\windows\ERUNT
2013-02-10 19:59 . 2013-02-10 19:59 -------- d-----w- C:\JRT
2013-02-10 14:01 . 2013-02-10 14:01 -------- d-----w- C:\_OTL
2013-02-10 13:08 . 2013-02-10 13:08 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-06 16:28 . 2013-02-06 18:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-06 16:27 . 2013-02-06 19:13 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-02-05 20:53 . 2013-02-05 20:53 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-01-31 16:30 . 2012-12-10 11:01 19896 ----a-w- c:\windows\system32\roboot64.exe
2013-01-29 19:50 . 2013-01-29 19:50 -------- d-----w- c:\users\**********\AppData\Roaming\CrystalIdea Software
2013-01-29 17:42 . 2013-01-29 17:42 -------- d-----w- c:\program files\Enigma Software Group
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 13:08 . 2012-07-13 16:10 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-10 13:08 . 2010-12-28 07:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-09 14:18 . 2012-04-06 10:40 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-09 14:18 . 2011-05-27 05:00 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 21:44 . 2010-12-31 14:27 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-21 07:21 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 07:21 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 07:21 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 07:21 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-10 16:04 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-10 16:04 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-10 16:04 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-10 16:04 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-10 16:04 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-10 16:04 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-10 16:04 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-10 16:04 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-10 16:04 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-10 16:04 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-10 16:04 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-10 16:04 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-10 16:04 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-10 16:04 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-10 16:04 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-10 16:04 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-10 16:04 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-10 16:04 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-10 16:04 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-10 16:04 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-10 16:04 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-10 16:04 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-10 16:04 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-10 16:04 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-10 16:04 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-10 16:04 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-10 16:04 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-10 16:04 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-10 16:04 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-10 16:04 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-10 16:04 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-10 16:04 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-10 16:02 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-10 16:02 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-10 16:02 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-10 16:02 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-10 16:02 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-10 16:03 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-10 16:02 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-10 16:02 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-10 16:03 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-10 16:02 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{507C4921-8F3E-47EE-8541-DA557F73C995}"
[HKEY_CLASSES_ROOT\CLSID\{507C4921-8F3E-47EE-8541-DA557F73C995}]
2011-12-02 17:37 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-12-02 17:37 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-27 39408]
"LaCie Desktop Manager Startup"="c:\program files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe" [2012-04-12 3441664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-27 102400]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-15 600688]
"Realtime Audio Engine"="mmrtkrnl.exe" [2010-06-29 70144]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Olympus ib"="c:\program files (x86)\Olympus\ib\olycamdetect.exe" [2012-02-02 96128]
"MDS_Menu"="c:\program files (x86)\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2011-08-30 223104]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\**********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-06-10 40448]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-05-28 197264]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2012-11-02 97208]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys [2009-09-28 51760]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-28 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-10-19 74120]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2011-12-02 348560]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-27 202752]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 LaCieDesktopManagerService;LaCieDesktopManagerService;c:\program files\LaCie\Desktop Manager\lacie_dm_service.exe [2012-04-12 1227776]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 103472]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2012-10-07 220856]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2012-10-06 1007288]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2012-11-02 328976]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:18]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-27 15:50]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-27 15:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:11 592384 ----a-w- c:\program files (x86)\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{507C4921-8F3E-47EE-8541-DA557F73C995}"
[HKEY_CLASSES_ROOT\CLSID\{507C4921-8F3E-47EE-8541-DA557F73C995}]
2011-12-02 17:37 191504 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-12-02 17:37 191504 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://packardbell.msn.com
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\**********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.2
FF - ProfilePath - c:\users\**********\AppData\Roaming\Mozilla\Firefox\Profiles\t3j1ljzl.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2010-12-27 21:57; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-OM2_Monitor - c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
Wow6432Node-HKLM-Run-OM2_Monitor - c:\program files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
Wow6432Node-HKLM-Run-HotShot - c:\program files\HotShot\otshot.exe
Wow6432Node-HKU-Default-Run-Samsung.PCSync - c:\program files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-LaCie Desktop Manager Launcher - c:\program files\LaCie\Desktop Manager\lacie_launcherd.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-11 17:03:16
ComboFix-quarantined-files.txt 2013-02-11 16:03
.
