| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google öffnet die falschen LinksWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.03.2013, 09:35
| #1 |
 |  Google öffnet die falschen Links Hallo erst einmal, mein Name ist Isabell und ich habe ein Problem. Seit ein paar Tagen öffnen sich leider immer die falschen Seiten, wenn ich bei Google auf die Suchergebnisse klicke. Ich bin offensichtlich nicht die Einzige mit dem Problem, nur scheint es offensichtlich keine Paradelösung zu geben, aus dem Grund poste ich nun hier. Ich schreibe gerade noch meine Masterarbeit und habe leider eigentlich nicht so viel Zeit mich damit herumzuquälen. Es muss aber wohl sein. Vorher habe ich mir bereits die Regeln des Forums durchgelesen und die Anweisungen befolgt, was Ihr unter erkennen könnt. Ich hoffe sehr, dass Ihr mir helfen könnt. Vielen Dank schon im Voraus! Liebe Grüße Isabell 1. Defogger habe ich durchgeführt und es gab keine Fehlermeldung oder ähnliches. 2. Hier die beiden Datein des Quickscans von OTL Die OLT.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 02.03.2013 09:10:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Isabell\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,22% Memory free 7,81 Gb Paging File | 5,89 Gb Available in Paging File | 75,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,33 Gb Total Space | 288,17 Gb Free Space | 68,56% Space Free | Partition Type: NTFS Drive D: | 30,48 Gb Total Space | 28,26 Gb Free Space | 92,71% Space Free | Partition Type: NTFS Computer Name: ISABELLS-PC | User Name: Isabell | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.02 09:09:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isabell\Desktop\OTL.exe PRC - [2013.03.01 14:47:21 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe PRC - [2013.02.06 11:17:22 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.08 16:02:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 14:04:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 14:04:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.08.21 17:06:54 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011.08.21 17:05:05 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.14 19:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.12.05 02:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2010.11.27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010.10.14 08:59:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.14 08:59:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.09.27 12:02:10 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera\VM331_STI.EXE PRC - [2010.02.03 15:37:57 | 000,154,112 | ---- | M] () -- C:\Program Files (x86)\ImagonShared\DierckeBrowserInterface.exe ========== Modules (No Company Name) ========== MOD - [2013.03.01 14:47:21 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll MOD - [2013.02.06 11:17:22 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.11.13 20:32:19 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011.08.21 17:06:54 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2011.08.21 17:05:05 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2011.02.16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2011.02.16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll MOD - [2010.02.03 15:37:57 | 000,154,112 | ---- | M] () -- C:\Program Files (x86)\ImagonShared\DierckeBrowserInterface.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.04.27 08:23:24 | 000,916,992 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService) SRV - [2013.03.01 14:47:22 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.06 11:17:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 14:04:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 14:04:27 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.14 19:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.10.14 08:59:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.14 08:59:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 14:04:27 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 14:04:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.15 22:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.22 00:31:35 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.08.22 00:31:35 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.08.21 17:16:20 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2011.08.21 17:16:18 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2011.08.21 17:01:11 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2011.08.21 17:01:11 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.24 15:35:42 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.15 11:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.02.18 09:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.12.14 12:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010.12.14 12:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.12.14 12:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.12.14 12:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.12.14 12:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.12.05 02:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.10.14 08:59:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.27 12:02:16 | 000,008,320 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmuvcflt.sys -- (vmuvcflt) DRV:64bit: - [2010.09.27 12:02:08 | 000,228,224 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs) DRV:64bit: - [2010.08.19 14:51:44 | 002,366,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.08.26 06:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini) DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.08 12:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 7'hxxp://www.lenovo.com/hxxp://w [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.01 13:47:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.01 13:47:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.13 19:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabell\AppData\Roaming\mozilla\Extensions [2013.02.13 19:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabell\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.10.23 19:38:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Isabell\AppData\Roaming\mozilla\Firefox\Profiles\mds0wjwu.default\extensions [2013.02.27 08:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 11:17:22 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.30 17:07:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.22 11:52:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.30 17:07:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 17:07:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.30 17:07:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 17:07:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [MacrokeyManager] C:\windows\SysNative\WTMKM.exe () O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe (Lenovo) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [Mhyrms] C:\Users\Isabell\AppData\Roaming\ir41_qc0.dll () O4 - HKCU..