|
Log-Analyse und Auswertung: Werbetrojaner (?) bei der Google Suche über FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.05.2013, 07:06 | #1 |
| Werbetrojaner (?) bei der Google Suche über Firefox Hallo und einen schönen guten Morgen, seit einiger Zeit habe ich folgendes Problem: Wenn ich über meinen Standartbrowser Firefox die Google-Suche bemühe erscheint auf der ersten Seite als erste Treffer immer sehr seltsam anmutende Seiten. Beispielsweise Seiten mit den Endungen .biz oder worddictionary.com.au. Teilweise bis zu 10 solcher Treffer. Über den IE passiert das nicht. Gestern habe ich dann ein wenig im Internet nach dem Problem gesucht und bin hier über das Board gestolpert und dachte mir, dass ich ja nichts falsch machen kann, wenn ichs hier mal poste. Ich habe die 3 Programme runtergeladen und entsprechenden Log-Files gespeichert, defogger hat mir keinen Fehler angezeigt. Zudem hatte ich gestern alle Add-ons testweise deaktiviert vom Firefox. Das hat allerdings nichts gebracht. Avira hat mir auch keine Viren/Malware/Fehler angezeigt. Nach dem scannen mit den 3 Programmen habe ich das Problem heute morgen nicht mehr, trotzdem wäre es sicher nicht verkehrt, wenn mal jemand drüberschaut, was sich sonst noch bei mir tummelt. Ich weiß ja nun auch nicht, ob der Fehler dauerhaft behoben ist. Zudem bekomme ich seit etwa 2 Wochen beim Neustart immer die Meldung des Jpgs im Anhang. Dies kann natürlich auch mit meinem vollgepackten Laptop zu tun haben (noch etwa 16GB frei auf C) aber der Vollständigkeit halber poste ich es mit. Vielen Dank für die Mühe und Hilfe. Katrin |
08.05.2013, 09:32 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Werbetrojaner (?) bei der Google Suche über Firefox Hallo und
__________________Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten! Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
08.05.2013, 19:25 | #3 |
| Werbetrojaner (?) bei der Google Suche über Firefox Hallo,
__________________ich hatte bisher keinerlei Funde seit ich den Laptop besitze (ca. 4 Jahre wenn ichs Recht im Kopf habe). Die Autodesk Software ist eine 30 Tage Testversion, habe ich vor kurzem installiert. Ich arbeite als Architektin und hatte mal was zu Hause ausgetestet. Wird die Tage dann auch wieder gelöscht (müsste demnächst auslaufen). Win Professional ist drauf, da beim Laptop nur dieses "Beim-ersten-starten-brennen-Windows" drauf war. Das war mir nicht recht und da ich über meine Mutter (Lehrerin) kostengünstig an das Professional rangekommen bin hab ich das genommen. War eher zufällig. |
08.05.2013, 22:45 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Werbetrojaner (?) bei der Google Suche über Firefox JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
09.05.2013, 09:02 | #5 |
| Werbetrojaner (?) bei der Google Suche über Firefox Hallo und guten Morgen, habe die Scans erledigt. Anbei die Log-Files. Ich habe gerade bemerkt, dass ich eine DVD und eine SD Karte am Rechner dran bzw. drin hatte. Ich hoffe, das verfälscht nichts. JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Professional x86 Ran by Katrin on 09.05.2013 at 9:26:21,50 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{07ED1707-0F10-4E44-8909-39FDE7B7C160} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\Program Files\icq6toolbar" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Katrin\AppData\Roaming\mozilla\firefox\profiles\5vb97e43.default\conduitcommon Successfully deleted: [Folder] C:\Users\Katrin\AppData\Roaming\mozilla\firefox\profiles\5vb97e43.default\extensions\toolbar@ask.com Successfully deleted the following from C:\Users\Katrin\AppData\Roaming\mozilla\firefox\profiles\5vb97e43.default\prefs.js user_pref("CT2843456..clientLogIsEnabled", false); user_pref("CT2843456..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2843456..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2843456.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); user_pref("CT2843456.AppTrackingLastCheckTime", "Thu Jul 14 2011 00:29:49 GMT+0200"); user_pref("CT2843456.CTID", "CT2843456"); user_pref("CT2843456.CommunitiesChangesLastCheckTime", "0"); user_pref("CT2843456.CurrentServerDate", "22-9-2011"); user_pref("CT2843456.DialogsAlignMode", "LTR"); user_pref("CT2843456.DialogsGetterLastCheckTime", "Tue Sep 20 2011 21:21:05 GMT+0200"); user_pref("CT2843456.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"BannerCulture\":\"\",\"DownloadTime\":\"1/7/2011 10:27:47 PM\",\"SourceId\":0,\ user_pref("CT2843456.EnableClickToSearchBox", false); user_pref("CT2843456.EnableSearchHistory", false); user_pref("CT2843456.EnableSearchSuggest", false); user_pref("CT2843456.FirstServerDate", "7-1-2011"); user_pref("CT2843456.FirstTime", true); user_pref("CT2843456.FirstTimeFF3", true); user_pref("CT2843456.FixPageNotFoundErrors", true); user_pref("CT2843456.GroupingInvalidateCache", false); user_pref("CT2843456.GroupingLastCheckTime", "0"); user_pref("CT2843456.GroupingLastServerUpdateTime", "0"); user_pref("CT2843456.GroupingServerCheckInterval", 1440); user_pref("CT2843456.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); user_pref("CT2843456.HasUserGlobalKeys", true); user_pref("CT2843456.HomePageProtectorEnabled", false); user_pref("CT2843456.Initialize", true); user_pref("CT2843456.InitializeCommonPrefs", true); user_pref("CT2843456.InstallationAndCookieDataSentCount", 3); user_pref("CT2843456.InstalledDate", "Fri Jan 07 2011 20:29:04 GMT+0100"); user_pref("CT2843456.InvalidateCache", false); user_pref("CT2843456.IsAlertDBUpdated", true); user_pref("CT2843456.IsGrouping", false); user_pref("CT2843456.IsMulticommunity", false); user_pref("CT2843456.IsOpenThankYouPage", true); user_pref("CT2843456.IsOpenUninstallPage", true); user_pref("CT2843456.LanguagePackLastCheckTime", "Thu Sep 22 2011 06:28:22 GMT+0200"); user_pref("CT2843456.LanguagePackReloadIntervalMM", 1440); user_pref("CT2843456.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); user_pref("CT2843456.LastLogin_3.2.5.2", "Tue Mar 22 2011 22:39:52 GMT+0100"); user_pref("CT2843456.LastLogin_3.3.3.2", "Wed Jun 22 2011 10:18:43 GMT+0200"); user_pref("CT2843456.LastLogin_3.5.0.12", "Fri Jul 29 2011 05:17:01 GMT+0200"); user_pref("CT2843456.LastLogin_3.6.0.10", "Thu Sep 22 2011 06:28:22 GMT+0200"); user_pref("CT2843456.LatestVersion", "3.6.0.10"); user_pref("CT2843456.Locale", "de-de"); user_pref("CT2843456.MCDetectTooltipHeight", "83"); user_pref("CT2843456.MCDetectTooltipShow", false); user_pref("CT2843456.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2843456.MCDetectTooltipWidth", "295"); user_pref("CT2843456.MyStuffEnabledAtInstallation", true); user_pref("CT2843456.RadioLastCheckTime", "0"); user_pref("CT2843456.RadioLastUpdateIPServer", "0"); user_pref("CT2843456.RadioLastUpdateServer", "0"); user_pref("CT2843456.RadioShrinked", "shrinked"); user_pref("CT2843456.SHRINK_TOOLBAR", 0); user_pref("CT2843456.SearchBackToDefaultEngine", false); user_pref("CT2843456.SearchBoxWidth", 150); user_pref("CT2843456.SearchEngineBeforeUnload", "Bigpoint Games DE Customized Web Search"); user_pref("CT2843456.SearchFromAddressBarIsInit", true); user_pref("CT2843456.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&q="); user_pref("CT2843456.SearchInNewTabEnabled", true); user_pref("CT2843456.SearchInNewTabIntervalMM", 1440); user_pref("CT2843456.SearchInNewTabLastCheckTime", "Thu Sep 22 2011 06:28:22 GMT+0200"); user_pref("CT2843456.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2843456.