| |
| |||||||
Log-Analyse und Auswertung: Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als StartseiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.06.2013, 19:47
| #1 |
| |  Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite Hallo, es ist ein Segen, dass es solche Foren gibt!  Dies ist der Computer meiner Mutter. Ein Problem hab ich im Titel ja schon genannt. Ich weiß nicht wie lange nun schon Websearch als Startseite der Browser installiert ist. Vorher gab es noch Babylon und Conduit. Desweiteren werden seit zwei Tagen auf allen besuchten Webseiten "unanständige" Werbebanner gezeigt. ^^ Toolbars von Websearch und Babylon habe ich deinstalliert, allerdings "nur" über Systemsteuerung->Programme->Deinstallieren. Ich weiß nicht, ob das nun tatsächlich deinstalliert ist. Die Probleme gibt es schon seit mehreren Wochen, wegen Abi habe ich mich nicht drum gekümmert und nun festgestellt, dass ich keinerlei Ahnung habe, wie das Problem behoben werden kann. Achso. In einem voreiligen Versuch das Problem zu lösen habe ich Spyhunter 4 installiert, der gleich über hundert Probleme aufzeigte, aber nicht bereit war diese ohne Bezahlung zu lösen. Ich habe auch dieses Programm wieder deinstalliert. Hier sind die gewünschten Logs. Der defogger hat keine Fehlermeldung ausgegeben. OTL Code:
ATTFilter OTL logfile created on: 09.06.2013 19:50:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Benutzer\Ute.UTE-PC\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 69,80% Memory free 15,97 Gb Paging File | 12,84 Gb Available in Paging File | 80,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 75,49 Gb Total Space | 21,08 Gb Free Space | 27,93% Space Free | Partition Type: NTFS Drive D: | 380,17 Gb Total Space | 332,56 Gb Free Space | 87,48% Space Free | Partition Type: NTFS Drive J: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: UTE-PC | User Name: Ute | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.20 17:55:18 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.16 20:04:47 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.01.16 12:18:33 | 001,650,128 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2013.01.10 15:35:48 | 000,257,512 | ---- | M] (G Data Software) -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe PRC - [2013.01.09 14:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2012.11.29 06:25:41 | 001,547,288 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\GUI\GDSC.exe PRC - [2012.11.29 06:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2012.11.29 05:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.11.29 05:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe PRC - [2012.10.05 22:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Benutzer\Ute.UTE-PC\Downloads\OTL.exe PRC - [2012.05.31 14:53:00 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe PRC - [2012.05.31 14:52:40 | 000,096,768 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2012.04.10 16:05:18 | 000,334,840 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVK.exe PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.03.09 00:19:30 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe PRC - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.05.20 17:55:18 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.17 15:16:26 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 15:16:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.17 15:16:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.16 20:04:46 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.01.24 13:25:02 | 001,044,480 | ---- | M] () -- c:\progra~2\websea~1\sprote~1.dll MOD - [2013.01.24 13:16:54 | 001,050,112 | ---- | M] () -- c:\progra~2\contin~1\sprote~1.dll MOD - [2013.01.13 17:42:21 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll MOD - [2013.01.13 17:42:20 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll MOD - [2013.01.10 04:20:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 04:20:23 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 04:20:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 04:20:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 04:19:57 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.05.31 14:53:00 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.20 17:55:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.16 20:04:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.16 12:18:33 | 001,650,128 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2013.01.10 15:35:48 | 000,257,512 | ---- | M] (G Data Software) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2012.11.30 06:30:54 | 001,219,096 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2012.11.29 06:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.11.29 06:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.11.29 05:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.11.29 05:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.31 14:52:40 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.02.01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2013.01.27 01:53:31 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.01.27 01:51:34 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.01.27 01:51:34 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.01.27 01:51:34 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.01.27 01:51:34 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.12.26 18:01:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.27 02:54:44 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.06.03 21:59:17 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:64bit: - [2012.06.03 21:59:04 | 000,031,608 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2012.03.02 06:13:58 | 000,029,184 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.19 23:49:22 | 000,637,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS) DRV:64bit: - [2011.12.19 23:49:18 | 000,566,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011.12.19 23:49:18 | 000,024,496 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011.10.17 16:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.08.11 08:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.05.25 13:19:00 | 000,076,160 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.05.25 13:19:00 | 000,052,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.04.11 11:33:54 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.23 09:07:36 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.12.19 04:25:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.12.19 04:23:30 | 000,068,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV - [2012.03.02 06:13:58 | 000,021,504 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D} IE:64bit: - HKLM\..