\Run: [SkyDrive] C:\Users\Isabell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Uninstall C:\Users\Isabell\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Isabell\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found O4 - Startup: C:\Users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C147314-7CF6-4038-AF7E-2DC2EB3D3DF5}: DhcpNameServer = 61.13.0.10 61.13.0.99 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73C71C4B-D366-4C88-972C-216C89C05785}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{81aa8dad-fd50-11e0-abc8-e2df9ae5011b}\Shell - "" = AutoRun O33 - MountPoints2\{81aa8dad-fd50-11e0-abc8-e2df9ae5011b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.02 09:08:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Isabell\Desktop\OTL.exe [2013.02.27 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{4ABCF316-FED1-4BFE-BD41-45066097CBFF} [2013.02.26 09:33:38 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{600E17D0-D45A-4299-B12A-EC7D8E4886DF} [2013.02.24 22:47:01 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{BF7961F4-6E2E-47B0-B5D8-AC4150DC2212} [2013.02.24 08:49:46 | 000,000,000 | ---D | C] -- C:\Users\Isabell\Documents\SimCity Societies [2013.02.24 08:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SimCity Societies [2013.02.23 13:10:45 | 000,000,000 | RH-D | C] -- C:\Users\Isabell\AppData\Roaming\SecuROM [2013.02.23 12:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2013.02.23 12:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2013.02.23 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Origin [2013.02.23 12:03:51 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\Origin [2013.02.23 12:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.02.23 12:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.02.23 12:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.02.23 09:41:54 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Avira [2013.02.22 20:49:40 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{AA865C03-4DC6-4996-9469-5EA1FDBD4349} [2013.02.21 08:39:48 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{A6109CA0-6601-4299-BEF4-5C617DE9000C} [2013.02.17 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{17A7270B-30FC-45C2-8484-3342789325E7} [2013.02.17 10:37:20 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{0AA5C55A-0675-4A3A-A535-5FE4A4F0A3D6} [2013.02.16 13:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RestaurantManager [2013.02.15 10:58:33 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{1AA3FA54-36F2-48F3-9F26-017A2190688D} [2013.02.13 19:55:13 | 000,000,000 | ---D | C] -- C:\Users\Isabell\Documents\TomTom [2013.02.13 19:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom [2013.02.13 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\TomTom [2013.02.13 19:54:49 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\TomTom [2013.02.13 19:53:09 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\Downloaded Installations [2013.02.11 19:16:12 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{01F8BA11-FBA6-4E05-A1D2-0AED0AA92927} [2013.02.11 13:48:20 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{F1D42F28-9200-4C39-942C-E3059D697B26} [2013.02.10 11:03:22 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{58118AF7-4F83-457C-BDF6-28F5DEDF2F3A} [2013.02.07 10:10:07 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{6F63EB6D-E931-4965-A736-C392C3739B9D} [2013.02.06 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.06 10:04:43 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{91C7367C-D939-4B3A-85A1-DDE9BDA2F772} [2013.02.04 09:33:51 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{1319487F-8587-4FA2-B5B7-F2453C9749C1} [2013.02.03 22:08:49 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{4AE8E5D1-D6CB-4C76-A21E-E2E522DECE3C} [2013.02.01 15:15:18 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{D75AA83A-C181-4410-925F-BE894B4EBF4C} [2013.01.31 16:39:59 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Roaming\Apple Computer [2013.01.31 15:43:06 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\Apple Computer [2013.01.31 15:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.01.31 15:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.01.31 15:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.31 15:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.01.31 15:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.01.31 15:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.01.31 15:20:28 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\Apple [2013.01.31 15:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.01.31 15:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.01.31 10:09:23 | 000,000,000 | ---D | C] -- C:\Users\Isabell\AppData\Local\{5CC99745-9C82-4170-B1F3-5731A73C060D} ========== Files - Modified Within 30 Days ========== [2013.03.02 09:09:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Isabell\Desktop\OTL.exe [2013.03.02 09:08:18 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.03.02 09:08:18 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.03.02 09:08:18 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.03.02 09:08:18 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.03.02 09:08:18 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.03.02 09:08:01 | 000,000,000 | ---- | M] () -- C:\Users\Isabell\defogger_reenable [2013.03.02 09:04:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.02 09:03:44 | 000,050,477 | ---- | M] () -- C:\Users\Isabell\Desktop\Defogger.exe [2013.03.02 08:43:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.03.02 07:45:29 | 000,438,901 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.03.02 07:44:52 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.02 07:28:50 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 07:28:50 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.02 07:21:41 | 000,000,374 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics [2013.03.02 07:21:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.03.02 07:21:10 | 3146,182,656 | -HS- | M] () -- C:\hiberfil.sys [2013.02.26 09:37:52 | 001,578,093 | ---- | M] () -- C:\Users\Isabell\Documents\subito5.pdf [2013.02.26 09:37:30 | 001,317,970 | ---- | M] () -- C:\Users\Isabell\Documents\subito4.pdf [2013.02.26 09:37:09 | 000,781,466 | ---- | M] () -- C:\Users\Isabell\Documents\subito3.pdf [2013.02.26 09:36:47 | 001,033,621 | ---- | M] () -- C:\Users\Isabell\Documents\subito1.pdf [2013.02.26 09:36:29 | 000,966,720 | ---- | M] () -- C:\Users\Isabell\Documents\subito 2.pdf [2013.02.15 15:49:09 | 000,090,112 | RHS- | M] () -- C:\Users\Isabell\AppData\Roaming\ir41_qc0.dll [2013.02.15 14:47:32 | 000,188,881 | ---- | M] () -- C:\Users\Isabell\Desktop\Mail.jpg [2013.02.15 10:56:40 | 008,558,313 | ---- | M] () -- C:\Users\Isabell\Desktop\Krankenschein.pdf [2013.02.13 19:40:34 | 000,471,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.02.13 08:30:28 | 000,021,555 | ---- | M] () -- C:\Users\Isabell\Documents\Uni Hausarbeitvorlage.dotx [2013.02.01 11:42:50 | 000,173,993 | ---- | M] () -- C:\Users\Isabell\Documents\Medien im Geographieunterricht.jpg [2013.01.31 15:29:25 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.01.31 15:22:04 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2013.03.02 09:08:01 | 000,000,000 | ---- | C] () -- C:\Users\Isabell\defogger_reenable [2013.03.02 09:03:41 | 000,050,477 | ---- | C] () -- C:\Users\Isabell\Desktop\Defogger.exe [2013.02.26 09:37:52 | 001,578,093 | ---- | C] () -- C:\Users\Isabell\Documents\subito5.pdf [2013.02.26 09:37:29 | 001,317,970 | ---- | C] () -- C:\Users\Isabell\Documents\subito4.pdf [2013.02.26 09:37:09 | 000,781,466 | ---- | C] () -- C:\Users\Isabell\Documents\subito3.pdf [2013.02.26 09:36:46 | 001,033,621 | ---- | C] () -- C:\Users\Isabell\Documents\subito1.pdf [2013.02.26 09:36:29 | 000,966,720 | ---- | C] () -- C:\Users\Isabell\Documents\subito 2.pdf [2013.02.15 15:49:09 | 000,090,112 | RHS- | C] () -- C:\Users\Isabell\AppData\Roaming\ir41_qc0.dll [2013.02.15 14:47:32 | 000,188,881 | ---- | C] () -- C:\Users\Isabell\Desktop\Mail.jpg [2013.02.15 10:57:29 | 008,558,313 | ---- | C] () -- C:\Users\Isabell\Desktop\Krankenschein.pdf [2013.02.11 09:09:47 | 002,180,401 | ---- | C] () -- C:\Users\Isabell\Desktop\Passbild.jpg [2013.02.01 11:42:50 | 000,173,993 | ---- | C] () -- C:\Users\Isabell\Documents\Medien im Geographieunterricht.jpg [2013.01.31 15:29:25 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.01.31 