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT2843456.SearchInNewTabUserEnabled", false); user_pref("CT2843456.SearchProtectorEnabled", true); user_pref("CT2843456.SearchProtectorToolbarDisabled", false); user_pref("CT2843456.ServiceMapLastCheckTime", "Thu Sep 22 2011 06:28:22 GMT+0200"); user_pref("CT2843456.SettingsLastCheckTime", "Thu Sep 22 2011 06:28:21 GMT+0200"); user_pref("CT2843456.SettingsLastUpdate", "1311168832"); user_pref("CT2843456.ThirdPartyComponentsInterval", 504); user_pref("CT2843456.ThirdPartyComponentsLastCheck", "Sat Sep 03 2011 10:30:26 GMT+0200"); user_pref("CT2843456.ThirdPartyComponentsLastUpdate", "1255348257"); user_pref("CT2843456.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2843456"); user_pref("CT2843456.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com user_pref("CT2843456.UserID", "UN20745085325844026"); user_pref("CT2843456.ValidationData_Search", 2); user_pref("CT2843456.ValidationData_Toolbar", 2); user_pref("CT2843456.alertChannelId", "1235508"); user_pref("CT2843456.backendstorage.bigpoint.alertsent", "66616C7365"); user_pref("CT2843456.components.129343781516544078", true); user_pref("CT2843456.components.129363610551587824", false); user_pref("CT2843456.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP user_pref("CT2843456.globalFirstTimeInfoLastCheckTime", "Thu Sep 22 2011 06:28:22 GMT+0200"); user_pref("CT2843456.homepageProtectorEnableByLogin", true); user_pref("CT2843456.initDone", true); user_pref("CT2843456.isAppTrackingManagerOn", true); user_pref("CT2843456.myStuffEnabled", true); user_pref("CT2843456.myStuffPublihserMinWidth", 400); user_pref("CT2843456.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT2843456.myStuffServiceIntervalMM", 1440); user_pref("CT2843456.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT2843456.oldAppsList", "129343781516075326,129343781516387827,111,129343781516544078,129363610551587824,129408511414388383,1000034,1000080,1000082,1000234,1000515, user_pref("CT2843456.searchProtectorDialogDelayInSec", 10); user_pref("CT2843456.searchProtectorEnableByLogin", true); user_pref("CT2843456.testingCtid", ""); user_pref("CT2843456.toolbarAppMetaDataLastCheckTime", "Thu Sep 22 2011 06:28:22 GMT+0200"); user_pref("CT2843456.toolbarContextMenuLastCheckTime", "Wed Sep 14 2011 22:40:33 GMT+0200"); user_pref("CT2843456.usageEnabled", false); user_pref("CT2843456.usagesFlag", 2); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1235508/1231181/DE", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2843456", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de-de", "oIwsta2spzadhjRgiY1Nhw=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de-de", "WiZSpHJzJ/uTUKvfHHyj/w=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de-de", "9H/gICSaMqbmx+Gd+8W4Sg=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de-de", "eJfMrdrGnhGHiiPiYjgAww=="); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2843456", "\"634515122457000000\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\""); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634293235860000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634335443890000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2843456&octid=CT2843456", "\"1311168832\""); user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2843456/CT2843456", "\"1311168832\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"634515953213470000\""); user_pref("CommunityToolbar.EngineHiddenByUser", false); user_pref("CommunityToolbar.EngineOwner", ""); user_pref("CommunityToolbar.EngineOwnerGuid", "{0e3dbc69-a682-48da-84e1-82c63a5d678e}"); user_pref("CommunityToolbar.EngineOwnerToolbarId", "bigpoint_games_de"); user_pref("CommunityToolbar.IsEngineShown", true); user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Katrin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5vb97e43.default\\conduitCommon\\modules\\3.6.0.10"); user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10"); user_pref("CommunityToolbar.OriginalEngineOwner", "CT2843456"); user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{0e3dbc69-a682-48da-84e1-82c63a5d678e}"); user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bigpoint_games_de"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); user_pref("CommunityToolbar.ToolbarsList", "CT2843456"); user_pref("CommunityToolbar.ToolbarsList2", "CT2843456"); user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 23 2011 06:16:29 GMT+0100"); user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 12:04:00 GMT+0200"); user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); user_pref("CommunityToolbar.alert.locale", "en"); user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 19:12:28 GMT+0200"); user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); user_pref("CommunityToolbar.alert.showTrayIcon", false); user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); user_pref("CommunityToolbar.alert.userId", "3cbb9fa6-4a18-4638-bd9d-7e6c3ef712fd"); user_pref("CommunityToolbar.globalUserId", "f30029b6-2752-4038-80bb-5059f6428872"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.killedEngine", true); user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Sep 15 2011 20:14:22 GMT+0200"); user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Sep 22 2011 06:28:30 GMT+0200"); user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); user_pref("CommunityToolbar.notifications.locale", "en"); user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Sep 22 2011 06:28:22 GMT+0200"); user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); user_pref("CommunityToolbar.notifications.showTrayIcon", false); user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); user_pref("CommunityToolbar.notifications.userId", "eb737dc2-db62-4c94-8e45-d9782936c2e3"); user_pref("CommunityToolbar.undefined", ""); user_pref("browser.search.defaultengine", "Ask.com"); user_pref("browser.search.defaultenginename", "Ask.com"); user_pref("browser.search.defaultthis.engineName", "Bigpoint Games DE Customized Web Search"); user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="); user_pref("browser.search.order.1", "Ask.com"); user_pref("browser.search.selectedEngine", "Ask.com"); user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="); user_pref("extensions.engine@conduit.com.install-event-fired", true); user_pref("extensions.toolbar@ask.com.install-event-fired", true); Emptied folder: C:\Users\Katrin\AppData\Roaming\mozilla\firefox\profiles\5vb97e43.default\minidumps [175 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09.05.2013 at 9:28:12,95 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.300 - Datei am 09/05/2013 um 09:36:19 erstellt # Aktualisiert am 28/04/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : Katrin - KATRIN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Katrin\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\5vb97e43.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi Datei Gelöscht : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\5vb97e43.default\foxydeal.sqlite Datei Gelöscht : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\5vb97e43.default\searchplugins\icqplugin.xml Ordner Gelöscht : C:\Program Files\Ask.com Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\Users\Katrin\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\5vb97e43.default\Conduit Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKLM\Software\APN Schlüssel Gelöscht : HKLM\Software\AskToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v20.0.1 (de) Datei : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\5vb97e43.default\prefs.js Gelöscht : user_pref("CT2843456.