| |
| |||||||
Log-Analyse und Auswertung: Syphunter 4 ausgeführt - wie kriege ich ihn wieder los?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.07.2013, 10:12
| #1 |
 |  Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Hallo liebe Helfer! Toll, dass es soetwas wie Trojanerboard gibt  Leider bin ich auch auf Spyhunter reingefallen  . Hier die Geschichte:Ich hatte mir eine Adware eingefangen. "Save as Dealfinder". Auf der Suche ihn loszuwerden, fand ich diese Seite, die ausdrücklich Spyhunter empfielt. hxxp://www.sicherpc.net/adware/save-as-deal-finder# - Runtergeladen, hab ihn den Scan machen lassen. Am Ende hatte er für meinen Geschmack zuviel gefunden. - (während des Scans war der Rechner nicht ans Internet angeschlossen. Am Ende des Scans wollte er eine Internetverbindung, die habe ich nicht erlaubt.) - Programm geschlossen, keine Registrierung, Kauf oder ähnliches. - Spyhunter über Systemsteuerung > Programme > Deinstallation deinstalliert. In C > Programme gibt es jetzt noch den Ordner und einige txt files darin. (aber sicher noch mehr auf meinem PC?) - den Adware habe ich vermutlich auch gefunden, er war als "LyricsFun" installiert, habe ich deinstalliert, seit dem taucht er nicht mehr auf. (wirklich weg? keine Ahnung) - im Internet gesucht - und jetzt erst auf das Trojyaner Board gestoßen. - Malewarebytes Anti Maleware - laufen lassen. Er fand nichts. - da ich gelesen habe, dass man die Anleitungen von euch nicht einfach nachmachen soll, poste ich hier und bitte euch um Hilfe bei der hoffentlich vollständigen Entfernung. Habe aber gelesen, was man vor einem Posting hier machen soll. warum habe ich dann keine logfiles angehängt? - habe wie angegeben die 3 Programme ausgeführt. Beim Ausführen von OTL.exe hängte sich das Programm bei "Scanne Firefox Settings" auf und musste über Strg-Alt-Enf beendet werden. Beim zweiten Versuch ebenso. Firefox war dabei geschlossen. (Ich nutze Greasemonkey Scripts, vll hat das was damit zu tun?) - habe dann GMER ausgeführt, der sich ebenfalls aufhängte. (weiß aber nicht an welcher Stelle) liebe Grüße und vielen Dank schon mal für Eure Hilfe - falls sowas ohne die logfiles überhaupt möglich sein sollte... Kerstin |
|
06.07.2013, 10:20
| #2 |
| /// Malwareteam / Visitor  | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Ich bin smeenk und ich werde versuchen dir zu helfen Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
|
|
06.07.2013, 11:01
| #3 |
| | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Hallo Smeenk - vielen Dank für deine Hilfe
__________________ Irgendwie ist aber der Wurm drin  Ich habe windows 7 prof. und bin über einen eigenen Benutzerkonto drin, also nicht als Admin. Habe zoek heruntergeladen, aufgerufen - das Programm öffnet sich jedoch nicht. Habe versucht es als Administrator auszuführen, ebenfalls keine Reaktion. Neustart - nochmal versucht, auch nichts. Virenscanner ist nicht an. wo ist mein Denkfehler? |
|
06.07.2013, 11:11
| #4 |
| /// Malwareteam / Visitor | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Nachher erneut versuchen Zoek.exe zu starten. Sollte es jetzt noch nicht klappen versuch es dann mal im Abgesicherten Modus. |
|
06.07.2013, 12:21
| #5 |
| | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? vielen Dank, mein System wehrt sich aber immer noch  Habe TFC heruntergeladen und ausgeführt (unter Administrator) Dann Zoeck ausgeführt, er ließ sich jedoch immer noch nicht öffnen. OTL ließ sich jedoch ausführen - anbei die beiden logs. Habe versucht Zoeck im abgesicherten Modus zu öffnen, ging auch da nicht. Habe auch versucht GMER auszuführen - sowohl im normalen und im abgesicherten Modus stürzt er immer wieder ab. Scheinbar sind die beiden logs das einzige, was gerade geht :/ Code:
ATTFilter OTL Extras logfile created on: 06.07.2013 12:08:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,17% Memory free
15,99 Gb Paging File | 13,80 Gb Available in Paging File | 86,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 95,10 Gb Free Space | 20,42% Space Free | Partition Type: NTFS
Computer Name: KERSTIN-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe (Macromedia, Inc.)