\SearchScopes\{64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 IE - HKLM\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D} IE - HKLM\..\SearchScopes\{64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {64A7E6C4-A64F-4DEB-A13E-5CB31FC7B92D} IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.lookforithere.info/?l=1&q={searchTerms}&pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 IE - HKCU\..\SearchScopes\{CBE9CFC6-4714-448F-A35D-3CBD4827D344}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "WebSearch" FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q=" FF - prefs.js..browser.search.order.1: "WebSearch" FF - prefs.js..browser.search.order.1,S: S", "WebSearch" FF - prefs.js..browser.search.selectedEngine: "WebSearch" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..browser.startup.homepage: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14" FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14&l=1&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012.06.03 21:13:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 17:55:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.03.04 17:52:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.20 17:55:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.22 19:24:28 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Extensions [2013.05.21 08:17:29 | 000,000,000 | ---D | M] (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions [2013.05.21 08:17:29 | 000,000,000 | ---D | M] (SearchNewTab) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions\bxhrd30f4b@rmtbtcamxg.net [2013.05.21 08:17:29 | 000,000,000 | ---D | M] (coontinueetosavee) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\Firefox\Profiles\z5644nf8.default\extensions\xm35ji@ldnihz.net [2013.04.08 21:58:25 | 000,714,654 | ---- | M] () (No name found) -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\firefox\profiles\z5644nf8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.05.21 08:17:32 | 000,007,849 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\mozilla\firefox\profiles\z5644nf8.default\searchplugins\WebSearch.xml [2013.05.20 17:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.20 17:55:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: hxxp://websearch.lookforithere.info/?pid=377&r=2013/05/21&hid=2591007165&lg=EN&cc=DE&unqvl=14 CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga\10.15.2.523_0\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiogoahdjhmpnidkfapapialgnfmoppf\1\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\njcpileggbeggldbgdnikalmifjfeldi\1\ CHR - Extension: No name found = D:\Benutzer\Ute.UTE-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (SearchNewTab) - {4FBC9915-89A7-FF85-80B0-6C8E0AB6F49F} - C:\ProgramData\SearchNewTab\519b1b8d6ca6a.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (coontinueetosavee) - {E4158A8A-BBCF-35C9-3261-8FE8CB943B95} - C:\ProgramData\coontinueetosavee\519b1b6e189e2.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5786D022-540E-4699-B350-B4BE0AE94B79} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - Startup: D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IML.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83CA3965-B290-4655-8631-B8B691A38EE4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\progra~2\contin~1\sprote~1.dll () O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - c:\progra~2\websea~1\sprote~1.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe) - c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.06.09 18:23:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.09.28 15:30:38 | 000,055,176 | R--- | M] (Electronic Arts) - J:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2012.09.28 11:48:28 | 000,000,049 | R--- | M] () - J:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{cbe2ae1d-4f73-11e2-a96b-50e549dfde29}\Shell - "" = AutoRun O33 - MountPoints2\{cbe2ae1d-4f73-11e2-a96b-50e549dfde29}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2012.09.28 15:30:38 | 000,055,176 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 19:05:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.09 18:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.06.09 18:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.06.09 18:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013.06.09 18:04:29 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013.06.07 22:46:40 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\Documents\RCT3 [2013.06.07 22:46:40 | 000,000,000 | ---D | C] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Atari [2013.06.07 21:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.06.07 21:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.06.07 21:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.06.07 21:34:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.07 21:33:52 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.03 18:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.06.03 18:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.06.03 18:19:09 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.06.03 18:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.21 08:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp [2013.05.21 08:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab [2013.05.21 08:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab [2013.05.21 08:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSearch [2013.05.21 08:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave [2013.05.21 08:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coontinueetosavee [2013.05.21 08:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\coontinueetosavee [2013.05.21 08:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.05.20 17:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 19:48:59 | 000,000,168 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\defogger_reenable [2013.06.09 19:04:05 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001UA.job [2013.06.09 19:04:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.09 18:25:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 18:25:01 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 18:23:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.06.09 18:17:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 18:17:07 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys [2013.06.09 18:04:29 | 000,002,975 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\Desktop\HiJackThis.lnk [2013.06.09 17:49:06 | 000,001,063 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.09 17:49:01 | 000,001,047 | ---- | M] () -- D:\Benutzer\Ute.UTE-PC\Desktop\Dropbox.lnk [2013.06.07 16:48:58 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802728691-1065208354-3821002551-1001Core.job [2013.05.25 01:41:53 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.25 01:41:53 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.25 01:41:53 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.25 01:41:53 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.25 01:41:53 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.18 19:26:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.17 15:14:26 | 000,311,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 19:48:59 | 000,000,168 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\defogger_reenable [2013.06.09 18:23:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.06.09 18:04:29 | 000,002,975 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\Desktop\HiJackThis.lnk [2013.06.03 18:19:12 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.05.18 19:26:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.12.23 01:05:24 | 000,001,638 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\MyMicroBalanceConfig.ini [2012.12.22 23:14:10 | 000,000,218 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Local\recently-used.xbel [2012.12.22 23:11:00 | 000,003,533 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\AppData\Local\Ute.gnucash [2012.12.20 18:22:44 | 000,000,368 | ---- | C] () -- D:\Benutzer\Ute.UTE-PC\.jhh [2012.06.05 10:45:05 | 001,016,973 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.06.03 16:57:00 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.12 16:37:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.12 16:35:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.12 16:35:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.12 16:35:49 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.03 17:34:27 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\.minecraft [2012.12.22 23:42:48 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Aquamarin Haushaltsbuch [2012.12.20 18:04:07 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Ashampoo [2013.06.07 22:46:40 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Atari [2012.12.02 03:02:07 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\calibre [2013.06.09 19:14:33 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\DAEMON Tools Lite [2013.06.09 18:18:23 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox [2012.12.02 21:51:45 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\elsterformular [2013.02.09 15:05:15 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Origin [2012.12.22 21:28:51 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\SmartTools [2012.06.04 23:03:10 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Thunderbird [2012.06.09 15:21:44 | 000,000,000 | ---D | M] -- D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Zylom Games ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 19:50:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Benutzer\Ute.UTE-PC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 69,80% Memory free
15,97 Gb Paging File | 12,84 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,49 Gb Total Space | 21,08 Gb Free Space | 27,93% Space Free | Partition Type: NTFS
Drive D: | 380,17 Gb Total Space | 332,56 Gb Free Space | 87,48% Space Free | Partition Type: NTFS
Drive J: | 3,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: UTE-PC | User Name: Ute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B3F9B2-2490-4365-83B6-30924A5E0CDF}" = lport=445 | protocol=6 | dir=in | app=system |
"{08D084B6-1B9B-45A2-8965-4C41D283DA0F}" = rport=138 | protocol=17 | dir=out | app=system |
"{2829089F-216C-41E4-83D4-A5FA5FFCA48E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3AA2D5DA-49CC-4D33-88DC-29D4EC41F7FB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{439BAE38-27CF-4B8B-8FBF-730D1CC93003}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A132506-B4EE-475D-B1B3-E7488A4D40AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{56705FB5-0C8A-42A4-BB06-FA5EEBE3F900}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58B476B6-BE80-4742-B7E9-D7806DDA4269}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C50F9D1-CAC4-4457-8580-B823F52B3810}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7062386E-7895-441C-8FE7-43D33E1AC411}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{746FFD7B-E5C8-49CC-92FC-BD1E092FBC77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7C410A89-35CA-4EE7-9150-A8991254375F}" = rport=139 | protocol=6 | dir=out | app=system |
"{7C548611-B366-471E-A2C1-E3342476410F}" = rport=137 | protocol=17 | dir=out | app=system |