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...] Gelöscht : user_pref("CT2843456.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1235508/1231181/DE", "\"0\"[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2843456", [...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2843456",[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2843456&octid=[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2843456/CT2843456[...] Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...] Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Katrin\\AppData\\Roaming\\Mozilla\\[...] Gelöscht : user_pref("extentions.y2layers.installId", "acbf0aa5-2cfc-4f14-8d32-896e42d0616a"); Gelöscht : user_pref("icqtoolbar.allowSendURL", false); Gelöscht : user_pref("icqtoolbar.defSearchChange", true); Gelöscht : user_pref("icqtoolbar.displayHistory", false); Gelöscht : user_pref("icqtoolbar.engineVerified", false); Gelöscht : user_pref("icqtoolbar.geolastmodified", 1320783289); Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_def[...] Gelöscht : user_pref("icqtoolbar.hpChange", true); Gelöscht : user_pref("icqtoolbar.icqgeo", 49); Gelöscht : user_pref("icqtoolbar.installTime", "1320690803"); Gelöscht : user_pref("icqtoolbar.newtab_state", "1"); Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0); Gelöscht : user_pref("icqtoolbar.previousFFVersion", "8.0"); Gelöscht : user_pref("icqtoolbar.searchOnDrop", false); Gelöscht : user_pref("icqtoolbar.showAds", false); Gelöscht : user_pref("icqtoolbar.showVoucher", false); Gelöscht : user_pref("icqtoolbar.shownElements", ""); Gelöscht : user_pref("icqtoolbar.skip_default_search", "no"); Gelöscht : user_pref("icqtoolbar.suggestions", false); Gelöscht : user_pref("icqtoolbar.uniqueID", "131763459113176347111317752663127"); Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1320782776); Gelöscht : user_pref("icqtoolbar.userHpApproved", true); Gelöscht : user_pref("icqtoolbar.version", "1.3.6"); Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0); Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0); Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0); Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0); Gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false); Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false); Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de"); ************************* AdwCleaner[S1].txt - [12809 octets] - [09/05/2013 09:36:19] ########## EOF - C:\AdwCleaner[S1].txt - [12870 octets] ########## Code:
ATTFilter OTL logfile created on: 09.05.2013 09:42:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katrin\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,26% Memory free 5,99 Gb Paging File | 4,04 Gb Available in Paging File | 67,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 15,61 Gb Free Space | 16,00% Space Free | Partition Type: NTFS Drive D: | 368,11 Gb Total Space | 163,82 Gb Free Space | 44,50% Space Free | Partition Type: NTFS Drive E: | 5,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive M: | 3,69 Gb Total Space | 2,18 Gb Free Space | 59,22% Space Free | Partition Type: FAT32 Computer Name: KATRIN-PC | User Name: Katrin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Katrin\Downloads\OTL(1).exe (OldTimer Tools) PRC - C:\Programme\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - D:\Spiele\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Users\Katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\Katrin\AppData\Roaming\ICQM\icq.exe (ICQ) PRC - C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) PRC - C:\Users\Katrin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft Inc.) PRC - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe ( ) PRC - C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) PRC - C:\Programme\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) PRC - C:\Programme\AAVUpdateManager\aavus.exe () PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Lexmark X1100 Series\LXBKbmgr.exe (Lexmark International, Inc.) PRC - C:\Programme\Lexmark X1100 Series\LXBKbmon.exe (Lexmark International, Inc.) PRC - C:\Windows\System32\lxbkcoms.exe ( ) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\System32\lxsupmon.exe (Lexmark) ========== Modules (No Company Name) ========== MOD - D:\Spiele\Steam\bin\chromehtml.dll () MOD - D:\Spiele\Steam\SDL2.dll () MOD - D:\Spiele\Steam\bin\libcef.dll () MOD - C:\Users\Katrin\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll () MOD - C:\Users\Katrin\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Programme\Autodesk\Autodesk Sync\qca_Ad_2.dll () MOD - C:\Programme\Autodesk\Autodesk Sync\QJson.dll () MOD - C:\Programme\Autodesk\Autodesk Sync\qoauth_Ad_1.dll () MOD - C:\Programme\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - D:\Spiele\Steam\bin\avcodec-53.dll () MOD - D:\Spiele\Steam\bin\avformat-53.dll () MOD - D:\Spiele\Steam\bin\avutil-51.dll () MOD - C:\Users\Katrin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RBScript.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\XML.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CGamma.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Shell.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\CSensor.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSRegistrationPlugin16724.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\MBSPluginVersionPlugin16724.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\RegEx.dll () MOD - C:\Programme\Datacolor\Spyder4Pro\Utility\SpyderUtility Libs\Appearance Pak.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\VistaVol.dll () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software LLC) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ca0e279.dll () SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (ADExchange) -- C:\Programme\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft Inc.) SRV - (Autodesk Content Service) -- C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (IGBASVC) -- C:\Programme\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.) SRV - (AAV UpdateService) -- C:\Programme\AAVUpdateManager\aavus.exe () SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Autodesk Network Licensing Service) -- C:\Programme\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.) SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( ) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PalmUSBD) -- system32\drivers\PalmUSBD.sys File not found DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (Spyder4) -- C:\Windows\System32\drivers\dccmtr.sys (Datacolor) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.) DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (a016obex) -- C:\Windows\System32\drivers\a016obex.sys (MCCI Corporation) DRV - (a016mdm) -- C:\Windows\System32\drivers\a016mdm.sys (MCCI Corporation) DRV - (a016mgmt) -- C:\Windows\System32\drivers\a016mgmt.sys (MCCI Corporation) DRV - (a016mdfl) -- C:\Windows\System32\drivers\a016mdfl.sys (MCCI Corporation) DRV - (a016bus) -- C:\Windows\System32\drivers\a016bus.sys (MCCI Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (SaiU04E5) -- C:\Windows\System32\drivers\SaiU04E5.sys (Saitek) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 1F 5F F9 10 8A CD 01 [binary data] IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Katrin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 19:35:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 19:35:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 19:35:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 19:35:23 | 000,000,000 | ---D | M] [2010.08.14 21:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Extensions [2013.05.09 09:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\5vb97e43.default\extensions [2013.04.16 22:48:17 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\5vb97e43.