15:29:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.01.31 15:22:04 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.01.31 15:20:26 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.01.31 13:28:29 | 000,021,555 | ---- | C] () -- C:\Users\Isabell\Documents\Uni Hausarbeitvorlage.dotx [2012.08.09 18:03:46 | 000,043,672 | ---- | C] () -- C:\ProgramData\dudenbib.wav [2012.07.19 10:06:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad [2012.06.13 14:42:42 | 000,844,288 | ---- | C] () -- C:\windows\RmTablet.exe [2012.02.21 19:25:24 | 000,947,408 | ---- | C] () -- C:\windows\Diercke Globus Online Uninstaller.exe [2011.10.13 17:55:55 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.08.21 17:07:00 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2011.08.21 17:07:00 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011.08.21 17:07:00 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011.08.21 17:07:00 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2011.08.21 17:06:51 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011.08.21 16:53:19 | 000,001,652 | ---- | C] () -- C:\windows\vm331Rmv.ini [2011.08.21 16:53:19 | 000,001,652 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini [2011.08.21 16:53:07 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.03.04 11:18:02 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.03.04 11:18:00 | 000,213,332 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.03.04 11:17:59 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.26 13:57:25 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Diercke Globus Online [2012.08.09 18:02:41 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Duden [2011.11.14 09:40:50 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\OpenOffice.org [2013.02.23 12:04:15 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Origin [2012.05.13 13:08:35 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\SoftGrid Client [2013.02.13 19:54:49 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\TomTom [2011.10.13 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\TP [2011.10.21 12:51:06 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Utherverse [2011.10.14 08:20:42 | 000,000,000 | ---D | M] -- C:\Users\Isabell\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Und die Extra.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.03.2013 09:10:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Isabell\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,22% Memory free
7,81 Gb Paging File | 5,89 Gb Available in Paging File | 75,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,33 Gb Total Space | 288,17 Gb Free Space | 68,56% Space Free | Partition Type: NTFS
Drive D: | 30,48 Gb Total Space | 28,26 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
Computer Name: ISABELLS-PC | User Name: Isabell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A9DB9C-482E-4DB4-BCF8-143078BA2629}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{0366EFFC-2F4E-4C8E-A609-5E8896E26073}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0ADE1C3D-D046-4676-A6BE-0EFB551733B4}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{256A4B22-4A73-4F42-81F9-F0171F8FB61F}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2788D930-0727-448F-8AA3-CA7E14353DBC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38D773AA-2C67-4474-86A9-665E5EE98C39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5083CCEF-1E38-4AFC-A564-8BF542D90A5D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{58C23DFC-1928-41B6-87A5-880C0A9747D7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9C2749E8-E1BE-40E2-A5B2-F712AF39CBA0}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C8F3C6DB-20C4-41DE-848A-A6E8854E1F9B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F258AC10-0802-4A5A-AAD3-DBC4CCB6A0CE}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2B8717-EAB0-4320-AD1E-9CE8FE14D2F6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{19E9D975-C945-4455-9244-9856090E654C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C12B11A-8152-4BDB-8D44-3510DDC9C1E6}" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe |
"{1C229478-8264-475B-BE04-178DF6C7FAE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{22D50CAA-E052-48CF-AB55-58DA159D56C7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{24EB3FA0-9A80-4D01-B105-8DC12BD813EC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{275232BE-B430-4085-8EB7-4880EF07D627}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A2163AD-E05B-473D-9AF3-83865A6E6B1B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2C8AA489-6AEF-4153-8C01-27DDED1ECCF3}" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe |
"{30F2A891-9813-44FE-9F9E-3B45916AC0C0}" = dir=in | app=c:\users\isabell\appdata\local\microsoft\skydrive\skydrive.exe |
"{35799166-13C1-43A5-ADFF-5259B0003164}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C62AD123-1646-48C4-ABFD-B7E4CD3A2C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\mail\wlmail.exe |
"{D3E5FBEA-591A-43DE-B958-D94EA974444B}" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701addon.exe |
"{D7B3A1C7-160C-44E0-8ABF-6D3BDF1DDA1A}" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\mail\wlmail.exe |
"{F289FAEA-93A2-4913-BFDB-380478A0DAED}" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701addon.exe |
"{F960662D-7E9D-4F86-80B6-F4220F57746C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{2C2BE2BE-BBA1-4112-9DB5-ABFBCF53E1C4}C:\program files (x86)\secretcity 3dchat\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secretcity 3dchat\utherverse vww client\utherverse.exe |
"UDP Query User{03E19680-1046-48A7-B413-69BC0487C9D3}C:\program files (x86)\secretcity 3dchat\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secretcity 3dchat\utherverse vww client\utherverse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RmTablet" = Tablet Driver With Macrokey Manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{905D4F6B-FADC-4CA4-AA41-BD32A2E446CE}" = Anno 1701 - Der Fluch des Drachen
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}" = Duden-Rechtschreibprüfung
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}" = Lenovo MuteSync
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diercke Globus Online" = Diercke Globus Online
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{C39EF9B4-0C4F-4D48-8665-8FD45BFF3961}" = Lenovo MuteSync
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ST6UNST #1" = Der Restaurant-Manager 1.5 Vollversion.de Edition
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.08.2012 10:58:15 | Computer Name = Isabells-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.08.2012 06:23:50 | Computer Name = Isabells-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.08.2012 06:44:38 | Computer Name = Isabells-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.08.2012 04:07:28 | Computer Name = Isabells-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.08.2012 04:17:06 | Computer Name = Isabells-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 10.08.2012 11:12:13 | Computer Name = Isabells-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 13:06:04 | Computer Name = Isabells-PC | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 13:44:42 | Computer Name = Isabells-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 13.08.2012 05:43:16 | Computer Name = Isabells-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 14.08.2012 04:47:30 | Computer Name = Isabells-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 21.02.2013 02:59:56 | Computer Name = Isabells-PC | Source = MCUpdate | ID = 0
Description = 07:59:56 - Fehler beim Herstellen der Internetverbindung. 07:59:56
- Serververbindung konnte nicht hergestellt werden..