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files (x86)\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe (Macromedia, Inc.)
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC nightly\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC nightly\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Print_Directory_Listing] -- Printdir.bat "%1"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files (x86)\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC nightly\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC nightly\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Print_Directory_Listing] -- Printdir.bat "%1"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A777D3-B39B-4312-A588-136851BCEC9D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{01CB7672-1145-456D-AF76-1157F6A3EC18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{0B2E743C-B316-4D3D-8EAA-171493916541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1040CE11-E1F0-4F43-B31B-AE3AB4140929}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12ADCA22-A5AC-43BB-9B42-9A55F108BD66}" = rport=137 | protocol=17 | dir=out | app=system |
"{2428349C-6AB8-4C2B-B69D-B27CE6566578}" = rport=445 | protocol=6 | dir=out | app=system |
"{275D0AD2-0BC9-43B6-8333-AB8A69A2F16F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013.sp3a\wnt500x64\rpcsandrasrv.exe |
"{2D3DBEA6-4600-4E11-9A58-7D562AACB120}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DC80044-DA46-4E7D-92C8-10D1EA5EC2A6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C7581D8-C730-4A0B-AD8B-25331ECCC4FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{46C2DA57-4396-4AE2-B021-B84581B005F6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49D5BD11-A6A8-4CFB-9181-BDFAB1EF7B79}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B4488D1-F708-4F11-A560-48BC0F2C5A0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{532F11BC-60C0-4776-8777-2E9A586B25B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5C2A3686-5093-4D9B-BD4C-7633317CDB49}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{67B061FC-1654-42C6-9D1F-C4A58448DC97}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FA992E2-4330-4F97-B12C-B603B6C89D81}" = rport=138 | protocol=17 | dir=out | app=system |
"{72B4E662-DD58-4528-9C64-F7C5E5F24A87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7389986F-E315-4C29-AD00-87FF9422D8C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7801C72A-C989-4566-89AC-F9E88186A1AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{83B3A8AB-49B6-40A8-ACE6-49D99B017AFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F4ADBF9-E3C5-4FEF-BC08-806003E38D5F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2013.sp3a\rpcagentsrv.exe |
"{9399D5EC-E8EC-4C45-BC8E-CB730DD21970}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9D74880D-7CA9-4E31-B93E-786CE6B0178C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B136A21E-28C0-445A-921D-CBE66AFE92CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{B13BD509-F5D1-4B86-A908-7E7197161F17}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B5BA46AA-477C-4DE4-9159-1CEBE499A9A8}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC9BEC04-53B6-486F-A17A-E6E381979E06}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D246174E-5F5D-4148-B369-B0255274745B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2E42463-7130-4A87-8A04-1D26D9C2639E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5AE79A9-9CD0-4FC0-A7ED-8EF4977CA897}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA67C555-05AA-4F63-9A65-39BA11E51771}" = rport=139 | protocol=6 | dir=out | app=system |
"{EF5B77A1-508A-4689-9E98-5DED8A0ECADB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F64D6B49-B851-4461-9EE9-3EB9076BA0AF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F7D8BC92-1D25-4716-8390-A9DE4230F2F1}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{FD84DB6E-A282-4AB2-A2AB-813A3DC1E269}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01681DD3-99F4-4865-873C-BE0B12CE6E94}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{02A02833-C9AA-4327-95B6-5BE22A715AF1}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{02D9BE58-B08A-4ACD-91C1-73D2A1C46340}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0716BB15-5267-48E5-8AB1-E6084CD417B3}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{092AC795-0FDC-4795-9FEC-3C96121473F2}" = protocol=17 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{0B2B0F41-291C-408D-A1C1-B5A885C1F732}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0D958D76-9076-499C-BF75-9BC059E42FF6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10D37D80-99B8-49E5-9356-967F256DE95F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{114A224A-B522-40DB-9900-9F2291361228}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1BCF9FD2-449A-440F-88BD-DEE49B8B4A95}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{2530BC03-AEB6-4AA0-A726-6BE006248AAB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B6AFCE4-67F7-4ECD-BFBC-990F92B41F75}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2CFD7A58-5485-4752-B1D4-34572A22D1C1}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