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2012.08.27 22:47:59 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\firefox\profiles\5vb97e43.default\extensions\exif_viewer@mozilla.doslash.org.xpi [2013.05.08 20:23:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\firefox\profiles\5vb97e43.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.12 19:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 19:35:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 19:35:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.01 21:38:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 06:27:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.01 21:38:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.01 21:38:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.01 21:38:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.01 21:38:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [LXSUPMON] C:\Windows\System32\LXSUPMON.EXE (Lexmark) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000..\Run: [Akamai NetSession Interface] C:\Users\Katrin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000..\Run: [ICQ] C:\Users\Katrin\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000..\Run: [Steam] D:\Spiele\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1357266564-1700977391-3456179355-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Katrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A2A94A4-1A54-4005-8E7C-7B87CBD276CA}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E13008B-5EF2-4B4C-AB1B-9F34FC01C7D9}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57B92968-878E-4F92-A398-951B78A12D32}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.04.22 23:17:14 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4ec2a10c-8602-11e1-90aa-00a0d1ae33ba}\Shell - "" = AutoRun O33 - MountPoints2\{4ec2a10c-8602-11e1-90aa-00a0d1ae33ba}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\Start.hta O33 - MountPoints2\{85c27e4b-c710-11df-983a-00a0d1ae33ba}\Shell - "" = AutoRun O33 - MountPoints2\{85c27e4b-c710-11df-983a-00a0d1ae33ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.09 09:41:55 | 000,000,000 | ---D | C] -- C:\Users\Katrin\Desktop\erledigt [2013.05.09 09:26:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.09 09:25:55 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.24 20:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.24 20:06:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.04.24 20:06:05 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.04.24 20:06:05 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.22 23:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO [2013.04.22 22:51:09 | 000,000,000 | ---D | C] -- C:\Users\Katrin\Documents\Autodesk [2013.04.22 22:47:48 | 000,000,000 | ---D | C] -- C:\Users\Katrin\Documents\Inventor Server SDK ACA 2014 [2013.04.22 21:09:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk [2013.04.12 19:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.11 20:05:52 | 000,000,000 | R--D | C] -- C:\Users\Katrin\Dropbox [2013.04.11 20:04:07 | 000,000,000 | ---D | C] -- C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.04.11 20:01:04 | 000,000,000 | ---D | C] -- C:\Users\Katrin\AppData\Roaming\Dropbox [2013.04.10 23:03:01 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 23:03:00 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 23:03:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.10 23:03:00 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 23:02:59 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 23:02:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 23:02:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.10 23:02:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.04.10 23:02:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.10 23:02:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.10 20:53:13 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 20:53:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 20:53:06 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 20:53:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 20:52:58 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.10 20:52:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.09 22:42:19 | 000,000,000 | ---D | C] -- C:\Users\Katrin\4.0 [2013.04.09 22:42:18 | 000,000,000 | ---D | C] -- C:\Users\Katrin\.tfo4 ========== Files - Modified Within 30 Days ========== [2013.05.09 09:45:47 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 09:45:47 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.09 09:38:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.09 09:37:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.09 09:37:50 | 2413,531,136 | -HS- | M] () -- C:\hiberfil.sys [2013.05.08 22:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.08 22:38:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.08 06:51:50 | 000,034,641 | ---- | M] () -- C:\Users\Katrin\Desktop\server.jpg [2013.05.07 23:39:31 | 000,000,176 | ---- | M] () -- C:\Users\Katrin\defogger_reenable [2013.05.05 10:48:27 | 000,698,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.05 10:48:27 | 000,652,934 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.05 10:48:27 | 000,149,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.05 10:48:27 | 000,121,866 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.04.26 19:18:14 | 000,016,088 | ---- | M] () -- C:\Users\Katrin\Desktop\Hochzeitskosten.ods [2013.04.23 06:24:48 | 000,380,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.22 23:17:22 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk [2013.04.22 23:04:54 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 360.lnk [2013.04.22 22:52:09 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2014 (D A CH) - Deutsch (German).lnk [2013.04.18 06:52:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.18 06:52:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.14 19:07:20 | 000,107,125 | ---- | M] () -- C:\Users\Katrin\Desktop\tische.jpg [2013.04.13 11:19:28 | 000,010,060 | ---- | M] () -- C:\Users\Katrin\Desktop\tage.odt [2013.04.11 20:05:52 | 000,001,041 | ---- | M] () -- C:\Users\Katrin\Desktop\Dropbox.lnk [2013.04.11 20:04:26 | 000,001,051 | ---- | M] () -- C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.05.08 06:51:50 | 000,034,641 | ---- | C] () -- C:\Users\Katrin\Desktop\server.jpg [2013.05.07 23:39:09 | 000,000,176 | ---- | C] () -- C:\Users\Katrin\defogger_reenable [2013.04.22 23:17:22 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk [2013.04.22 23:04:54 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 360.lnk [2013.04.22 22:52:09 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2014 (D A CH) - Deutsch (German).lnk [2013.04.14 19:07:20 | 000,107,125 | ---- | C] () -- C:\Users\Katrin\Desktop\tische.jpg [2013.04.11 20:05:52 | 000,001,041 | ---- | C] () -- C:\Users\Katrin\Desktop\Dropbox.lnk [2013.04.11 20:04:26 | 000,001,051 | ---- | C] () -- C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.09 