"{99E19437-7EAD-4391-939E-06948BE2B82B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A03C0370-0212-4858-8ACD-4D44F52D7BEA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6678A25-0834-4C9F-8C58-DF9AB31BDFE0}" = rport=445 | protocol=6 | dir=out | app=system |
"{AACBCE6D-3C38-4B73-AAEF-E981F8C13A71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8BF6793-9EE2-426D-AAD1-119B7EE6655B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF0198EE-4B03-46C7-893F-6CCCDD63B8F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4D41C4A-0441-4F44-8349-5530045FA55F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D863A721-5677-4F33-951B-060770A6EE5E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA63950F-8E93-4E41-88F7-CB7AA4C49828}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DEA9AE1E-03C8-46DC-BF28-2071D360571B}" = lport=138 | protocol=17 | dir=in | app=system |
"{EDF50131-469A-4743-A5AD-BC06501ED42A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EFBAC61F-023F-46B0-9B29-FD99BE2E7C15}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14BF653C-CDBA-4DBC-A710-19BB5279F92C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15E6E411-83F9-4326-A413-461EC77892AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15F80F37-3092-4E96-B1B0-EE4801000C09}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1C675264-905D-4197-B50E-415A319B6C2F}" = protocol=17 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{20D3F2F9-343C-4D0E-955A-8FAF87C26A44}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe |
"{332C6D7E-BDCA-4BD1-850E-C68587F41D5B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{371F2827-61A2-48AB-A74D-9AE75F6382BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A8845F2-99FC-4D03-8B12-A450695F9C9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C85F81B-354F-4C57-B2E7-4F052A9FABBB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{472ADE33-BDEB-463E-9C33-FC1470DBC8E9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{47F2651B-4425-4809-BFCD-F64CBF48BD4E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4E075DB2-BDF3-4AE4-BEEE-3D9A08D52B6C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{54BDE5E0-5C2A-480A-BD44-DBB4DF9C052A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{55605FBE-226B-4428-BEC4-358A004D4DB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{616254D2-E618-453F-9FCD-AFD8930F1660}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe |
"{6329F152-CC96-4B69-83F2-C7151D715EFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6FAF2395-4520-4A45-9612-2F20673D7C76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{72D6E19B-448B-4541-BABA-E1B4DB105A9F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73C5EF0A-34CC-4810-A8C3-DB61E6E5B512}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7BAF3BD6-CFF6-4CCF-B106-BBFABDD2F295}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe |
"{8677D78A-1A18-4EAD-9825-E440B557C266}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86D6E5A8-7777-4B5A-BB01-BADECCE1E04C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E448B3D-25B4-4A5B-880A-240E3C085DA2}" = protocol=6 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe |
"{902A606B-5904-4AB7-BB00-089A4D8AFB76}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{92AE9074-44E9-47ED-9162-5180C3999399}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{983706F7-24ED-4F41-93A7-825457E8BF03}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rollercoaster tycoon 3 gold\rct3plus.exe |
"{9AF6BFCC-F2B0-49F9-A68F-82110C65FDAB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A593034B-9365-4A8C-9135-1CCF1F3ED9E7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C35DA94A-1F9A-4D65-BB09-723AEFCEF415}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5185473-95E2-41D3-831B-63E1D0D0753C}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe |
"{E6A98632-B700-4717-857C-5C3D47FFE2AB}" = protocol=6 | dir=out | app=system |
"{FECF9DC0-3B5C-476B-98E0-BFF2FA2614FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFC628E6-7519-42D2-BEAB-792899BE1C74}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{21399D75-A16A-47BB-9723-EEE9F9578924}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{AA96FAFD-7F51-4368-B0D7-A6490E4D890A}D:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6FECBB16-6A5E-427F-80C4-DD0CF9AA0F5D}D:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=d:\benutzer\ute.ute-pc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8A1B2F2F-FF33-4AB4-9979-3E88BF54CE2D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A1A084D5-B714-442F-B7B6-C3A24AE8C130}" = calibre 64bit
"{C8149A2F-CBAA-A60A-1F13-162126D54D77}" = AMD AVIVO64 Codecs
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10909818-3951-4C58-801F-76077939856D}" = HydraVision
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Die Sims™ 3 Jahreszeiten
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{552442BD-8398-46F0-ACF1-02F8E1843458}" = G Data TotalProtection 2012
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.0.1) MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Die Sims™ 3 Supernatural
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C1C6816E-CBB3-A748-85F9-A8B47B68985B}" = coontinueetosavee
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SearchNewTab
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Big City Adventure: London Classic" = Big City Adventure: London Classic
"DAEMON Tools Lite" = DAEMON Tools Lite
"DSGPlayer" = RTL GAME CENTER
"ElsterFormular" = ElsterFormular
"Exzellent, Eure Majestät!" = Exzellent, Eure Majestät!
"FarmFrenzy" = FarmFrenzy
"Freemake Video Downloader_is1" = Freemake Video Downloader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Kobo" = Kobo
"Magnus2" = Die Suche nach dem Goldschatz
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"Roads Of Rome_is1" = Roads Of Rome
"SmartToolsFinanzplan 2013v4.00" = SmartTools Publishing • Excel Finanzplan 2013
"SP_4e24eecb" = Search Assistant WebSearch 1.74
"SP_e14dcdfa" = ContinueToSave 1.74
"Steam App 2700" = RollerCoaster Tycoon 3: Platinum!