Vor Suchlauf: 12 Verzeichnis(se), 323'257'630'720 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 323'232'256'000 Bytes frei
.
- - End Of File - - 3DCDA216F819617EDB023231BF23B262
[code] Wie weiter? Besten Dank für die Hinweise. Freundliche Grüsse Lällekönig |
|
11.02.2013, 19:04
| #11 |
| /// Helfer-Team | Google redirect (unerwünschte Umleitungen auf andere Seiten) Gibt es noch Umleitungen? ESET Online Scanner
dann: Downloade Dir bitte  SecurityCheck und:
|
|
12.02.2013, 01:08
| #12 |
| | Google redirect (unerwünschte Umleitungen auf andere Seiten) Lieber t`john Vor dem Start von Eset Online-Scanner und Securitycheck gab es noch Umleitungen. Nach der Durchführung dieser beiden Programme habe ich im Moment keine unerwünschten Umleitungen mehr erhalten. Nach der Durchführung beider Programme habe ich auch einen Neustart durchgeführt. Nun zu den Logs: Eset Online-Scanner [code] ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=deeba894510c7444a5e8769fcd0d3c8f # engine=13127 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-11 11:21:32 # local_time=2013-02-12 12:21:32 (+0100, Mitteleuropäische Zeit) # country="Switzerland" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5122 16777214 66 88 2725662 123438670 0 0 # compatibility_mode=5893 16776574 100 94 7014234 112254742 0 0 # scanned=256550 # found=0 # cleaned=0 # scan_time=11938 [code] Secutiycheck [code] Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! McAfee Anti-Virus und Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.1 Java(TM) 6 Update 29 Java 7 Update 13 Java version out of Date! Adobe Flash Player 11.5.502.149 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0.2) Mozilla Thunderbird (17.0.2) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` [code] Wie weiter? Besten Dank für die Hinweise. Freundliche Grüsse Lällekönig |
|
12.02.2013, 07:48
| #13 |
| /// Helfer-Team | Google redirect (unerwünschte Umleitungen auf andere Seiten) Aktualisiere: Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools) Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
12.02.2013, 20:00
| #14 |
| | Google redirect (unerwünschte Umleitungen auf andere Seiten) Lieber t`john Der aktuelle Adobe Reader ist installiert. Java 7 updat 13 ist installiert - temporäre Dateien sind gelöscht - alte Java Programme sind gelöscht - der wöchentliche update ist eingestellt Java Plugin ist deaktiviert PluginCheck vor Deaktivierung: Code:
ATTFilter • Firefox 18.0 ist aktuell
• Flash (11,5,502,149) ist aktuell.
• Java (1,7,0,13) ist aktuell.
• Adobe Reader 11,0,1,36 ist aktuell.
Code:
ATTFilter • Firefox 18.0 ist aktuell
• Flash (11,5,502,149) ist aktuell.
• Java ist nicht Installiert oder nicht aktiviert.
• Adobe Reader 11,0,1,36 ist aktuell.
Wie weiter? Besten Dank für deine Hinweise Freundliche Grüse Lällekönig |
|
13.02.2013, 15:48
| #15 |
| /// Helfer-Team | Google redirect (unerwünschte Umleitungen auf andere Seiten) Windows Repair Tool (AIO)
|
|
| Themen zu Google redirect (unerwünschte Umleitungen auf andere Seiten) |
| avira, bho, bonjour, converter, desktop, diner dash, enigma, entfernen, error, firefox, flash player, google, home, install.exe, keine viren, launch, logfile, mp3, olympus, packard bell, plug-in, realtek, registry, scan, security, siteadvisor, software, spyware, svchost.exe, trojaner, viren, virus, windows, wlansvc |
WARNUNG an die MITLESER: 
Linear-Darstellung