16:52:54 | 000,000,846 | ---- | C] () -- C:\Users\Katrin\.recently-used.xbel [2012.06.24 21:40:52 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.11.22 07:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI [2011.09.20 19:50:02 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2011.08.02 13:51:10 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2011.07.06 16:15:25 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.06.30 11:58:27 | 000,007,601 | ---- | C] () -- C:\Users\Katrin\AppData\Local\Resmon.ResmonCfg [2011.05.29 17:00:59 | 000,000,093 | ---- | C] () -- C:\Windows\Lexstat.ini [2011.05.29 17:00:08 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll [2011.05.29 17:00:08 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll [2011.05.29 17:00:08 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll [2011.05.29 17:00:07 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll [2011.05.29 17:00:07 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll [2011.05.29 17:00:07 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll [2011.05.29 17:00:07 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll [2011.05.29 17:00:07 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll [2011.05.29 17:00:07 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll [2011.05.29 17:00:07 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe [2011.05.29 17:00:07 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll [2011.05.29 17:00:07 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll [2011.05.29 17:00:07 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll [2011.05.29 17:00:07 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe [2011.05.29 17:00:07 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe [2011.05.29 17:00:07 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll [2011.05.29 17:00:07 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll [2011.05.26 06:36:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.10.04 09:16:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.05.2013 09:42:56 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katrin\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,26% Memory free 5,99 Gb Paging File | 4,04 Gb Available in Paging File | 67,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 15,61 Gb Free Space | 16,00% Space Free | Partition Type: NTFS Drive D: | 368,11 Gb Total Space | 163,82 Gb Free Space | 44,50% Space Free | Partition Type: NTFS Drive E: | 5,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive M: | 3,69 Gb Total Space | 2,18 Gb Free Space | 59,22% Space Free | Partition Type: FAT32 Computer Name: KATRIN-PC | User Name: Katrin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1357266564-1700977391-3456179355-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02E00A9B-1289-4294-A51D-8DA7DD9F0738}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{03BED015-43DD-4414-A85A-79F587E8FE3E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0CE3E836-A4E6-4550-AFB7-AD5D636F8E3B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{175C9648-D8DC-4D7B-B23B-74DE1847E1CC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{1F900EC1-023D-4988-80E9-3E13EC305908}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{22CD67FC-BA93-4DFA-BD9A-0988AFEAE2DD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{24E4612D-390C-4424-8B06-C6F3DE5CE048}" = lport=137 | protocol=17 | dir=in | app=system | "{378FB7FC-7377-44AE-BDF3-014319C9441C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3A2740A8-03ED-4D68-B12C-2ABCD3EF8D8E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{519E5E49-DC51-452D-B63D-AEAB86136C56}" = rport=137 | protocol=17 | dir=out | app=system | "{557E45E6-D0FC-46F0-BAD8-D76C24A13B06}" = lport=138 | protocol=17 | dir=in | app=system | "{55858CC0-7EB2-4FF4-BE2A-FB213883D150}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | "{66B35406-4B92-4766-8ABB-537943DF59F1}" = lport=445 | protocol=6 | dir=in | app=system | "{6A4901C7-054A-43BC-8DF0-62E818052145}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6BF2DA56-96D5-4AC0-BBE8-66641A929D58}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{739E4F0C-BD32-4908-994D-B204C7CEACDF}" = rport=138 | protocol=17 | dir=out | app=system | "{74C2E770-65C8-46F8-9E24-BCBA9F063710}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7736324C-FB7B-4CD7-AE27-FFB4F19981BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8D53A542-4B69-4BCE-B245-16A066B5BF46}" = rport=139 | protocol=6 | dir=out | app=system | "{8FFC5082-A8EE-43BC-A96B-CD8F97449A16}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9C1EC5B9-C41D-4E37-9BBD-39695EDE673A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{AA19A9E8-E530-426B-8E72-2FF2B586C4EB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF3F719C-AA7D-4585-9C05-3CA5E6020175}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B3581DC0-1959-4912-BDC3-14490B982EF7}" = lport=10243 | protocol=6 | dir=in | app=system | "{B7CA2F52-A477-4160-936C-A2B442DD03A8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CDEE3E52-5FC3-46FE-8D36-BB675F9B3E44}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{D831D829-DC5E-4910-8219-3ABF62CEEC66}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D8CB75BA-5AB7-41D8-A897-E9D75AF1FA03}" = rport=445 | protocol=6 | dir=out | app=system | "{D951C576-C206-4BB5-AEBF-723962BAF856}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{E1B69C71-5E7B-4D0C-880C-E17E58679F36}" = rport=10243 | protocol=6 | dir=out | app=system | "{E206D8EC-C59F-4C46-A396-39B8D139E6D9}" = lport=139 | protocol=6 | dir=in | app=system | "{E7A22F05-0493-4E05-AEC4-2C6970C654EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E84EC82B-D15F-4BF5-B81B-72389115ECAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F0B8B03A-9077-4B71-AA2E-4A0234748C4F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF8B754E-E9C8-41FB-8B29-5E85B376093F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FFF5A7D7-27A7-4C61-A94F-FB3024C1B260}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03CC00C4-0695-4BD9-B366-DEB339A45B9A}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{043A0CFB-7DBF-4BCC-A048-A55F8E70DA52}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | "{0C60D25C-1E33-4D9D-B509-FF0A288C8363}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0E81B6F2-3B87-4E57-BEAA-A72396083F39}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\torchlight\torchlight.exe | "{0FC671FD-C4BE-4389-8ABD-6960A8A33AFC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{1C5DE5B6-BDC6-4455-B4B7-861F26463676}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{1C815748-877C-439B-B112-9DD2B7DEEEA9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{1E25A0FA-1A99-4FB6-927D-51B3B9D531D4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{249A030D-97DE-471F-9DCA-D8395C94D6B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{27E6E10E-D3BA-4F47-ACC2-469E09F2030C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{285FF534-B35D-4AB9-A257-CB2E1E4F8099}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{2BEEA9CC-E52A-4C72-BA8B-A6B02029CC75}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{2E26F134-AD08-4E0F-A7C4-7CB0E0535B62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3B7DACD8-4FA5-4208-9289-E79E28BB755B}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\torchlight ii\torchlight2.exe | "{3DD03E5F-5604-4167-8DFD-C632488575B2}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{45177F7B-7B3A-4902-B157-013B6CF7A0D5}" = protocol=17 | dir=in | app=c:\users\katrin\appdata\local\akamai\netsession_win.exe | "{47D7738C-FDBD-400F-B377-8C531ED9C3EF}" = protocol=17 | dir=in | app=d:\spiele\heroes6\might & magic heroes vi.exe | "{48DA3FFB-2637-49FB-8B4A-501DF8A790FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{4C547133-7DD5-404B-AD8B-754CC4FFD4AB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{4CC946FC-62F3-4C3D-92A7-7CE0B4EC0486}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4D066940-8AFE-4080-9C98-FA6F81FA7E4D}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{51592529-E52C-419B-A43E-26BDD39E4764}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | "{563201D2-F6FF-4F41-9FB2-26364DDF2E7E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{5B7F4C50-7FAB-450A-A6EC-A228A653A74E}" = protocol=6 | dir=in | app=c:\users\katrin\appdata\local\akamai\netsession_win.exe | "{5E7EF097-2051-4394-9C8B-779132E46AE6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5E99D301-90D0-4DFC-AE64-460C6B63153A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "{5FD413E2-729D-44EA-BBB3-B5E93BFCFBF7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{60174EA9-F25A-4FFE-B8A1-C0489A5776B8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{6087FC8C-CD1A-4E4D-8D80-0CBB4147C462}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "{65FA9DFD-2BB2-46C2-BA23-D3993E02B974}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{6F33BBC3-AB20-47A7-9149-441A24073DEF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | "{744C311E-7989-4A9D-8042-8191962C0BCC}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{7CF86EAF-04BD-4FAD-B99E-52E7C6E667BB}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\torchlight\torchlight.exe | "{7D876350-9824-4312-9C43-9D86A0B6F71A}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | "{7F29FA09-4BA3-446A-9F8C-5373BF07DB0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{821F660A-00E4-4D54-A6C0-8F1BDECBA96D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{87249A82-DB5B-41A6-8583-AE9D2656D1DD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{8C157D4D-41A8-4E34-9FAE-8F79662FC33A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8C983312-72FA-4517-A4E0-2709F737CA78}" = protocol=6 | dir=in | app=d:\spiele\two worlds ii\twoworlds2.exe | "{8F7CFBDD-86BA-4B48-A241-258986E6000B}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{9058FA69-5F1D-4E69-8941-41DEB661E89A}" = protocol=6 | dir=in | app=d:\spiele\warhammer\chaos\warhammer.exe | "{95EF8F80-ADF8-48A6-AE77-A1569E7DD041}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97074050-088C-4702-A474-23ACD5B2E745}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9997F82A-1B9E-4606-BD54-AFF4A28F245E}" = protocol=6 | dir=out | app=system | "{A584E55C-E337-4C98-9A87-E14991BF4ED4}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | "{A62F5C5D-E937-49FE-BC35-0F8CCE1F950F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{A6C50C83-6ED7-46EA-8678-B79EEAC63882}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{A8571DEA-326C-4F7E-BF5F-F06E4CA2D674}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{A9ECFCE0-FE8C-4DE5-B1FC-A497505EEBBC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{ABE86152-E27E-4A19-B2B4-922334C9F7D7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{ADD84C17-120D-41D3-A366-787260E6760E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{B0800081-FAB1-4030-8E65-7CF130AF049B}" = protocol=6 | dir=in | app=d:\spiele\heroes6\might & magic heroes vi.exe | "{BDC153BB-F355-47BA-9ED7-163A2269E5AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BF787F58-A803-43DA-A4E6-ED168BF513BA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BFE33FBA-4183-4E14-BD27-3DD6669EAB95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C154981F-519B-4341-B590-DE0DA72B99AF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe | "{C4F20991-274D-4A35-A202-E3FA54B95480}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbkpswx.exe | "{C5910CAD-0FBB-45D3-AF5B-7465D9CD728A}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | "{C8F72A0B-43AD-43B9-AC8A-EB77C24E8DEE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C9265749-CBBC-43AE-B9E3-DA972C5E821D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CEBAA838-4A82-4CFB-8100-52ADBF0B867C}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe | "{D0873920-207B-4108-8B3D-73BED91285C8}" = protocol=6 | dir=in | app=c:\users\katrin\appdata\roaming\icqm\icq.exe | "{D0CE0C17-BC20-4A78-82B8-B1BB3BC06EA7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D1D16721-A9D9-4960-933B-76F6AA34E5BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D48263B1-8537-4F2A-B99C-F298936026E6}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | "{DA598059-F597-4FE5-AD6E-77130C39EFE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DAC336DE-9AE6-4901-B623-459A4E44A360}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{DBB97C59-88A3-4292-A4A8-41DEE797469F}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\torchlight ii\torchlight2.exe | "{DCE5208F-3086-4987-9687-B639FD11F903}" = protocol=17 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe | "{DDBC5293-B594-415E-BD26-8251AF1EDC96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DF4C0356-2AF2-4EB1-99D4-132BA60BE358}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E2E45E86-B4A4-4866-B5D8-D29D6EFF2496}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | "{E9F7449F-995F-4999-9185-CE42533362AA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{EBB8D226-E8D7-4CD4-BB0D-8C1DAD36FE15}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EFF59531-BBE3-4520-94E5-D12FF5D46419}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | "{F343FCB9-940B-462F-BB62-6CE73EE96FA5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{F76D7F92-5815-4ACF-AC5A-DFF7CDFAC688}" = protocol=17 | dir=in | app=d:\spiele\warhammer\chaos\warhammer.exe | "{F8FDBF08-0318-498D-974B-83F0E5AF408A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F91D7A35-5F21-485C-B6BB-C8D39B8877D6}" = protocol=17 | dir=in | app=c:\users\katrin\appdata\roaming\icqm\icq.exe | "{F92C7967-11E9-4D3E-8213-174C1F1BC150}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\common\skyrim\skyrimlauncher.exe | "{F9F93BBA-B6DB-4D6F-9B22-61BEAD942F6B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{FD363874-8487-4D65-AA58-E47CD7A35C94}" = protocol=17 | dir=in | app=d:\spiele\two worlds ii\twoworlds2.exe | "{FE70799B-13D2-47B4-9A24-E267099DD8C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FEB62EF0-88DB-4DEF-876E-F7595BF7FB36}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "TCP Query User{A28E8CB8-360E-4664-96EC-F7312011B228}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{D748F74A-BEF8-4432-8619-ACC18FBE4876}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "TCP Query User{FDDCFDF3-5A5A-4537-9EE9-7CC6824A713F}C:\program files\palmone\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palmone\hotsync.exe | "UDP Query User{05FC1350-375F-434F-946D-0A6FAF0F09EE}C:\program files\palmone\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palmone\hotsync.exe | "UDP Query User{5027B8D8-85A4-4496-8FF6-0EE9B4B3360B}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{C0823F5D-EC11-4730-9DFE-FB5BC2065DD5}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729 "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013 "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729 "{166FCF01-AC98-4288-A01C-90BEB808C059}" = Sony RAW Driver "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM "{1CC7263A-9A5E-4EFB-9BB8-67642D10FA7C}" = Steuer-Sparer 2012 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{31ABA3F2-0000-1033-0002-111D43815377}" = Autodesk ReCap "{31ABA3F2-0010-1033-0002-111D43815377}" = Autodesk ReCap Language Pack-English "{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AF99FCA-1D0C-4D5A-9BFE-0D4376A52B23}" = Autodesk Revit Architecture 2011 "{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729 "{4C642BF2-C083-4C00-B832-48BA1CBB08D8}" = SONIC MEGA COLLECTION PLUS "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter "{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014 "{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360 "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5783F2D7-D004-0000-0002-0060B0CE6BBA}" = AutoCAD Architecture 2014 - Deutsch (German) "{5783F2D7-D004-0407-1002-0060B0CE6BBA}" = AutoCAD Architecture 2014 Language Pack - Deutsch "{5783F2D7-D004-0407-2002-0060B0CE6BBA}" = AutoCAD Architecture 2014 - Deutsch (German) "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013 "{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service "{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack "{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014 "{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014 "{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate "{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81bb308b-5686-4d22-a770-ff0cb5e9ab69}" = Nero 9 "{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion Plugin for AutoCAD 2013 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A7D0970-C0A4-4B56-94D4-E3A175AB45BB}" = ArcSoft Panorama Maker 6 "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8F196892-666A-4A40-8587-6AE38F78A5C2}" = FARO LS 1.1.501.0 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer "{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011 "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center "{A024B9E5-7702-4556-A7BF-A04BFF2DE5D8}" = Might & Magic Heroes VI - Game Official Demo "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 3.0.6.3 "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{ABC91C39-266D-4042-828E-4386E0F25218}" = Warhammer® Mark of Chaos™ - Battle March™ GOLD "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit "{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager "{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help "{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision "{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software "{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA6F726E-AA8D-492A-B18A-A5945C337FCE}" = Adobe Photoshop Lightroom 4.4 "{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFF5619F-2013-0032-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Akamai" = Akamai NetSession Interface Service "AutoCAD Architecture 2014 - Deutsch (German)" = Autodesk AutoCAD Architecture 2014 - Deutsch (German) "Autodesk Content Service" = Autodesk Content Service "Autodesk Design Review 2011" = Autodesk Design Review 2011 "Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013 "Autodesk Inventor Fusion Plugin for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013 "Autodesk ReCap" = Autodesk ReCap "Autodesk Revit Architecture 2011" = Autodesk Revit Architecture 2011 "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "Heroes of Might and Magic II Gold" = Heroes(TM) II Gold "InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection "Lexmark X1100 Series" = Lexmark X1100 Series "LManager" = Launch Manager "MFO_is1" = MFO 1.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2 "PhotoScape" = PhotoScape "Spyder4Pro" = Spyder4Pro "Steam App 200710" = Torchlight II "Steam App 201060" = DUNGEONS - The Dark Lord (Steam Special Edition) Demo "Steam App 203970" = Kingdoms of Amalur: Reckoning Demo "Steam App 41500" = Torchlight "Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012 "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™ "Steam App 72850" = The Elder Scrolls V: Skyrim "SynTPDeinstKey" = Synaptics Pointing Device Driver "Two Worlds II" = Two Worlds II "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 1.1.8 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1357266564-1700977391-3456179355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox "ICQ" = ICQ 8.0 (build 6007, für aktuellen Benutzer) "NCsoft-AionEU" = Aion "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 < End of report > Geändert von Ocarina (09.05.2013 um 09:10 Uhr) |
09.05.2013, 17:33 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Werbetrojaner (?) bei der Google Suche über FirefoxFixen mit OTL
Code:
ATTFilter :OTL IE - HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - user.js - File not found :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ --> Werbetrojaner (?) bei der Google Suche über Firefox |
10.05.2013, 14:39 | #7 |
| Werbetrojaner (?) bei der Google Suche über Firefox Hallo und einen schönen Freitag nachmittag, ich habe das Fixen mit OTL durchgeführt, hier das Ergebnis Code:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-1357266564-1700977391-3456179355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Katrin\Downloads\cmd.bat deleted successfully. C:\Users\Katrin\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Katrin ->Temp folder emptied: 459931049 bytes ->Temporary Internet Files folder emptied: 170209445 bytes ->Java cache emptied: 18426656 bytes ->FireFox cache emptied: 205731913 bytes ->Flash cache emptied: 68567 bytes User: Public User: UpdatusUser User: UpdatusUser.Katrin-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9087706 bytes RecycleBin emptied: 10425955391 bytes Total Files Cleaned = 10.767,00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! OTL by OldTimer - Version 3.2.69.0 log created on 05102013_151354 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
10.05.2013, 19:28 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Werbetrojaner (?) bei der Google Suche über Firefox Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
11.05.2013, 12:59 | #9 |
| Werbetrojaner (?) bei der Google Suche über Firefox Soooo, da bin ich wieder. Malwarebytes hat 4 Funde entdeckt. Was "Yontoo" ist weiß ich nicht, File Nr. 2 und 3 habe ich m.E. über chip.de irgendwann mal downgeloaded aber File Nr. 4 verwirrt mich. Ich habe Aion nur über den Client genutzt und aktualisiert. Warum da was angezeigt wurde ist mir unklar. Wie dem auch sei, ich habe die 4 Dateien entfernt. Hier der Log Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.10.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 Katrin :: KATRIN-PC [Administrator] 10.05.2013 21:41:35 MBAM-log-2013-05-11 (08-44-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 518544 Laufzeit: 1 Stunde(n), 49 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Program Files\Yontoo Layers\YontooIEClient.dll (Adware.Yontoo) -> Keine Aktion durchgeführt. C:\Users\Katrin\Downloads\agsetup183se.exe (PUP.FunMoods) -> Keine Aktion durchgeführt. C:\Users\Katrin\Downloads\SoftonicDownloader_fuer_photoscape.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. D:\Spiele\Aion\bin32\game.dll (Malware.Packer.T) -> Keine Aktion durchgeführt. (Ende) Log ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=b98056fa032d8d4cb756165bb2f2bbc7 # engine=13803 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-11 11:04:20 # local_time=2013-05-11 01:04:20 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 100 77632 114040744 71655 0 # compatibility_mode=5893 16776573 100 94 15330 119901451 0 0 # scanned=314638 # found=0 # cleaned=0 # scan_time=14721 |