"{2E58BB03-6268-4277-8E1B-EC47FE59B236}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3013F862-E0E9-4D5B-84A4-93905401B9E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{328D2249-C20C-41F9-B947-E32273FD56A6}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{356F09C8-D232-4A04-88A2-B7CAF52007BD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3882BDE3-5F43-4F6C-9571-66C11D3F19CC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3B09ACF4-5225-44DD-8C56-02327996B297}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3C2FFA7C-437A-4EA3-BB79-5BA2CD822BCC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3D4F9E08-E476-4900-AA85-D61024B41242}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51E132C0-1B5A-439D-8603-E616A1DB9B2F}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{54AA406F-83CD-40A9-AA55-B872777530A5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A3AF0F7-4D17-464D-9F7A-A5B25BD53CE4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5ABCD97C-7267-481D-8F29-87DF04509650}" = protocol=6 | dir=in | app=c:\windows\system32\lxbccoms.exe |
"{5CD21658-A668-469F-955A-32D4C3EB6AFA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FC387B6-FDD6-4BFD-87B8-53A59BD5398E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{605E66AE-6AA0-455B-9795-91353BE6C492}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{61A426BB-237C-488A-821B-576EC617C4CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6454A6CC-158E-4407-863C-8D80FF648A7D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{69AB86EC-22FB-4AC8-AC2E-D7F3E7377AA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AB2984C-73CD-4BA8-8184-14D3F24920F6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74C77DDE-FE6F-41E3-ABBA-2904D2385B83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{765334A3-0DB1-456E-8638-24E9E110CBDE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{782DD67A-D578-4CF0-8586-4F63C8057DCA}" = protocol=6 | dir=in | app=c:\users\kerstin\downloads\audioconvertersetup.exe |
"{811EB24B-23B9-4C9C-85F1-DCD38D8D9B69}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbccoms.exe |
"{815DE47E-9092-4819-9CD4-99E1A8EA1B5E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{823AFD3B-24C1-4F61-87A8-8E0926075678}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe |
"{849CB56E-CA4A-4779-94D9-47CB1DC35858}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89774BD7-15D3-4A2B-A942-AE223B85E5F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BBFE6EC-2B11-4476-AD4A-0BCC20A972DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{8EA00D49-20F7-4128-A81D-FA45CD9831B0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{941E9EB2-D225-4F20-89B7-CA0B37557884}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9523161B-B3B2-4D02-8575-64ED4B32245E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{99F32B97-9AAC-4957-B7F0-FC0DCEF0D75A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C2C2E2E-2B83-447A-A052-8F0F8DCEAA11}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E286FFC-ECDE-4A20-AF90-BB50642DB1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{9E608946-E471-40D8-AA45-30B7A9A4227E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A75FC4EC-42EA-4CE4-8C47-A41A4E7549AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A7FA1F9B-9AC8-489D-BE48-773B8C9A2200}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A885B92F-34BB-4554-9276-FADE05EC3E85}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC5C5B5B-799D-48BE-93A2-6752F1843867}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbcpswx.exe |
"{BA229754-138C-44D6-A1C8-88DB6F0E3DAF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C152CE31-9F2B-4034-A576-46C88C654A01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C61009AC-E42F-4E19-8DB9-B62405D847B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6A7A56D-8428-40CB-986A-5089EDD34693}" = protocol=17 | dir=in | app=c:\users\kerstin\downloads\audioconvertersetup.exe |
"{C6F07BEE-274A-4B67-83DE-7CCA94CFBCDA}" = protocol=6 | dir=out | app=system |
"{C8921B58-47F4-41F3-B322-1AC88D96B0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8DD003F-8C20-4EFC-A7D2-C2207D8A094A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{CBA60B54-9C15-4824-8577-09364A15043B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D49A6C44-1819-47F9-BC19-139C764F149A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{E1BBB8CC-2876-411E-8062-5F57A9482336}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E314D60C-903C-4C82-B27F-02C5FC1DF288}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EDCD6ABE-8753-4A5B-AF83-D00F37EC2496}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FE8784F7-F00E-4FBF-8A98-AFD9A57709C8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"TCP Query User{1C9F32E5-4C08-4889-BBE0-20D790A0E2AD}C:\users\kerstin\downloads\+++ aufheben software +++\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\users\kerstin\downloads\+++ aufheben software +++\ws_ftp\ws_ftp95.exe |