Error - 21.02.2013 03:00:25 | Computer Name = Isabells-PC | Source = MCUpdate | ID = 0
Description = 08:00:17 - Fehler beim Herstellen der Internetverbindung. 08:00:17
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 24.02.2013 03:49:31 | Computer Name = Isabells-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 26.02.2013 14:13:19 | Computer Name = Isabells-PC | Source = DCOM | ID = 10010
Description =
Error - 27.02.2013 07:04:02 | Computer Name = Isabells-PC | Source = DCOM | ID = 10010
Description =
Error - 27.02.2013 12:22:50 | Computer Name = Isabells-PC | Source = ipnathlp | ID = 31004
Description =
Error - 28.02.2013 05:37:34 | Computer Name = Isabells-PC | Source = ipnathlp | ID = 31004
Description =
Error - 28.02.2013 12:52:31 | Computer Name = Isabells-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 28.02.2013 16:21:05 | Computer Name = Isabells-PC | Source = ipnathlp | ID = 31004
Description =
Error - 01.03.2013 05:09:46 | Computer Name = Isabells-PC | Source = DCOM | ID = 10010
Description =
Error - 01.03.2013 05:13:09 | Computer Name = Isabells-PC | Source = ipnathlp | ID = 31004
Description =
Error - 01.03.2013 08:48:52 | Computer Name = Isabells-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
< End of report >
und zuletzt die gmer.txt GMER Logfile: Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-02 09:45:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.03.0 465,76GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Isabell\AppData\Local\Temp\uwldikog.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\taskhost.exe[1300] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\taskhost.exe[1300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\windows\system32\taskhost.exe[1300] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\windows\system32\taskhost.exe[1300] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\windows\system32\taskhost.exe[1300] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb16a38c 5 bytes JMP 000007fefd4602b8
.text C:\windows\system32\taskhost.exe[1300] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb184b60 5 bytes JMP 000007fefd460238
.text C:\windows\system32\taskhost.exe[1300] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb184ba0 5 bytes JMP 000007fefd4601b8
.text C:\windows\system32\Dwm.exe[3260] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\windows\system32\Dwm.exe[3260] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\windows\system32\Dwm.exe[3260] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Windows\System32\hkcmd.exe[3268] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Windows\System32\hkcmd.exe[3268] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Windows\System32\hkcmd.exe[3268] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Windows\System32\hkcmd.exe[3268] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Windows\System32\igfxpers.exe[3040] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Windows\System32\igfxpers.exe[3040] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Windows\System32\igfxpers.exe[3040] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Windows\System32\igfxpers.exe[3040] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3624] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3624] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3624] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3624] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb16a38c 5 bytes JMP 000007fefd4602b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3624] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb184b60 5 bytes JMP 000007fefd460238
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3624] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb184ba0 5 bytes JMP 000007fefd4601b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3624] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2996] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2996] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[2996] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3820] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3820] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3820] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3820] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb16a38c 5 bytes JMP 000007fefd4602b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3820] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb184b60 5 bytes JMP 000007fefd460238
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3820] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb184ba0 5 bytes JMP 000007fefd4601b8
.text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[3820] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3868] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3868] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3868] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3868] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3868] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb16a38c 5 bytes JMP 000007fefd4602b8
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3868] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb184b60 5 bytes JMP 000007fefd460238
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3868] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb184ba0 5 bytes JMP 000007fefd4601b8
.text C:\Windows\System32\WTMKM.exe[3896] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Windows\System32\WTMKM.exe[3896] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Windows\System32\WTMKM.exe[3896] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Windows\System32\WTMKM.exe[3896] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1068] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1068] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1068] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1068] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1068] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb16a38c 5 bytes JMP 000007fefd4602b8
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1068] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb184b60 5 bytes JMP 000007fefd460238
.text C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[1068] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb184ba0 5 bytes JMP 000007fefd4601b8
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3152] C:\windows\system32\KERNEL32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3152] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3152] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3152] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[260] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000756b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[260] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000756b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[260] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000756b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\USB Camera\VM331_STI.EXE[260] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075249d0b 5 bytes JMP 0000000110002850
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2020] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000756b48fb 5 bytes JMP 00000001010c2710
