| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.06.2013, 11:26
| #1 |
| |  nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Hallo, seit heute morgen erscheint jedes mal wenn ich mein Netbook hochfahre die Meldung dass ich "wssetup.exe" installieren soll. Ich habe es natürlich nicht gemacht. Da es sich aber um einen Schädling handelt, würde ich ihn gern loswerden. Mit dem Netbook muss ich am Montag eine Präsentation halten, kann ich das getrost machen, weil ich den Wurm ja nicht installiert habe, oder würde er auch auf irgedneiner Art den Beamer befallen? Weil dann müsste ich meiner Professorin noch eine Email schreiben, zwecks verschieben. Und kann sich der Schädling auch per USB-Sticks verbreiten? Denn ich bemerke seit 2 Wochen dass 3 Geräte, gleichzeitig, mächtig an Leistung einbüßen. vielen Dank schonmal |
|
08.06.2013, 11:27
| #2 |
| /// the machine /// TB-Ausbilder    | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Hi,
__________________erstmal machen wir den hier :=) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.06.2013, 12:24
| #3 |
| | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden OTL Logfile:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.06.2013 12:58:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,51% Memory free 3,97 Gb Paging File | 2,43 Gb Available in Paging File | 61,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 256,99 Gb Total Space | 184,22 Gb Free Space | 71,68% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 20,48 Gb Free Space | 51,19% Space Free | Partition Type: NTFS Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\PHotkey\PHotkey.exe () PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\PHotkey\POSD.exe () PRC - C:\Program Files\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) PRC - C:\Program Files\PHotkey\PVDesktop.exe () PRC - C:\Program Files\PHotkey\PVDAgent.exe () PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.) PRC - C:\Program Files\PHotkey\GFNEXSrv.exe () PRC - C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) PRC - C:\Program Files\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files\PHotkey\MsgTranAgt.exe () PRC - C:\Program Files\PHotkey\ASLDRSrv.exe () PRC - C:\Program Files\PHotkey\HCSynApi.exe (TODO: <Company name>) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files\PHotkey\PVDAgent.exe () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll () ========== Services (SafeList) ========== SRV - (SearchAnonymizer) -- C:\Users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (GFNEXSrv) -- C:\Program Files\PHotkey\GFNEXSrv.exe () SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ASLDRService) -- C:\Program Files\PHotkey\ASLDRSrv.exe () SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (btmaudio) -- system32\drivers\btmaud.sys File not found DRV - (ACPIService) -- system32\DRIVERS\ATKACPI.SYS File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation) DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation) DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation) DRV - (AMPPALP) -- C:\Windows\System32\drivers\amppal.sys (Windows (R) Win 7 DDK provider) DRV - (AMPPAL) -- C:\Windows\System32\drivers\amppal.sys (Windows (R) Win 7 DDK provider) DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation) DRV - (btmaux) -- C:\Windows\System32\drivers\btmaux.sys (Intel Corporation) DRV - (FLxHCIc) -- C:\Windows\System32\drivers\FLxHCIc.sys (Fresco Logic) DRV - (FLxHCIh) -- C:\Windows\System32\drivers\FLxHCIh.sys (Fresco Logic) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (PEGAGFN) -- C:\Program Files\PHotkey\PEGAGFN.sys (PEGATRON) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D} IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{1721BC0F-99CF-4667-98F6-5AEC3DA46320}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=18223cf0-8b1b-4208-b25e-97d8930d8fde&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{26D671F3-D2E0-4E7A-929B-B9B576F63EC3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=18223cf0-8b1b-4208-b25e-97d8930d8fde&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{2749791E-77F6-4963-AA23-F546A3BF7F6F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=18223cf0-8b1b-4208-b25e-97d8930d8fde&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{2E6C17FF-37D6-44B8-935F-A49E954CDF0E}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D69653726726C7A3D3149374D444E455F656E4445333933&st={searchTerms}&clid=18223cf0-8b1b-4208-b25e-97d8930d8fde&pid=ccleanerde&k=0 IE - HKCU\..\SearchScopes\{66E5CEBE-BF59-4115-B509-0E68596EB4C9}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=18223cf0-8b1b-4208-b25e-97d8930d8fde&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{7806A17F-9784-4F43-99D8-9881B5E0BA81}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=18223cf0-8b1b-4208-b25e-97d8930d8fde&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{EC1D12AD-E9BB-4D2B-9148-2D409B716E87}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=18223cf0-8b1b-4208-b25e-97d8930d8fde&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.00000&barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D}&src=2&crg=3.1010000.00000&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.11.01 14:25:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.11.01 14:25:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.11.01 14:25:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.27 22:05:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\extensions\firejump@firejump.net [2013.01.30 02:18:27 | 000,000,000 | ---D | M] [2012.09.27 22:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2013.05.31 08:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\xbpaq0jj.default\extensions [2013.01.30 02:18:27 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\xbpaq0jj.default\extensions\firejump@firejump.net [2013.01.31 02:30:11 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\extensions\extension@preispilot.com.xpi [2013.02.18 11:17:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.31 11:54:37 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.01.30 02:20:08 | 000,003,998 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\searchplugins\sweetim.xml [2013.01.30 02:18:37 | 000,001,870 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\searchplugins\{106BFE43-55D3-4E7C-8E4F-3A1744A673A5}.xml [2013.01.30 02:18:37 | 000,002,077 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\searchplugins\{582A221A-6A87-48D8-8F2E-AAB8747FF1C2}.xml [2013.01.30 02:18:37 | 000,002,188 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\searchplugins\{9B3B5224-B908-4DCA-884C-56F7E8C1B9E7}.xml [2012.09.27 22:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.09.27 22:05:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.01.30 02:18:37 | 000,001,684 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.30 02:18:37 | 000,001,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.30 02:18:37 | 000,001,271 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.30 02:18:37 | 000,002,294 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2013.01.30 02:18:37 | 000,007,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.30 02:18:37 | 000,001,278 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.30 02:18:37 | 000,001,170 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BLEServicesCtrl] C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs () O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{187A20C1-E9F6-4EB1-9712-5BFB1DFE13A3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4C6A7B-36CF-4289-B31C-3B4957A60E04}: DhcpNameServer = 202.96.209.5 202.96.209.133 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 360 Days ========== [2013.06.08 12:32:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2013.05.20 21:54:12 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Mp3tag [2013.05.20 21:54:09 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Neuer Ordner1 [2013.04.30 09:19:22 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Microsoft Help [2013.04.30 09:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.04.11 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\RichtenbergerSee [2013.03.02 09:33:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Macromedia [2013.02.26 13:53:45 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Neuer Ordner [2013.02.25 23:24:14 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.13 22:48:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU [2013.02.13 22:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2013.02.13 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2013.02.13 22:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2013.02.13 22:47:30 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll [2013.02.13 22:47:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll [2013.02.13 22:47:30 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll [2013.02.13 22:47:30 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll [2013.02.13 22:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2013.02.13 22:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2013.01.30 02:20:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Tracing [2013.01.30 02:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2013.01.30 02:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2013.01.30 02:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.01.30 02:18:19 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2013.01.30 02:18:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\DesktopIconForAmazon [2013.01.30 02:18:00 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\OCS [2013.01.13 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Colibri Games [2013.01.13 23:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Colibri Games [2012.11.11 01:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Opera [2012.11.11 01:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Opera [2012.11.11 01:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012.10.04 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Adobe [2012.10.03 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Diagnostics [2012.10.01 20:24:44 | 000,000,000 | ---D | C] -- C:\Users\Jan\EXE-N [2012.09.30 23:33:15 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.09.30 23:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apple Computer [2012.09.30 23:11:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Apple Computer [2012.09.30 23:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.30 23:10:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.09.30 23:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.30 23:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.30 23:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.09.30 23:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.30 23:04:56 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apple [2012.09.30 23:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.09.30 23:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.09.30 23:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.09.30 23:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.09.30 22:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.09.30 22:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.09.30 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Notepad++ [2012.09.30 22:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2012.09.30 22:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinGW [2012.09.30 22:26:34 | 000,000,000 | ---D | C] -- C:\MinGW [2012.09.30 18:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2012.09.30 15:27:17 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Daten [2012.09.30 00:35:30 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\1Neuer Ordner [2012.09.29 16:38:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Meine Paletten [2012.09.29 16:37:48 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Corel [2012.09.29 16:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012.09.29 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Corel [2012.09.29 16:33:09 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\SoftGrid Client [2012.09.29 16:33:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\SoftGrid Client [2012.09.29 16:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) [2012.09.29 16:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.09.29 16:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client [2012.09.29 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TP [2012.09.29 16:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\{B3732304-647F-4AA1-9B8D-AD27ACD2A718} [2012.09.29 16:24:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Windows Live Writer [2012.09.29 16:24:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Windows Live Writer [2012.09.29 01:29:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.29 01:29:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.29 01:29:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.29 01:29:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.29 01:29:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.29 01:29:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.29 01:29:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.29 01:29:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.29 01:19:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2012.09.28 18:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Avatar [2012.09.28 18:28:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\CyberLink [2012.09.28 15:41:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Microsoft Games [2012.09.28 14:49:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2012.09.28 14:48:54 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.09.28 14:48:54 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.09.28 14:48:35 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.09.28 14:48:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012.09.28 14:48:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.09.28 14:48:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.09.28 14:48:03 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.09.28 14:48:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.09.28 14:47:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.09.28 14:47:56 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.09.28 14:47:40 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.09.28 14:47:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.09.28 14:47:35 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.09.28 14:47:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.09.28 14:47:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.09.28 14:47:24 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.09.28 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org [2012.09.27 22:23:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.09.27 22:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2012.09.27 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Mozilla [2012.09.27 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Mozilla [2012.09.27 22:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.27 22:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.09.27 22:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.27 22:03:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Adobe [2012.09.27 22:01:36 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Google [2012.09.27 21:28:23 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.09.27 21:28:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.09.27 21:28:14 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.09.27 21:28:14 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.09.27 21:28:14 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.09.27 21:27:59 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.09.27 21:27:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.09.27 21:24:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Youcam [2012.09.27 21:23:27 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\CyberLink [2012.09.27 17:16:43 | 000,000,000 | R--D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.27 17:16:43 | 000,000,000 | R--D | C] -- C:\Users\Jan\Searches [2012.09.27 17:16:43 | 000,000,000 | R--D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.27 17:16:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Identities [2012.09.27 17:16:31 | 000,000,000 | R--D | C] -- C:\Users\Jan\Contacts [2012.09.27 17:16:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.27 17:16:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\VirtualStore [2012.09.27 17:16:06 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Intel [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Vorlagen [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\AppData\Local\Verlauf [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\AppData\Local\Temporary Internet Files [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Startmenü [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\SendTo [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Recent [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Netzwerkumgebung [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Lokale Einstellungen [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Documents\Eigene Videos [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Documents\Eigene Musik [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Eigene Dateien [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Documents\Eigene Bilder [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Druckumgebung [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Cookies [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\AppData\Local\Anwendungsdaten [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Anwendungsdaten [2012.09.27 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Temp [2012.09.27 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Microsoft [2012.09.27 17:15:58 | 000,000,000 | --SD | C] -- C:\Users\Jan\AppData\Roaming\Microsoft [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Videos [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Saved Games [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Pictures [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Music [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Links [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Favorites [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Downloads [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Documents [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Desktop [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.27 17:15:58 | 000,000,000 | -H-D | C] -- C:\Users\Jan\AppData [2012.09.27 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\Roaming [2012.09.27 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Macromedia [2012.09.27 17:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.09.27 17:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.09.27 17:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012.09.27 17:12:47 | 000,586,072 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.09.27 17:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo [2012.09.27 17:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo [2012.09.27 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo [2012.09.27 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mediathek [2012.09.27 17:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT [2012.09.27 17:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\MARKEMENT [2012.09.27 17:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Medion_Services [2012.09.27 17:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Aldi_Foto [2012.09.27 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2012.09.27 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel [2012.09.27 17:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2012.09.27 17:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012.09.27 17:06:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5 [2012.09.27 17:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2012.09.27 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady [2012.09.27 17:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner [2012.09.27 17:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.09.27 17:02:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.09.27 17:02:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings [2012.09.27 17:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.08.21 13:01:22 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [24 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2013.06.08 12:32:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2013.06.08 12:32:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.08 12:10:40 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 12:10:40 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 12:07:58 | 000,709,774 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.08 12:07:58 | 000,665,052 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.08 12:07:58 | 000,152,552 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.08 12:07:58 | 000,125,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.08 12:04:58 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013.06.08 10:33:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.08 10:32:44 | 1600,266,240 | -HS- | M] () -- C:\hiberfil.sys [2013.06.08 10:32:10 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat [2013.06.08 09:52:23 | 000,590,182 | ---- | M] () -- C:\Users\Jan\Desktop\RichtenbergSee-Präsentation.odp [2013.06.04 17:44:52 | 000,007,153 | ---- | M] () -- C:\Users\Jan\Desktop\Die Renaturierung des Richtenberger Sees.odt [2013.04.11 17:28:23 | 000,011,908 | ---- | M] () -- C:\Users\Jan\Desktop\Richtenberger See.odt [2013.02.25 23:24:14 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.25 23:24:14 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.30 02:29:12 | 000,373,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.02 10:45:53 | 000,007,606 | ---- | M] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg [2012.11.01 14:24:42 | 000,586,072 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.09.30 22:44:11 | 000,001,027 | ---- | M] () -- C:\Users\Jan\Desktop\Notepad++.lnk [2012.09.29 16:32:55 | 000,002,437 | ---- | M] () -- C:\Users\Jan\Desktop\Microsoft Excel Starter 2010.lnk [2012.09.29 16:32:46 | 000,002,435 | ---- | M] () -- C:\Users\Jan\Desktop\Microsoft Word Starter 2010.lnk [2012.09.28 14:29:44 | 000,001,201 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.28 02:01:48 | 000,150,011 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.09.27 22:23:36 | 000,001,112 | ---- | M] () -- C:\Users\Jan\Desktop\OpenOffice.org Writer.lnk [2012.09.27 22:00:13 | 000,017,408 | ---- | M] () -- C:\Users\Jan\AppData\Local\WebpageIcons.db [2012.09.27 21:55:12 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2012.09.27 21:55:12 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2012.08.24 08:59:17 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.24 08:51:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.24 08:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.24 08:48:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.24 08:47:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.24 08:45:46 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.08.24 08:43:58 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.24 08:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.08.22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.08.21 22:12:27 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012.08.21 13:01:22 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2012.08.02 18:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.07.18 19:47:53 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.07.04 21:45:31 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [24 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.08 10:32:10 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2013.06.04 17:44:47 | 000,007,153 | ---- | C] () -- C:\Users\Jan\Desktop\Die Renaturierung des Richtenberger Sees.odt [2013.06.04 17:21:07 | 000,590,182 | ---- | C] () -- C:\Users\Jan\Desktop\RichtenbergSee-Präsentation.odp [2013.04.11 17:14:52 | 000,011,908 | ---- | C] () -- C:\Users\Jan\Desktop\Richtenberger See.odt [2013.01.30 02:28:56 | 000,373,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.30 02:18:19 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.11.11 01:43:22 | 000,001,795 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.09.30 23:04:33 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.09.30 22:44:11 | 000,001,027 | ---- | C] () -- C:\Users\Jan\Desktop\Notepad++.lnk [2012.09.30 15:34:05 | 000,007,606 | ---- | C] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg [2012.09.30 15:30:51 | 000,002,437 | ---- | C] () -- C:\Users\Jan\Desktop\Microsoft Excel Starter 2010.lnk [2012.09.30 15:30:43 | 000,002,435 | ---- | C] () -- C:\Users\Jan\Desktop\Microsoft Word Starter 2010.lnk [2012.09.28 14:29:44 | 000,001,201 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.28 01:56:58 | 1600,266,240 | -HS- | C] () -- C:\hiberfil.sys [2012.09.27 22:24:42 | 000,001,112 | ---- | C] () -- C:\Users\Jan\Desktop\OpenOffice.org Writer.lnk [2012.09.27 22:06:04 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.27 22:00:12 | 000,017,408 | ---- | C] () -- C:\Users\Jan\AppData\Local\WebpageIcons.db [2012.09.27 17:16:46 | 000,001,417 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.09.27 17:15:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.09.27 17:15:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012.09.27 17:04:13 | 000,002,463 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2012.09.27 17:03:44 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.27 17:03:43 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.11 17:56:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.02.01 00:41:11 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.01.31 03:47:53 | 000,709,774 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.01.31 03:47:53 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.01.31 03:47:53 | 000,152,552 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.01.31 03:47:53 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.01.20 21:49:03 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2012.01.20 21:48:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > _____________ OTL Extras Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.06.2013 12:58:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,51% Memory free
3,97 Gb Paging File | 2,43 Gb Available in Paging File | 61,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256,99 Gb Total Space | 184,22 Gb Free Space | 71,68% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 20,48 Gb Free Space | 51,19% Space Free | Partition Type: NTFS
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{936885AF-A902-42A1-9EC2-3D10F38B4163}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CAB52448-7A7F-418F-AC9D-DADE6F39F71E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CB8777-79D8-491D-B4D2-43D8C8949407}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{07C0BE42-97FD-4082-B77A-7EA78A40D653}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{173C51E7-1CCA-44BD-8E34-D3639E6472EB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2230CB82-35A1-4FE8-ABCA-254E6FF72AFC}" = dir=in | app=c:\program files\cyberlink\powerdvd10\pdvd10serv.exe |
"{28BD9121-5D68-4B92-AE61-DDCEA76CC1ED}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd10.exe |