"The Next BIG Thing (de)" = The Next BIG Thing (Deutsch)
"VLC media player" = VLC media player 1.1.11
"WinPcapInst" = WinPcap 4.1.2
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.05.2013 14:52:46 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.05.2013 05:12:50 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.12.2012 06:20:37 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 03.12.2012 06:21:04 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.12.2012 06:21:34 | Computer Name = UTE-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2013 17:46:09 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description =
Error - 05.05.2013 17:54:29 | Computer Name = UTE-PC | Source = Windows Backup | ID = 4103
Description =
Error - 06.05.2013 16:48:59 | Computer Name = UTE-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 22.12.2012 16:55:07 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 23.12.2012 18:08:27 | Computer Name = UTE-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 23.12.2012 18:56:30 | Computer Name = UTE-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 25.12.2012 07:51:43 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
Error - 25.12.2012 09:47:22 | Computer Name = UTE-PC | Source = NetBT | ID = 4319
Description = Ein doppelter Name wurde im TCP-Netzwerk entdeckt. Die IP-Adresse
des Computers, der die Meldung gesendet hat, steht in den Daten. Verwenden Sie NBTSTAT
-n an der Eingabeaufforderung, um den doppelten Namen zu bestimmen.
Error - 25.12.2012 12:03:01 | Computer Name = UTE-PC | Source = BROWSER | ID = 8032
Description =
Error - 27.12.2012 11:54:35 | Computer Name = UTE-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 29.12.2012 17:46:54 | Computer Name = UTE-PC | Source = bowser | ID = 8003
Description =
Error - 31.12.2012 10:36:34 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Freemake Improver erreicht.
Error - 31.12.2012 10:36:34 | Computer Name = UTE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Freemake Improver" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 20:20:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev. 0,00MB
Running: gmer_2.1.19163.exe; Driver: D:\Benutzer\UTE~1.UTE\AppData\Local\Temp\ufldapow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fae000 63 bytes [00, 00, 0D, 02, 4D, 49, 63, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624 fffff80002fae040 72 bytes [C0, 75, B0, 11, 80, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
.text C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe[1764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
.text ... * 2
.text D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe[2668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
.text D:\Benutzer\Ute.UTE-PC\AppData\Roaming\Dropbox\bin\Dropbox.exe[2668] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
.text ... * 2
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
.text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[2876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2960] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2960] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
.text ... * 2
.text C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
.text C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe[1036] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076951465 2 bytes [95, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000769514bb 2 bytes [95, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread [6992:4112] 00000000775f2e25
Thread [6992:2176] 000000007659d864
Thread [6992:2040] 00000000775f3e45
---- Processes - GMER 2.1 ----
Library C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 0000000140000000
Library C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 0000000180000000
Library C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 000007fee2380000
Library C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 000007fee2860000
Library C:\Program Files\Enigma Software Group\SpyHunter\Common.dll (*** suspicious ***) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6804] 00000000001e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}\Connection@Name isatap.{7AB5735D-CA25-4028-BFA4-1D24DB643FC1}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{FF41DD72-5E02-458C-AAD3-14C09B6E5111}?\Device\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}?\Device\{C682B3CB-8791-48BA-BC35-3858EA5B08CC}?\Device\{5991695B-4452-4BF1-9997-B415FF249D47}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{FF41DD72-5E02-458C-AAD3-14C09B6E5111}"?"{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}"?"{C682B3CB-8791-48BA-BC35-3858EA5B08CC}"?"{5991695B-4452-4BF1-9997-B415FF249D47}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{FF41DD72-5E02-458C-AAD3-14C09B6E5111}?\Device\TCPIP6TUNNEL_{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}?\Device\TCPIP6TUNNEL_{C682B3CB-8791-48BA-BC35-3858EA5B08CC}?\Device\TCPIP6TUNNEL_{5991695B-4452-4BF1-9997-B415FF249D47}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}@InterfaceName isatap.{7AB5735D-CA25-4028-BFA4-1D24DB643FC1}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA6AD888-DBB6-41BD-8DA6-247FEAAE1B2D}@ReusableType 0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ----
Ich bedanke mich jetzt schon für zukünftige Hilfe! LG Paulinchen |
| Themen zu Brower (Firefox & Chrome) haben Websearch.lookforitthere.info als Startseite |
| 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, antivirus, application/pdf:, autorun, bereit, bho, browser, computer, continue, error, firefox, flash player, helper, hijack, home, iexplore.exe, install.exe, installation, logfile, mozilla, plug-in, problem, realtek, registry, safer networking, scan, security, senden, software, super, svchost.exe, totalprotection, tracker, tunnel, windows |
Baum-Darstellung