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2020] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000756b4913 5 bytes JMP 00000001010c27f0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2020] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000756b4945 5 bytes JMP 00000001010c2780
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2020] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075249d0b 5 bytes JMP 00000001010c2850
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2020] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074a41465 2 bytes [A4, 74]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[2020] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074a414bb 2 bytes [A4, 74]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2740] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000756b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2740] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000756b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2740] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000756b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2740] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075249d0b 5 bytes JMP 0000000110002850
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2740] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000007015adf9 5 bytes JMP 0000000110003390
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2740] C:\Windows\SysWOW64\WINMM.dll!waveOutPause 0000000070175484 5 bytes JMP 0000000110003430
.text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2740] C:\Windows\SysWOW64\WINMM.dll!waveOutRestart 00000000701754b8 5 bytes JMP 00000001100034d0
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[748] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000756b48fb 5 bytes JMP 0000000102492710
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[748] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000756b4913 5 bytes JMP 00000001024927f0
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[748] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000756b4945 5 bytes JMP 0000000102492780
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074a41465 2 bytes [A4, 74]
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[748] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074a414bb 2 bytes [A4, 74]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[748] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075249d0b 5 bytes JMP 0000000102492850
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3448] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000756b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3448] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000756b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[3448] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000756b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000756b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000756b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[3108] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000756b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3248] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000756b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3248] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000756b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3248] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000756b4945 5 bytes JMP 0000000110002780
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3248] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075249d0b 5 bytes JMP 0000000110002850
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3404] C:\windows\system32\kernel32.dll!LoadLibraryW 0000000076666f80 5 bytes JMP 0000000169ff0038
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3404] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd479940 5 bytes JMP 000007fffd4600b8
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3404] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd47bbb0 5 bytes JMP 000007fffd460038
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3404] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefd9c7490 5 bytes JMP 000007fffd460138
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3404] C:\windows\system32\WINMM.dll!waveOutReset 000007fefb16a38c 5 bytes JMP 000007fefd4602b8
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3404] C:\windows\system32\WINMM.dll!waveOutPause 000007fefb184b60 5 bytes JMP 000007fefd460238
.text C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3404] C:\windows\system32\WINMM.dll!waveOutRestart 000007fefb184ba0 5 bytes JMP 000007fefd4601b8
.text C:\windows\SysWOW64\RunDll32.exe[3984] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074a41465 2 bytes [A4, 74]
.text C:\windows\SysWOW64\RunDll32.exe[3984] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074a414bb 2 bytes [A4, 74]
.text ... * 2
.text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[4208] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000756b48fb 5 bytes JMP 0000000110002710
.text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[4208] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000756b4913 5 bytes JMP 00000001100027f0
.text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[4208] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000756b4945 5 bytes JMP 0000000110002780
.text C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe[4208] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000075249d0b 5 bytes JMP 0000000110002850
---- Threads - GMER 2.1 ----
Thread C:\windows\SysWOW64\rundll32.exe [3716:1636] 0000000000143080
Thread C:\windows\SysWOW64\rundll32.exe [3716:388] 0000000000253a80
Thread C:\windows\SysWOW64\rundll32.exe [3716:1188] 0000000000253a10
Thread C:\windows\SysWOW64\rundll32.exe [3716:4704] 00000000004c80a3
Thread C:\windows\SysWOW64\rundll32.exe [3716:4708] 00000000004c5235
Thread C:\windows\SysWOW64\rundll32.exe [3716:4712] 00000000004c5755
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9f0f3e4
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9f0f3e4@f008f15e2e05 0x24 0x66 0x11 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9f0f3e4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9f0f3e4@f008f15e2e05 0x24 0x66 0x11 0x18 ...
---- EOF - GMER 2.1 ----
Geändert von Isssssaaaaaa (02.03.2013 um 09:47 Uhr) |
|
02.03.2013, 10:33
| #2 |
| /// TB-Ausbilder  | Google öffnet die falschen Links Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Scan mit Combofix
__________________ |
|
02.03.2013, 11:49
| #3 |
| | Google öffnet die falschen Links Ich hab alles versucht, aber wie erstelle ich denn diese Code tag?
__________________ |
|
02.03.2013, 12:02
| #4 |
| /// TB-Ausbilder | Google öffnet die falschen LinksSo funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.03.2013, 14:32
| #5 |
| | Google öffnet die falschen LinksCode:
ATTFilter ComboFix 13-03-01.01 - Isabell 02.03.2013 11:23:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4001.2235 [GMT 1:00]
ausgeführt von:: c:\users\Isabell\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pmt_0piot.pad
c:\users\Isabell\AppData\Roaming\ir41_qc0.dll
c:\windows\s.bat
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-02 bis 2013-03-02 ))))))))))))))))))))))))))))))
.
.