"{402A4DD0-F5C3-4BC8-AF66-CA8EF10C9CA3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{43023A74-0004-498C-991C-E93548EF80EB}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{75F42BFF-4B5E-4506-96C4-0D7A5DB5C8EB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{882BC54A-0DE8-4E58-AA57-9046F001C519}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89A56984-C525-48F1-B390-0411269F37B9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{97104D04-6F5A-440F-99A4-977675D646BF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A5F9BD18-D7B0-4CF8-BF07-64AFFB110327}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B00358A3-320A-4ABE-A682-276F43E86B3B}" = dir=in | app=c:\program files\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe |
"{D036BDF7-F011-412E-AA5F-F51C100E5254}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DEB252BD-5A5A-43AA-BCBB-6AE81FDEDF31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EDF80462-EFFF-48C8-A763-FF0CFD6FF81E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F288754B-DD0C-4491-AD97-6314471F0B16}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{F6E6F865-0A66-4B22-9E9E-BEFB38EE74AD}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FC83CE1-EA4F-48D2-9F51-51546C2D33E2}" = Fresco Logic USB3.0 Host Controller
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"AVS Media Player_is1" = AVS Media Player 4.1.10.99
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.15.1748" = Opera 12.15
"PCSUITE_SHREDDER_PRO_is1" = PCSUITE SHREDDER
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Our Record 3 won: 89E579A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:8C00:907D:0A76:3C25
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Pkt Record: 902A65A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:F8A6:3F30:7343:9A7D
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Our Record 3 lost: 89E579A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:8C00:907D:0A76:3C25
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Pkt Record: 902A65A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:F8A6:3F30:7343:9A7D
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Our Record 3 lost: 00303D20
4 Jan-PC.local. Addr 192.168.2.100
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Pkt Record: 902A65A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:F8A6:3F30:7343:9A7D
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Our Record 3 lost: 89E579A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:8C00:907D:0A76:3C25
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Pkt Record: 902A65A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:F8A6:3F30:7343:9A7D
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Our Record 3 lost: 00303D20
4 Jan-PC.local. Addr 192.168.2.100
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Pkt Record: 902A65A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:F8A6:3F30:7343:9A7D
Error - 08.06.2013 06:05:05 | Computer Name = Jan-PC | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: 0154E4D0 Our Record 3 lost: 89E579A6 16
Jan-PC.local. AAAA FE80:0000:0000:0000:8C00:907D:0A76:3C25
[ System Events ]
Error - 03.06.2013 09:50:59 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed
Security Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 03.06.2013 10:04:19 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?06.?2013 um 15:57:24 unerwartet heruntergefahren.
Error - 03.06.2013 10:07:24 | Computer Name = Jan-PC | Source = DCOM | ID = 10005
Description =
Error - 03.06.2013 10:07:24 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
iPod-Dienst erreicht.
Error - 03.06.2013 10:07:24 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 03.06.2013 10:13:29 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?06.?2013 um 16:08:10 unerwartet heruntergefahren.
Error - 08.06.2013 03:13:37 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?06.?2013 um 00:45:48 unerwartet heruntergefahren.
Error - 08.06.2013 03:13:45 | Computer Name = Jan-PC | Source = NetBT | ID = 4321
Description = Der Name "JAN-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.100 registriert werden. Der Computer mit IP-Adresse 192.168.2.101
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 08.06.2013 04:34:02 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 08.06.2013 06:04:55 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
< End of report >
Danke für deine Hilfe  Geändert von MangoGold (08.06.2013 um 12:30 Uhr) |
|
08.06.2013, 13:02
| #4 | |
| /// the machine /// TB-Ausbilder | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werdenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.06.2013, 20:38
| #5 |
| | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.01 - Jan 08.06.2013 14:12:05.1.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.2035.866 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ACPIService
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-08 bis 2013-06-08 ))))))))))))))))))))))))))))))
.
.
2013-06-08 12:32 . 2013-06-08 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-08 11:59 . 2013-06-08 11:59 -------- d-----w- c:\windows\system32\IO
2013-05-31 18:47 . 2013-05-31 18:47 0 ----a-w- c:\windows\system32\shoC262.tmp
2013-05-20 20:03 . 2013-05-20 20:03 0 ----a-w- c:\windows\system32\sho1479.tmp
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-08 07:16 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-03 07:34 . 2013-05-03 07:34 0 ----a-w- c:\windows\system32\sho42AB.tmp
2013-04-19 07:33 . 2013-04-19 07:33 0 ----a-w- c:\windows\system32\sho9D68.tmp
2013-04-08 07:34 . 2013-04-08 07:34 0 ----a-w- c:\windows\system32\shoB09A.tmp
2013-04-03 17:33 . 2013-04-03 17:33 0 ----a-w- c:\windows\system32\sho5748.tmp
2013-03-21 10:13 . 2013-03-21 10:13 0 ----a-w- c:\windows\system32\sho9A65.tmp
2013-03-18 07:27 . 2013-03-18 07:27 0 ----a-w- c:\windows\system32\sho8E79.tmp
2013-03-11 21:58 . 2013-03-11 21:58 0 ----a-w- c:\windows\system32\sho3F50.tmp
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2011-12-13 131]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-17 10082920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-10 2307368]
"FLxHCIm"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe" [2011-10-03 43008]
"BLEServicesCtrl"="c:\program files\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 152336]
"BTMTrayAgent"="c:\program files\Intel\Bluetooth\btmshell.dll" [2012-02-22 10881296]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-27 168960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-27 161280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-11-01 206448]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2324752]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 141312]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-03-29 241936]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 197224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 509440]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\Intel\Bluetooth\devmonsrv.exe [2012-02-22 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Intel\Bluetooth\obexsrv.exe [2012-02-22 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 104208]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;c:\program files\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [2011-04-13 70952]
S2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;c:\program files\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [2011-04-13 312616]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 141312]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Intel\Bluetooth\mediasrv.exe [2012-02-22 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-11-30 76800]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-30 558592]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 27760]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2011-10-03 169472]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2011-10-03 49664]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-02-14 48128]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2012-02-27 1344512]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2012-02-27 419328]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-09 278528]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [2012-03-12 10339840]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-08-23 414824]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-27 15:03]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-27 15:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D}
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D}&src=2&crg=3.1010000.00000&q=
FF - ExtSQL: !HIDDEN! 2013-01-30 01:18; firejump@firejump.net; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\extensions\firejump@firejump.net
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\CyberLink\YouCam\YouCamService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Intel\Bluetooth\BTPlayerCtrl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-08 21:24:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-08 19:24
.
Vor Suchlauf: 6 Verzeichnis(se), 200.986.771.456 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 199.165.718.528 Bytes frei
.
- - End Of File - - C1A26162DDB84A9948E80A42CAEB5716
2E0FE7FC299470E30383716B164CF901 [/CODE] |
|
08.06.2013, 20:41
| #6 |
| /// the machine /// TB-Ausbilder | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches OTL Log. Noch Probleme?