12.05.2013, 20:28 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Werbetrojaner (?) bei der Google Suche über Firefox Hm, da ist noch Adwaremüll drin, lass und den mal aufspüren: Scan mit SystemLook (x86) Lade SystemLook von jpshortstuff herunter, speichere das Tool auf dem Desktop => Download SystemLook (32 bit)
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2013, 21:34 | #11 |
| Werbetrojaner (?) bei der Google Suche über Firefox Sofort erledigt. Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 22:04 on 12/05/2013 by Katrin Administrator - Elevation successful ========== filefind ========== Searching for "*conduit*" C:\Program Files\Autodesk\Revit Architecture 2011\Program\Setup\de-DE\SetupRes\RevitMEP\Infotainment\Images\TME Conduit-CableTray 810x618.bmp --a---- 1503030 bytes [11:16 25/03/2010] [11:16 25/03/2010] 983C6FE792C82695BA3168DCF7EEEEC8 C:\Users\Katrin\AppData\Roaming\Autodesk\ACA 2014\deu\Properties\Autodesk.Aec.Building.Elec.DatabaseServices.Conduit.xml --a---- 9587 bytes [15:46 11/03/2013] [15:46 11/03/2013] 9C42BE70DBD6F3431752D95A4A21C961 C:\Users\Katrin\AppData\Roaming\Autodesk\ACA 2014\deu\Properties\Autodesk.Aec.Building.Elec.DatabaseServices.ConduitFitting.xml --a---- 7200 bytes [15:46 11/03/2013] [15:46 11/03/2013] D6F450E608A3CA0EC5260AB7E2703344 C:\Users\Katrin\AppData\Roaming\Autodesk\ACA 2014\deu\Properties\Autodesk.Aec.Building.Elec.DatabaseServices.ConduitFittingStyle.xml --a---- 3823 bytes [15:46 11/03/2013] [15:46 11/03/2013] 1BA52BD1DE70B0E347527CC460C373B6 C:\Users\Katrin\AppData\Roaming\Autodesk\ACA 2014\deu\Properties\Autodesk.Aec.Building.Elec.DatabaseServices.ConduitStyle.xml --a---- 3468 bytes [15:46 11/03/2013] [15:46 11/03/2013] 9A7D806E46B6A0117E6233B77C87E6E8 Searching for "*softonic*" C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Cookies\katrin@photoscape.softonic[1].txt --a---- 387 bytes [21:01 17/06/2011] [21:02 17/06/2011] 0BC5B010199F394E3684EEB1A3B9889F C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Cookies\katrin@softonic[2].txt --a---- 450 bytes [21:01 17/06/2011] [21:01 17/06/2011] 0FBF63EA469358A93B923537852A9604 Searching for "*quickstore*" No files found. Searching for "*yontoo*" No files found. Searching for "*FunMood*" No files found. Searching for "*tarma*" No files found. Searching for "*asktool*" C:\Autodesk\AutoCAD 2014\Catalogs\StockToolCatalog\Images\MaskTool.png --a---- 479 bytes [10:45 29/08/2012] [10:45 29/08/2012] F8A7A34B6DFDC9F7380E94B113760164 C:\Autodesk\AutoCAD 2014\Sample\Sample Palette Catalog - D A CH\Categories\Images\MaskTool.png --a---- 479 bytes [13:02 26/10/2012] [13:02 26/10/2012] F8A7A34B6DFDC9F7380E94B113760164 C:\Autodesk\AutoCAD 2014\Sample\Sample Palette Catalog - D A CH\Categories\Palettes\Images\MaskTool.png --a---- 479 bytes [13:02 26/10/2012] [13:02 26/10/2012] F8A7A34B6DFDC9F7380E94B113760164 C:\Autodesk\AutoCAD 2014\UserDataCache\de-DE\Support\WorkspaceCatalog (D A CH)\Palettes\Images\MaskTool.png --a---- 479 bytes [13:01 26/10/2012] [13:01 26/10/2012] F8A7A34B6DFDC9F7380E94B113760164 C:\Autodesk\AutoCAD 2014\UserDataCache\de-DE\Support\WorkspaceCatalog (D A CH)\WorkspaceCatalog (D A CH)\Palettes\Images\MaskTool.png --a---- 479 bytes [20:36 05/03/2013] [20:36 05/03/2013] F8A7A34B6DFDC9F7380E94B113760164 C:\Users\Katrin\AppData\Roaming\Autodesk\ACA 2014\deu\Support\WorkspaceCatalog (D A CH)\Palettes\Images\MaskTool.png --a---- 479 bytes [13:02 26/10/2012] [13:02 26/10/2012] F8A7A34B6DFDC9F7380E94B113760164 C:\Users\Katrin\AppData\Roaming\Autodesk\ACA 2014\deu\Support\WorkspaceCatalog (D A CH)\WorkspaceCatalog (D A CH)\Palettes\Images\MaskTool.png --a---- 479 bytes [20:37 05/03/2013] [20:37 05/03/2013] F8A7A34B6DFDC9F7380E94B113760164 ========== folderfind ========== Searching for "*conduit*" No folders found. Searching for "*softonic*" No folders found. Searching for "*quickstore*" No folders found. Searching for "*yontoo*" C:\Program Files\Yontoo Layers d------ [21:02 17/06/2011] Searching for "*FunMood*" No folders found. Searching for "*tarma*" No folders found. Searching for "*asktool*" No folders found. ========== regfind ========== Searching for "*conduit*" No data found. Searching for "*softonic*" No data found. Searching for "*quickstore*" No data found. Searching for "*yontoo*" No data found. Searching for "*FunMood*" No data found. Searching for "*tarma*" No data found. Searching for "*asktool*" No data found. -= EOF =- |
12.05.2013, 21:49 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Werbetrojaner (?) bei der Google Suche über FirefoxFixen mit OTL
Code:
ATTFilter :Files C:\Program Files\Yontoo Layers C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Cookies\katrin@photoscape.softonic[1].txt C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Cookies\katrin@softonic[2].txt C:\Users\Katrin\Downloads\agsetup183se.exe C:\Users\Katrin\Downloads\SoftonicDownloader_fuer_photoscape.exe ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2013, 22:14 | #13 |
| Werbetrojaner (?) bei der Google Suche über Firefox Und jetzt anbei die OTL-File Code:
ATTFilter All processes killed ========== FILES ========== C:\Program Files\Yontoo Layers folder moved successfully. C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Cookies\katrin@photoscape.softonic[1].txt moved successfully. C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Cookies\katrin@softonic[2].txt moved successfully. File\Folder C:\Users\Katrin\Downloads\agsetup183se.exe not found. File\Folder C:\Users\Katrin\Downloads\SoftonicDownloader_fuer_photoscape.exe not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Katrin\Downloads\cmd.bat deleted successfully. C:\Users\Katrin\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Katrin ->Temp folder emptied: 1221768 bytes ->Temporary Internet Files folder emptied: 5208744 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 188196887 bytes ->Flash cache emptied: 1201 bytes User: Public User: UpdatusUser User: UpdatusUser.Katrin-PC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4960 bytes RecycleBin emptied: 682154228 bytes Total Files Cleaned = 836,00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! OTL by OldTimer - Version 3.2.69.0 log created on 05122013_230636 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
12.05.2013, 22:36 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Werbetrojaner (?) bei der Google Suche über Firefox Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
13.05.2013, 05:37 | #15 |
| Werbetrojaner (?) bei der Google Suche über Firefox Hallo und guten Morgen, gleich nach dem ersten Post waren meine Werbeprobleme im Firefox beendet. MVPS oder ähnliches wäre sicher sinnvoll. Das schaue ich mir mal an. Ich lösche meine Cookies zwar in regelmäßigen Abständen aber ich bin in ner Menge Foren unterwegs. Ohne Cookies artet das in Arbeit aus. CookieCuller für den Firefox lade ich mir heute abend dann auch herunter. Mein Laptop läuft subjektiv schneller als vorher. Vor allem das hochfahren geht schneller. Allerdings weiß ich nicht, ob das Einbildung ist. Ansonsten habe ich auch keine weiteren Probleme und freu mich, dass die nervige Werbung dank dir nun Geschichte ist. |
Themen zu Werbetrojaner (?) bei der Google Suche über Firefox |
adware.yontoo, board, deaktiviert, firefox, gesucht, internet, malware.packer.t, neustart, nicht mehr, problem, programme, pup.funmoods, pup.offerbundler.st, scannen, suche, woche |