2013-03-02 10:28 . 2013-03-02 10:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-01 14:32 . 2013-02-19 02:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1F062AA-5C15-4037-9216-57EBD6B97E90}\mpengine.dll
2013-02-24 07:49 . 2013-02-24 07:51 -------- d-----w- c:\programdata\SimCity Societies
2013-02-23 12:10 . 2013-02-23 12:10 -------- d--h--r- c:\users\Isabell\AppData\Roaming\SecuROM
2013-02-23 11:51 . 2013-02-23 11:51 -------- d-----w- c:\program files (x86)\Electronic Arts
2013-02-23 11:03 . 2013-02-23 11:04 -------- d-----w- c:\users\Isabell\AppData\Roaming\Origin
2013-02-23 11:03 . 2013-02-23 11:03 -------- d-----w- c:\users\Isabell\AppData\Local\Origin
2013-02-23 11:03 . 2013-02-23 11:05 -------- d-----w- c:\programdata\Origin
2013-02-23 11:03 . 2013-02-23 11:03 -------- d-----w- c:\programdata\Electronic Arts
2013-02-23 11:03 . 2013-03-01 12:47 -------- d-----w- c:\program files (x86)\Origin
2013-02-23 08:41 . 2013-02-23 08:41 -------- d-----w- c:\users\Isabell\AppData\Roaming\Avira
2013-02-21 08:01 . 2013-02-21 08:01 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-21 08:01 . 2013-02-21 08:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-21 08:01 . 2013-02-21 08:01 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-16 12:30 . 2013-02-16 13:01 -------- d-----w- c:\program files (x86)\RestaurantManager
2013-02-16 12:30 . 2013-02-16 12:30 290816 ------w- c:\windows\Setup1.exe
2013-02-16 12:30 . 2013-02-16 12:30 74752 ----a-w- c:\windows\ST6UNST.EXE
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\programdata\TomTom
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\users\Isabell\AppData\Roaming\TomTom
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\users\Isabell\AppData\Local\TomTom
2013-02-13 18:53 . 2013-02-13 18:53 -------- d-----w- c:\users\Isabell\AppData\Local\Downloaded Installations
2013-02-13 15:45 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:45 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:18 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 08:18 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 08:18 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 08:18 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 08:18 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 08:18 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 08:18 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 08:18 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 08:18 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 08:18 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 08:18 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 08:18 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 08:15 . 2013-02-11 08:15 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-11 08:14 . 2013-02-11 08:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-11 08:14 . 2013-02-11 08:14 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-31 15:39 . 2013-01-31 15:40 -------- d-----w- c:\users\Isabell\AppData\Roaming\Apple Computer
2013-01-31 14:43 . 2013-01-31 14:43 -------- d-----w- c:\users\Isabell\AppData\Local\Apple Computer
2013-01-31 14:29 . 2013-01-31 14:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-31 14:21 . 2013-01-31 14:22 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-31 14:21 . 2013-01-31 14:21 -------- d-----w- c:\programdata\Apple Computer
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\users\Isabell\AppData\Local\Apple
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\programdata\Apple
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-01 13:47 . 2012-04-02 10:51 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-01 13:47 . 2011-10-13 11:09 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 15:48 . 2011-11-29 07:52 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 08:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-28 12:51 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-28 12:51 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-28 12:51 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-28 12:51 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-12 11:15 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-12 11:15 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-12 11:15 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-12 11:15 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-12 11:15 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-12 11:15 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-12 11:15 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-12 11:15 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-12 11:15 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-12 11:15 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-12 11:15 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-12 11:15 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-12 11:15 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-12 11:15 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-12 11:15 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-12 11:15 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-12 11:15 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-12 11:15 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-12 11:15 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-12 11:15 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-12 11:15 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-12 11:15 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-12 11:15 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-12 11:15 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-12 11:15 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-12 11:15 51712 ----a-w- c:\windows\SysWow64\esrb.rs
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-16 255992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-09-27 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-21 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-12-23 347792]
.
c:\users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
DGO-Interface-01.lnk - c:\program files (x86)\ImagonShared\DierckeBrowserInterface.exe [2010-2-1 154112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-21 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-21 39008]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 27760]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-21 13408]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-14 2655768]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2011-04-27 916992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-21 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-14 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-14 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-09-27 228224]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys [2010-09-27 8320]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UWLDIKOG
*Deregistered* - uwldikog
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:47]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 20:49]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-21 16:07 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-21 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-08-21 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-21 9745312]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-21 5374880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MacrokeyManager"="WTMKM.exe" [2011-06-01 7329792]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\mds0wjwu.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Mhyrms - c:\users\Isabell\AppData\Roaming\ir41_qc0.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-02 11:31:52
ComboFix-quarantined-files.txt 2013-03-02 10:31
.
Vor Suchlauf: 7 Verzeichnis(se), 314.693.165.056 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 328.861.917.184 Bytes frei
.
- - End Of File - - 42A540373E28E0B2F20C32C4E64F5B4E
Sorry, ich hab die ganze Zeit die Raute gesucht. Wer lesen kann ist klar im Vorteil  Aber vielen Danke schon einmal! |
|
02.03.2013, 14:40
| #6 |
| /// TB-Ausbilder | Google öffnet die falschen Links Sieht eigentlich schon mal gut aus. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: Bevor es weitergeht: Besteht das Problem noch?
__________________ --> Google öffnet die falschen Links |
|
02.03.2013, 15:22
| #7 |
| | Google öffnet die falschen LinksCode:
ATTFilter ComboFix 13-03-01.01 - Isabell 02.03.2013 15:14:05.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4001.2195 [GMT 1:00]
ausgeführt von:: c:\users\Isabell\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-02 bis 2013-03-02 ))))))))))))))))))))))))))))))
.
.