__________________ --> nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden |
|
08.06.2013, 21:19
| #7 |
| | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 08/06/2013 um 21:56:38 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Jan - JAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jan\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\searchplugins\SweetIm.xml
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\Jan\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\extensions\firejump@firejump.net
Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Jan\AppData\Roaming\OCS
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchAnonymizer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchAnonymizer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16450
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D} --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0.1 (de)
Datei : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\xbpaq0jj.default\prefs.js
Gelöscht : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={B8D1CDF3-6A72-11E2-AB4C-B803[...]
Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={B8D1CDF3-6A72-11E2-AB4C-B80305[...]
Gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1370640243349");
Gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000.00000");
Gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Gelöscht : user_pref("sweetim.toolbar.newtab.created", "true");
Gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.de");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{B8D1CDF3-6A72-11E2-AB4C-B80305ACD74D}");
Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.00000&barid={B8D1[...]
Gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
-\\ Opera v12.15.1748.0
Datei : C:\Users\Jan\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [23807 octets] - [08/06/2013 21:56:38]
########## EOF - C:\AdwCleaner[S1].txt - [23868 octets] ##########
JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Starter x86
Ran by Jan on 08.06.2013 at 22:03:18,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?
Val Name Type Value Data
======== ==== ==========
BTMTrayAgent REG_SZ rundll32.exe "C:\Program Files\Intel\Bluetooth\btmshell.dll",TrayApp
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
~~~ Files
Successfully deleted: [File] C:\Windows\system32\sho1479.tmp
Successfully deleted: [File] C:\Windows\system32\sho2674.tmp
Successfully deleted: [File] C:\Windows\system32\sho3081.tmp
Successfully deleted: [File] C:\Windows\system32\sho3BB8.tmp
Successfully deleted: [File] C:\Windows\system32\sho3F50.tmp
Successfully deleted: [File] C:\Windows\system32\sho42AB.tmp
Successfully deleted: [File] C:\Windows\system32\sho47E4.tmp
Successfully deleted: [File] C:\Windows\system32\sho4838.tmp
Successfully deleted: [File] C:\Windows\system32\sho4865.tmp
Successfully deleted: [File] C:\Windows\system32\sho5748.tmp
Successfully deleted: [File] C:\Windows\system32\sho57A1.tmp
Successfully deleted: [File] C:\Windows\system32\sho600A.tmp
Successfully deleted: [File] C:\Windows\system32\sho781F.tmp
Successfully deleted: [File] C:\Windows\system32\sho83D1.tmp
Successfully deleted: [File] C:\Windows\system32\sho8E79.tmp
Successfully deleted: [File] C:\Windows\system32\sho8ED7.tmp
Successfully deleted: [File] C:\Windows\system32\sho9A65.tmp
Successfully deleted: [File] C:\Windows\system32\sho9D68.tmp
Successfully deleted: [File] C:\Windows\system32\sho9D95.tmp
Successfully deleted: [File] C:\Windows\system32\shoB09A.tmp
Successfully deleted: [File] C:\Windows\system32\shoC262.tmp
Successfully deleted: [File] C:\Windows\system32\shoCEA5.tmp
Successfully deleted: [File] C:\Windows\system32\shoE088.tmp
Successfully deleted: [File] C:\Windows\system32\shoFFA3.tmp
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Jan\appdata\local\{B3732304-647F-4AA1-9B8D-AD27ACD2A718}
~~~ FireFox
Emptied folder: C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.06.2013 at 22:13:46,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kann ich das mit den USB-Sticks beliebig oft wiederholen? ich nutze nämlich nämlich mehr als ich Ports habe... Danke schonmal |
|
09.06.2013, 06:50
| #8 |
| /// the machine /// TB-Ausbilder | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Dann müsstest Du den kompletten Scan nochmal machen. Scan soviel wie Du Ports hast, Rest scannn wir im Anschluss anders.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.06.2013, 18:13
| #9 |
| | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werdenCode:
ATTFilter Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java(TM) 7 Update 2
Java version out of Date!
Adobe Flash Player 11.6.602.168
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
Google Chrome 12.0.742.91
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter OTL logfile created on: 09.06.2013 16:34:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,87% Memory free 3,97 Gb Paging File | 3,01 Gb Available in Paging File | 75,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 256,99 Gb Total Space | 185,15 Gb Free Space | 72,05% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 20,48 Gb Free Space | 51,19% Space Free | Partition Type: NTFS Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation) PRC - C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.) PRC - C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) PRC - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) PRC - C:\Program Files\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Bluetooth OBEX Service) -- C:\Program Files\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (MemeoBackgroundService) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Jan\AppData\Local\Temp\catchme.sys File not found DRV - (btmaudio) -- system32\drivers\btmaud.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (NETwNs32) -- C:\Windows\System32\drivers\Netwsn00.sys (Intel Corporation) DRV - (igddim32) -- C:\Windows\System32\drivers\igddim32.sys (Intel Corporation) DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation) DRV - (AMPPALP) -- C:\Windows\System32\drivers\amppal.sys (Windows (R) Win 7 DDK provider) DRV - (AMPPAL) -- C:\Windows\System32\drivers\amppal.sys (Windows (R) Win 7 DDK provider) DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation) DRV - (btmaux) -- C:\Windows\System32\drivers\btmaux.sys (Intel Corporation) DRV - (FLxHCIc) -- C:\Windows\System32\drivers\FLxHCIc.sys (Fresco Logic) DRV - (FLxHCIh) -- C:\Windows\System32\drivers\FLxHCIh.sys (Fresco Logic) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2E6C17FF-37D6-44B8-935F-A49E954CDF0E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.11.01 14:25:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.11.01 14:25:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.11.01 14:25:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.27 22:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2013.06.08 21:57:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\xbpaq0jj.default\extensions [2013.01.31 02:30:11 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\extensions\extension@preispilot.com.xpi [2013.02.18 11:17:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\firefox\profiles\xbpaq0jj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.08 13:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013.06.08 13:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2013.06.08 13:11:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BLEServicesCtrl] C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation) O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\i386_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs () O4 - Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0) O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{187A20C1-E9F6-4EB1-9712-5BFB1DFE13A3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4C6A7B-36CF-4289-B31C-3B4957A60E04}: DhcpNameServer = 202.96.209.5 202.96.209.133 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 360 Days ========== [2013.06.08 22:32:06 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Jan\Desktop\esetsmartinstaller_enu.exe [2013.06.08 22:03:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.08 22:03:00 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.08 22:01:32 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jan\Desktop\JRT.exe [2013.06.08 21:23:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.08 14:08:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.08 14:08:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.08 14:08:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.08 14:08:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.08 14:08:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.08 14:05:01 | 005,078,669 | R--- | C] (Swearware) -- C:\Users\Jan\Desktop\ComboFix.exe [2013.06.08 13:59:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO [2013.06.08 13:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.06.08 12:32:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2013.04.30 09:19:22 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Microsoft Help [2013.04.30 09:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.04.11 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\RichtenbergerSee [2013.03.02 09:33:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Macromedia [2013.02.26 13:53:45 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Neuer Ordner [2013.02.25 23:24:14 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.13 22:48:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU [2013.02.13 22:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2013.02.13 22:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2013.02.13 22:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2013.02.13 22:47:30 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll [2013.02.13 22:47:30 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll [2013.02.13 22:47:30 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll [2013.02.13 22:47:30 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll [2013.02.13 22:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2013.02.13 22:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2013.01.30 02:20:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Tracing [2013.01.30 02:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.01.30 02:18:19 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2013.01.13 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Colibri Games [2013.01.13 23:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Colibri Games [2012.11.11 01:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Opera [2012.11.11 01:43:31 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Opera [2012.11.11 01:43:17 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012.10.04 10:27:02 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Adobe [2012.10.03 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Diagnostics [2012.10.01 20:24:44 | 000,000,000 | ---D | C] -- C:\Users\Jan\EXE-N [2012.09.30 23:33:15 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.09.30 23:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apple Computer [2012.09.30 23:11:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Apple Computer [2012.09.30 23:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.30 23:10:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.09.30 23:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.30 23:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.30 23:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.09.30 23:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.30 23:04:56 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Apple [2012.09.30 23:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.09.30 23:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.09.30 23:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.09.30 23:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.09.30 22:44:11 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.09.30 22:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2012.09.30 22:43:32 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Notepad++ [2012.09.30 22:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++ [2012.09.30 22:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinGW [2012.09.30 22:26:34 | 000,000,000 | ---D | C] -- C:\MinGW [2012.09.30 18:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2012.09.30 15:27:17 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Daten [2012.09.30 00:35:30 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\1Neuer Ordner [2012.09.29 16:38:03 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Meine Paletten [2012.09.29 16:37:48 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Corel [2012.09.29 16:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012.09.29 16:37:13 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Corel [2012.09.29 16:33:09 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\SoftGrid Client [2012.09.29 16:33:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\SoftGrid Client [2012.09.29 16:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) [2012.09.29 16:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.09.29 16:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client [2012.09.29 16:30:26 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TP [2012.09.29 16:24:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Windows Live Writer [2012.09.29 16:24:42 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Windows Live Writer [2012.09.29 01:29:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.29 01:29:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.29 01:29:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.29 01:29:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.29 01:29:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.29 01:29:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.29 01:29:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.29 01:29:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.29 01:19:01 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2012.09.28 18:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Avatar [2012.09.28 18:28:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\CyberLink [2012.09.28 15:41:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Microsoft Games [2012.09.28 14:49:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2012.09.28 14:48:54 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.09.28 14:48:54 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.09.28 14:48:35 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.09.28 14:48:32 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012.09.28 14:48:16 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.09.28 14:48:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.09.28 14:48:03 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.09.28 14:48:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.09.28 14:47:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.09.28 14:47:56 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.09.28 14:47:40 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.09.28 14:47:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.09.28 14:47:35 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.09.28 14:47:35 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.09.28 14:47:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.09.28 14:47:24 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.09.28 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\OpenOffice.org [2012.09.27 22:23:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.09.27 22:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2012.09.27 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Mozilla [2012.09.27 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Mozilla [2012.09.27 22:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.27 22:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.09.27 22:03:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Adobe [2012.09.27 22:01:36 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Google [2012.09.27 21:28:23 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.09.27 21:28:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.09.27 21:28:14 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.09.27 21:28:14 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.09.27 21:28:14 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.09.27 21:27:59 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.09.27 21:27:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.09.27 21:24:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\Documents\Youcam [2012.09.27 21:23:27 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\CyberLink [2012.09.27 17:16:43 | 000,000,000 | R--D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.27 17:16:43 | 000,000,000 | R--D | C] -- C:\Users\Jan\Searches [2012.09.27 17:16:43 | 000,000,000 | R--D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.27 17:16:34 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Identities [2012.09.27 17:16:31 | 000,000,000 | R--D | C] -- C:\Users\Jan\Contacts [2012.09.27 17:16:07 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\VirtualStore [2012.09.27 17:16:06 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Intel [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Vorlagen [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\AppData\Local\Verlauf [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\AppData\Local\Temporary Internet Files [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Startmenü [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\SendTo [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Recent [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Netzwerkumgebung [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Lokale Einstellungen [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Documents\Eigene Videos [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Documents\Eigene Musik [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Eigene Dateien [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Documents\Eigene Bilder [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Druckumgebung [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Cookies [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\AppData\Local\Anwendungsdaten [2012.09.27 17:16:04 | 000,000,000 | -HSD | C] -- C:\Users\Jan\Anwendungsdaten [2012.09.27 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Temp [2012.09.27 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\Microsoft [2012.09.27 17:15:58 | 000,000,000 | --SD | C] -- C:\Users\Jan\AppData\Roaming\Microsoft [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Videos [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Saved Games [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Pictures [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Music [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Links [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Favorites [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Downloads [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Documents [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\Desktop [2012.09.27 17:15:58 | 000,000,000 | R--D | C] -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.27 17:15:58 | 000,000,000 | -H-D | C] -- C:\Users\Jan\AppData [2012.09.27 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\Roaming [2012.09.27 17:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Macromedia [2012.09.27 17:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012 [2012.09.27 17:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.09.27 17:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012.09.27 17:12:47 | 000,586,072 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.09.27 17:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo [2012.09.27 17:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo [2012.09.27 17:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo [2012.09.27 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mediathek [2012.09.27 17:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Medion_Services [2012.09.27 17:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Aldi_Foto [2012.09.27 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2012.09.27 17:07:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel [2012.09.27 17:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2012.09.27 17:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012.09.27 17:06:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5 [2012.09.27 17:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2012.09.27 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady [2012.09.27 17:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.09.27 17:02:17 | 000,000,000 | ---D | C] -- C:\Recovery [2012.09.27 17:02:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings [2012.09.27 17:02:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.08.21 13:01:22 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll ========== Files - Modified Within 360 Days ========== [2013.06.09 16:32:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.09 16:12:36 | 000,890,839 | ---- | M] () -- C:\Users\Jan\Desktop\SecurityCheck.exe [2013.06.09 09:48:13 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 09:48:13 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 09:44:24 | 000,709,774 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.09 09:44:24 | 000,665,052 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.09 09:44:24 | 000,152,552 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.09 09:44:24 | 000,125,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.09 09:38:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.09 09:38:14 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat [2013.06.09 09:38:08 | 1600,266,240 | -HS- | M] () -- C:\hiberfil.sys [2013.06.08 22:32:11 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Jan\Desktop\esetsmartinstaller_enu.exe [2013.06.08 22:02:16 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jan\Desktop\JRT.exe [2013.06.08 21:54:38 | 000,648,201 | ---- | M] () -- C:\Users\Jan\Desktop\adwcleaner.exe [2013.06.08 14:05:28 | 005,078,669 | R--- | M] (Swearware) -- C:\Users\Jan\Desktop\ComboFix.exe [2013.06.08 12:32:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2013.06.08 10:32:10 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat [2013.06.08 09:52:23 | 000,590,182 | ---- | M] () -- C:\Users\Jan\Desktop\RichtenbergSee-Präsentation.odp [2013.06.04 17:44:52 | 000,007,153 | ---- | M] () -- C:\Users\Jan\Desktop\Die Renaturierung des Richtenberger Sees.odt [2013.04.11 17:28:23 | 000,011,908 | ---- | M] () -- C:\Users\Jan\Desktop\Richtenberger See.odt [2013.02.25 23:24:14 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.25 23:24:14 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.01.30 02:29:12 | 000,373,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.02 10:45:53 | 000,007,606 | ---- | M] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg [2012.11.01 14:24:42 | 000,586,072 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2012.09.30 22:44:11 | 000,001,027 | ---- | M] () -- C:\Users\Jan\Desktop\Notepad++.lnk [2012.09.29 16:32:55 | 000,002,437 | ---- | M] () -- C:\Users\Jan\Desktop\Microsoft Excel Starter 2010.lnk [2012.09.29 16:32:46 | 000,002,435 | ---- | M] () -- C:\Users\Jan\Desktop\Microsoft Word Starter 2010.lnk [2012.09.28 14:29:44 | 000,001,201 | ---- | M] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.28 02:01:48 | 000,150,011 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.09.27 22:23:36 | 000,001,112 | ---- | M] () -- C:\Users\Jan\Desktop\OpenOffice.org Writer.lnk [2012.09.27 22:00:13 | 000,017,408 | ---- | M] () -- C:\Users\Jan\AppData\Local\WebpageIcons.db [2012.09.27 21:55:12 | 000,116,189 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2012.09.27 21:55:12 | 000,098,168 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2012.08.24 08:59:17 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.24 08:51:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.24 08:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.24 08:48:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.24 08:47:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.24 08:45:46 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.08.24 08:43:58 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.24 08:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.22 19:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.08.22 19:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.08.21 22:12:27 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012.08.21 13:01:22 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2012.08.02 18:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.07.18 19:47:53 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.07.04 21:45:31 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys ========== Files Created - No Company Name ========== [2013.06.09 16:12:35 | 000,890,839 | ---- | C] () -- C:\Users\Jan\Desktop\SecurityCheck.exe [2013.06.08 21:54:37 | 000,648,201 | ---- | C] () -- C:\Users\Jan\Desktop\adwcleaner.exe [2013.06.08 14:08:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.08 14:08:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.08 14:08:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.08 14:08:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.08 14:08:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.08 10:32:10 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2013.06.04 17:44:47 | 000,007,153 | ---- | C] () -- C:\Users\Jan\Desktop\Die Renaturierung des Richtenberger Sees.odt [2013.06.04 17:21:07 | 000,590,182 | ---- | C] () -- C:\Users\Jan\Desktop\RichtenbergSee-Präsentation.odp [2013.04.11 17:14:52 | 000,011,908 | ---- | C] () -- C:\Users\Jan\Desktop\Richtenberger See.odt [2013.01.30 02:28:56 | 000,373,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.30 02:18:19 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.11.11 01:43:22 | 000,001,795 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.09.30 23:04:33 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.09.30 22:44:11 | 000,001,027 | ---- | C] () -- C:\Users\Jan\Desktop\Notepad++.lnk [2012.09.30 15:34:05 | 000,007,606 | ---- | C] () -- C:\Users\Jan\AppData\Local\Resmon.ResmonCfg [2012.09.30 15:30:51 | 000,002,437 | ---- | C] () -- C:\Users\Jan\Desktop\Microsoft Excel Starter 2010.lnk [2012.09.30 15:30:43 | 000,002,435 | ---- | C] () -- C:\Users\Jan\Desktop\Microsoft Word Starter 2010.lnk [2012.09.28 14:29:44 | 000,001,201 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.28 01:56:58 | 1600,266,240 | -HS- | C] () -- C:\hiberfil.sys [2012.09.27 22:24:42 | 000,001,112 | ---- | C] () -- C:\Users\Jan\Desktop\OpenOffice.org Writer.lnk [2012.09.27 22:06:04 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.27 22:00:12 | 000,017,408 | ---- | C] () -- C:\Users\Jan\AppData\Local\WebpageIcons.db [2012.09.27 17:16:46 | 000,001,417 | ---- | C] () -- C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.09.27 17:15:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.09.27 17:15:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012.09.27 17:04:13 | 000,002,463 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2012.09.27 17:03:44 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.27 17:03:43 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.11 17:56:06 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.02.01 00:41:11 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.01.31 03:47:53 | 000,709,774 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.01.31 03:47:53 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.01.31 03:47:53 | 000,152,552 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.01.31 03:47:53 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.01.20 21:49:03 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2012.01.20 21:48:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 16:34:35 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,87% Memory free
3,97 Gb Paging File | 3,01 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256,99 Gb Total Space | 185,15 Gb Free Space | 72,05% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 20,48 Gb Free Space | 51,19% Space Free | Partition Type: NTFS
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{936885AF-A902-42A1-9EC2-3D10F38B4163}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CAB52448-7A7F-418F-AC9D-DADE6F39F71E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CB8777-79D8-491D-B4D2-43D8C8949407}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{07C0BE42-97FD-4082-B77A-7EA78A40D653}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{173C51E7-1CCA-44BD-8E34-D3639E6472EB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2230CB82-35A1-4FE8-ABCA-254E6FF72AFC}" = dir=in | app=c:\program files\cyberlink\powerdvd10\pdvd10serv.exe |
"{28BD9121-5D68-4B92-AE61-DDCEA76CC1ED}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd10.exe |
"{402A4DD0-F5C3-4BC8-AF66-CA8EF10C9CA3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{43023A74-0004-498C-991C-E93548EF80EB}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{75F42BFF-4B5E-4506-96C4-0D7A5DB5C8EB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{882BC54A-0DE8-4E58-AA57-9046F001C519}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{89A56984-C525-48F1-B390-0411269F37B9}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{97104D04-6F5A-440F-99A4-977675D646BF}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A5F9BD18-D7B0-4CF8-BF07-64AFFB110327}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B00358A3-320A-4ABE-A682-276F43E86B3B}" = dir=in | app=c:\program files\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe |
"{D036BDF7-F011-412E-AA5F-F51C100E5254}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DEB252BD-5A5A-43AA-BCBB-6AE81FDEDF31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EDF80462-EFFF-48C8-A763-FF0CFD6FF81E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F288754B-DD0C-4491-AD97-6314471F0B16}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{F6E6F865-0A66-4B22-9E9E-BEFB38EE74AD}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java(TM) 7 Update 2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37EC048A-81A2-452A-8D1F-3BE2018E767D}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{520C4DD4-2BC7-409B-BA48-E1A4F832662D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{54EB8041-1115-4406-AA4B-44D236E84B3B}" = Intel® PROSet/Wireless WiFi Software
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{66B0B400-22AB-47E6-8673-38A5D37F6331}" = Windows Live Remote Client Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FC83CE1-EA4F-48D2-9F51-51546C2D33E2}" = Fresco Logic USB3.0 Host Controller
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C4E7704D-5AFB-44CA-B8BA-F16C8FA46D5F}" = Windows Live Remote Service Resources
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"AVS Media Player_is1" = AVS Media Player 4.1.10.99
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.15.1748" = Opera 12.15
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.06.2013 03:38:26 | Computer Name = Jan-PC | Source = MemeoBackgroundService | ID = 0
Description =
[ System Events ]
Error - 08.06.2013 16:27:06 | Computer Name = Jan-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 08.06.2013 16:27:07 | Computer Name = Jan-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 08.06.2013 16:28:13 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 08.06.2013 16:30:19 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 08.06.2013 16:31:15 | Computer Name = Jan-PC | Source = DCOM | ID = 10010
Description =
Error - 09.06.2013 03:35:07 | Computer Name = Jan-PC | Source = DCOM | ID = 10001
Description =
Error - 09.06.2013 03:38:15 | Computer Name = Jan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 09:37:08 unerwartet heruntergefahren.
Error - 09.06.2013 03:38:48 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde
mit folgendem Fehler beendet: %%-2147196306
< End of report >
Der Installationsaufruf kommt nicht mehr und sonst ist auch alles Top vielen vielen Dank, du hast mir erspart mein Netbook wegzubringen, und hast meine Präsentation gerettet. |
|
09.06.2013, 18:27
| #10 | |
| /// the machine /// TB-Ausbilder | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Java, Adobe und Firefox bitte updaten  Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.06.2013, 18:34
| #11 |
| | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Nein, das ist mir nicht bekannt, und laut Google ist es auch ein Schädling ... Nein, das ist mir nicht bekannt. Und Google sagt das es ein Schädling ist... |
|
09.06.2013, 18:41
| #12 | |
| /// the machine /// TB-Ausbilder | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werdenZitat:
. Könnte trotzdem sein dass Du die selbst angelegt hast, ich frag lieber vorher Fixen mit OTL
Code:
ATTFilter :OTL
[2012.01.20 21:49:03 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2012.01.20 21:48:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
:commands
[emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.06.2013, 18:54
| #13 |
| | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werdenCode:
ATTFilter All processes killed
========== OTL ==========
C:\Windows\System32\syndata.bin moved successfully.
C:\Windows\System32\GfxUI.exe.config moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GfxServiceInstall deleted successfully.
C:\Windows\System32\GfxCUIServiceInstall.vbs moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jan
->Temp folder emptied: 167504 bytes
->Temporary Internet Files folder emptied: 378618 bytes
->FireFox cache emptied: 87161943 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 58213 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50222 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 84,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06092013_194911
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.06.2013, 18:55
| #14 |
| /// the machine /// TB-Ausbilder | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Perfekt, dann sind wir fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob/Kritik loswerden möchtest: Lob, Kritik und Wünsche - Trojaner-Board Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.06.2013, 21:06
| #15 |
| | nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden Alles ist okay ^^ vielen Dank nocheinmal für deine Hilfe. Ich werde deine Tipps befolgen, auf dass mir so ein wurm nicht wieder den Spaß verdirbt. vielen vielen dank. P.S.: meine präsentation lief richtig gut ^^ |
|
| Themen zu nach booten soll wssetup.exe (Hersteller Perion Network Ltd.) installiert werden |
| beamer, befallen, booten, email, erscheint, geräte, gleichzeitig, heute, installier, installiere, installieren, installiert, leistung, meldung, morgen, natürlich, network, nicht installiert, präsentation, schonmal, schädling, woche, wochen, wssetup.exe, wurm, würde, zwecks |
Textbox. 
Linear-Darstellung