2013-03-02 14:18 . 2013-03-02 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-01 14:32 . 2013-02-19 02:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1F062AA-5C15-4037-9216-57EBD6B97E90}\mpengine.dll
2013-02-24 07:49 . 2013-02-24 07:51 -------- d-----w- c:\programdata\SimCity Societies
2013-02-23 12:10 . 2013-02-23 12:10 -------- d--h--r- c:\users\Isabell\AppData\Roaming\SecuROM
2013-02-23 11:51 . 2013-02-23 11:51 -------- d-----w- c:\program files (x86)\Electronic Arts
2013-02-23 11:03 . 2013-02-23 11:04 -------- d-----w- c:\users\Isabell\AppData\Roaming\Origin
2013-02-23 11:03 . 2013-02-23 11:03 -------- d-----w- c:\users\Isabell\AppData\Local\Origin
2013-02-23 11:03 . 2013-02-23 11:05 -------- d-----w- c:\programdata\Origin
2013-02-23 11:03 . 2013-02-23 11:03 -------- d-----w- c:\programdata\Electronic Arts
2013-02-23 11:03 . 2013-03-01 12:47 -------- d-----w- c:\program files (x86)\Origin
2013-02-23 08:41 . 2013-02-23 08:41 -------- d-----w- c:\users\Isabell\AppData\Roaming\Avira
2013-02-21 08:01 . 2013-02-21 08:01 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-21 08:01 . 2013-02-21 08:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-21 08:01 . 2013-02-21 08:01 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-16 12:30 . 2013-02-16 13:01 -------- d-----w- c:\program files (x86)\RestaurantManager
2013-02-16 12:30 . 2013-02-16 12:30 290816 ------w- c:\windows\Setup1.exe
2013-02-16 12:30 . 2013-02-16 12:30 74752 ----a-w- c:\windows\ST6UNST.EXE
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\programdata\TomTom
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\users\Isabell\AppData\Roaming\TomTom
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\users\Isabell\AppData\Local\TomTom
2013-02-13 18:53 . 2013-02-13 18:53 -------- d-----w- c:\users\Isabell\AppData\Local\Downloaded Installations
2013-02-13 15:45 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:45 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:18 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 08:18 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 08:18 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 08:18 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 08:18 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 08:18 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 08:18 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 08:18 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 08:18 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 08:18 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 08:18 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 08:18 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 08:15 . 2013-02-11 08:15 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-11 08:14 . 2013-02-11 08:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-11 08:14 . 2013-02-11 08:14 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-31 15:39 . 2013-01-31 15:40 -------- d-----w- c:\users\Isabell\AppData\Roaming\Apple Computer
2013-01-31 14:43 . 2013-01-31 14:43 -------- d-----w- c:\users\Isabell\AppData\Local\Apple Computer
2013-01-31 14:29 . 2013-01-31 14:29 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-31 14:22 . 2013-01-31 14:22 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-31 14:21 . 2013-01-31 14:22 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-31 14:21 . 2013-01-31 14:21 -------- d-----w- c:\programdata\Apple Computer
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\users\Isabell\AppData\Local\Apple
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\programdata\Apple
2013-01-31 14:20 . 2013-01-31 14:20 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-01 13:47 . 2012-04-02 10:51 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-01 13:47 . 2011-10-13 11:09 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 15:48 . 2011-11-29 07:52 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 08:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-28 12:51 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-28 12:51 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-28 12:51 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-28 12:51 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-12 11:15 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-12 11:15 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-12 11:15 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-12 11:15 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-12 11:15 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-12 11:15 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-12 11:15 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-12 11:15 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-12 11:15 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-12 11:15 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-12 11:15 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-12 11:15 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-12 11:15 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-12 11:15 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-12 11:15 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-12 11:15 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-12 11:15 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-12 11:15 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-12 11:15 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-12 11:15 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-12 11:15 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-12 11:15 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-12 11:15 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-12 11:15 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-12 11:15 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-12 11:15 51712 ----a-w- c:\windows\SysWow64\esrb.rs
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-16 255992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-09-27 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-21 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-12-23 347792]
.
c:\users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
DGO-Interface-01.lnk - c:\program files (x86)\ImagonShared\DierckeBrowserInterface.exe [2010-2-1 154112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-21 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-21 39008]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 27760]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-21 13408]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-14 2655768]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2011-04-27 916992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-21 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-14 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-14 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-09-27 228224]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys [2010-09-27 8320]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UWLDIKOG
*Deregistered* - uwldikog
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:47]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 20:49]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-21 16:07 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-21 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-08-21 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-21 9745312]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-21 5374880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MacrokeyManager"="WTMKM.exe" [2011-06-01 7329792]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\mds0wjwu.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-02 15:20:05
ComboFix-quarantined-files.txt 2013-03-02 14:20
ComboFix2.txt 2013-03-02 10:31
.
Vor Suchlauf: 11 Verzeichnis(se), 328.909.737.984 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 328.849.678.336 Bytes frei
.
- - End Of File - - 195528CA7AD7DE43EC24107BA88F42EA
Ich muss Dir leider sagen, dass ich in diesem Bereich soviel Ahnung hab wie ein Toastbrot, was Dir sicherlich schon aufgefallen ist. Vielen Dank für die Geduld. Ja, das Problem besteht noch, allerdings hat es sich verändert seit heut Mittag. Es sind nicht mehr ca. die ersten 5 Links, sondern nur noch vereinzelt der erste. |
|
02.03.2013, 15:48
| #8 |
| /// TB-Ausbilder | Google öffnet die falschen Links Das ist doch schon mal eine Verbesserung  Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte Schritt 2: Adware entfernen mit JRT Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3: Nochmal Combofix zur Kontrolle.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.03.2013, 17:15
| #9 |
| | Google öffnet die falschen LinksCode:
ATTFilter # AdwCleaner v2.113 - Datei am 02/03/2013 um 16:38:06 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Isabell - ISABELLS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Isabell\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Partner
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\mds0wjwu.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1329 octets] - [02/03/2013 16:37:30]
AdwCleaner[S1].txt - [1262 octets] - [02/03/2013 16:38:06]
########## EOF - C:\AdwCleaner[S1].txt - [1322 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Isabell on 02.03.2013 at 16:58:15,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2013 at 17:04:25,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ComboFix 13-03-01.01 - Isabell 02.03.2013 17:07:27.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4001.2518 [GMT 1:00]
ausgeführt von:: c:\users\Isabell\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-02 bis 2013-03-02 ))))))))))))))))))))))))))))))
.
.
2013-03-02 16:10 . 2013-03-02 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-02 15:41 . 2013-03-02 15:41 -------- d-----w- c:\windows\ERUNT
2013-03-02 15:41 . 2013-03-02 15:58 -------- d-----w- C:\JRT
2013-03-01 14:32 . 2013-02-19 02:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1F062AA-5C15-4037-9216-57EBD6B97E90}\mpengine.dll
2013-02-24 07:49 . 2013-02-24 07:51 -------- d-----w- c:\programdata\SimCity Societies
2013-02-23 12:10 . 2013-02-23 12:10 -------- d--h--r- c:\users\Isabell\AppData\Roaming\SecuROM
2013-02-23 11:51 . 2013-02-23 11:51 -------- d-----w- c:\program files (x86)\Electronic Arts
2013-02-23 11:03 . 2013-02-23 11:04 -------- d-----w- c:\users\Isabell\AppData\Roaming\Origin
2013-02-23 11:03 . 2013-02-23 11:03 -------- d-----w- c:\users\Isabell\AppData\Local\Origin
2013-02-23 11:03 . 2013-02-23 11:05 -------- d-----w- c:\programdata\Origin
2013-02-23 11:03 . 2013-02-23 11:03 -------- d-----w- c:\programdata\Electronic Arts
2013-02-23 11:03 . 2013-03-01 12:47 -------- d-----w- c:\program files (x86)\Origin
2013-02-23 08:41 . 2013-02-23 08:41 -------- d-----w- c:\users\Isabell\AppData\Roaming\Avira
2013-02-21 08:01 . 2013-02-21 08:01 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-21 08:01 . 2013-02-21 08:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-21 08:01 . 2013-02-21 08:01 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-02-16 12:30 . 2013-02-16 13:01 -------- d-----w- c:\program files (x86)\RestaurantManager
2013-02-16 12:30 . 2013-02-16 12:30 290816 ------w- c:\windows\Setup1.exe
2013-02-16 12:30 . 2013-02-16 12:30 74752 ----a-w- c:\windows\ST6UNST.EXE
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\programdata\TomTom
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\users\Isabell\AppData\Roaming\TomTom
2013-02-13 18:54 . 2013-02-13 18:54 -------- d-----w- c:\users\Isabell\AppData\Local\TomTom
2013-02-13 18:53 . 2013-02-13 18:53 -------- d-----w- c:\users\Isabell\AppData\Local\Downloaded Installations
2013-02-13 15:45 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 15:45 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 08:18 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 08:18 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 08:18 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 08:18 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 08:18 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 08:18 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 08:18 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 08:18 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 08:18 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 08:18 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 08:18 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 08:18 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 08:15 . 2013-02-11 08:15 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-11 08:14 . 2013-02-11 08:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-02-11 08:14 . 2013-02-11 08:14 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-01 13:47 . 2012-04-02 10:51 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-01 13:47 . 2011-10-13 11:09 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-13 15:48 . 2011-11-29 07:52 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-13 08:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-28 12:51 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-28 12:51 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-28 12:51 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-28 12:51 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-12 11:15 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-12 11:15 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-12 11:15 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-12 11:15 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-12 11:15 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-12 11:15 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-12 11:15 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-12 11:15 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-12 11:15 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-12 11:15 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-12 11:15 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-12 11:15 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-12 11:15 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-12 11:15 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-12 11:15 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-12 11:15 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-12 11:15 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-12 11:15 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-12 11:15 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-12 11:15 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-12 11:15 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-12 11:15 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-12 11:15 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-12 11:15 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-12 11:15 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-12 11:15 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-12 11:15 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-12 11:15 51712 ----a-w- c:\windows\SysWow64\esrb.rs
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 13:32 222712 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-16 255992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-09-27 536576]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-21 329056]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-12-23 347792]
.
c:\users\Isabell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
DGO-Interface-01.lnk - c:\program files (x86)\ImagonShared\DierckeBrowserInterface.exe [2010-2-1 154112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-21 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-21 39008]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 27760]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-21 13408]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-14 2655768]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2011-04-27 916992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-21 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-14 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-14 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-05 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2010-09-27 228224]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys [2010-09-27 8320]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 13:47]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 20:49]
.
2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-16 13:32 261624 ----a-w- c:\users\Isabell\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-21 16:07 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-21 114688]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-08-21 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-21 9745312]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-21 5374880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MacrokeyManager"="WTMKM.exe" [2011-06-01 7329792]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Isabell\AppData\Roaming\Mozilla\Firefox\Profiles\mds0wjwu.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-02 17:12:03
ComboFix-quarantined-files.txt 2013-03-02 16:12
ComboFix2.txt 2013-03-02 14:20
ComboFix3.txt 2013-03-02 10:31
.
Vor Suchlauf: 12 Verzeichnis(se), 328.873.766.912 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 328.575.909.888 Bytes frei
.
- - End Of File - - 8F86BB028C886C866AF1A1B819334D4E
|
|
02.03.2013, 19:58
| #10 |
| /// TB-Ausbilder | Google öffnet die falschen Links Werden immer noch Wörter unterstrichen?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.03.2013, 20:35
| #11 |
| | Google öffnet die falschen Links Um ehrlich zu sein, weiß ich nicht was Du meinst. Wo sollen immer noch Wörter unterstrichen werden? |
|
02.03.2013, 20:37
| #12 |
| /// TB-Ausbilder | Google öffnet die falschen Links Ah entschuldige, das war ein andere Fall. Besteht noch das Problem mit den falschen Links?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.03.2013, 21:21
| #13 |
| | Google öffnet die falschen Links Um ehrlich zu sein, weiß ich nicht, was Du mit unterstrichenen Wörtern meinst, da sowas doch nicht mein Problem war, oder habe ich wieder irgendetwas vorher nicht verstanden? |
|
02.03.2013, 23:23
| #14 |
| /// TB-Ausbilder | Google öffnet die falschen Links Besteht das Problem, das du anfangs beschrieben hast noch?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
03.03.2013, 09:29
| #15 |
| | Google öffnet die falschen Links Hey, guten Morgen!  Nein, nachdem ich gestern und heute google noch ein paar mal getestet habe, tauchte das Problem kein einziges Mal wieder auf! Super, vielen vielen Dank! |
|
| Themen zu Google öffnet die falschen Links |
| adobe, antivir, autorun, avg, avira, bho, c:\windows\system32\cmd.exe, error, fehlermeldung, firefox, flash player, format, google, google falsche seite, helper, home, install.exe, lenovo, logfile, mozilla, plug-in, realtek, registry, rundll, security, software, svchost.exe, taskhost.exe, udp, usb, windows |
Linear-Darstellung