"TCP Query User{2207AA2F-6183-474B-BFC6-554EA6813571}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{241734EF-9872-4C8D-BED8-5CA906C50BD4}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{2726E9A1-F0F9-4C1D-B7FC-56EF5DF0D04C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{54EDC046-AC4B-43CB-B325-297BFBD2E3EF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{62D031C7-5A58-40BA-BED5-0F6C160564B8}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{9F44A820-189D-4450-9A43-89A68DA24868}C:\program files (x86)\corel\graphics10\register\navbrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\graphics10\register\navbrowser.exe |
"TCP Query User{B674261E-A50D-4270-8501-060C9CBF168D}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{CF58C80C-1670-40B2-88F3-05E87119F4E4}C:\program files (x86)\poser figure artist\poser figure artist.exe" = protocol=6 | dir=in | app=c:\program files (x86)\poser figure artist\poser figure artist.exe |
"TCP Query User{E51EC073-99AC-462D-B0C2-C8D61C45A639}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F9A732B6-B3FC-400D-A1F4-2F59BF888656}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{03CAEFAF-16D0-46EA-A839-69F257AE0980}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{0E03408E-D56D-4A77-82D4-2FFBB11EB709}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{10E0AEF0-A8D6-4B08-8746-51EEAF372299}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{2F108571-C290-42E4-86B9-164415CC28DC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{A5AA7826-5947-4EE6-B0E9-02A0B6AF09B7}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{AD908777-CA0B-455F-98BC-76836A2BBA78}C:\program files (x86)\poser figure artist\poser figure artist.exe" = protocol=17 | dir=in | app=c:\program files (x86)\poser figure artist\poser figure artist.exe |
"UDP Query User{BCC728E3-5C14-47FD-A65F-BD3A476ECABD}C:\program files (x86)\corel\graphics10\register\navbrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\graphics10\register\navbrowser.exe |
"UDP Query User{BFB42345-0483-43A4-9CD1-0D0FA38FAC00}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{C35A85E4-37A0-44ED-A347-A4C148CEF6FD}C:\users\kerstin\downloads\+++ aufheben software +++\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\users\kerstin\downloads\+++ aufheben software +++\ws_ftp\ws_ftp95.exe |
"UDP Query User{EC0FCC93-CFFA-4F46-8230-D512CBFDE646}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{F7258CF4-E323-49F5-ABC4-901972AE08FA}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Corel Painter 12
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0838FACF-AB67-4AB7-B09A-3FC1809AED34}" = Painter 12 - FR
"{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Painter 12 - Setup Files
"{0AC7AFA8-F350-4F67-9F87-75FEFEB7F27A}" = Livedrive
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{42CD49CD-4B05-4A2D-8FD1-E37CC9315FA5}" = Painter 12 - Core
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FD7D415-F562-4767-913F-26E7F463DF8B}" = Painter 12 - Corex64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{69F849EF-4918-4333-81C1-8D8FC07E62B1}" = Knoll Light Factory Photo 64 bit
"{77013803-5BA9-4C8A-BFC4-99AE7151C4B7}" = Painter 12 - EN
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{97759DE4-0A6A-4ACF-A511-4DA791BEAA1A}" = Painter 12 - Content
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC6FC993-CCD1-41A5-B61C-AD61F90549BE}" = Corel Painter 12 - IPM
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013.SP3a
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{E187937F-E3D5-45F7-BA33-1FC7CBF91640}" = Painter 12 - IT
"{E664F998-3760-4B30-AEF0-BB624C498870}" = Painter 12 - DE
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"Digital Film Tools-PhotoCopy 1.0" = PhotoCopy
"Digital Film Tools-Rays 1.0" = Rays
"Lexmark Z500-Z600 Series" = Lexmark Z500-Z600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PremElem100" = Adobe Premiere Elements 10
"VLC media player" = VLC media player 2.1.0-git
"Wacom Tablet Driver" = Wacom Tablett
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{037DAF73-DD9A-448E-A667-92850C1755B3}" = Effects Suite 32-bit
"{045D4EDF-8DC1-43D7-BAFC-7AAEF99C7168}" = Adobe Creative Suite 6 Production Premium
"{04AABF6D-55C5-4779-ABF9-992016E913A2}" = Micrografx Picture Publisher 10
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0CC11E6D-2CEB-4581-96EE-8CD992448117}" = DeepMeta
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 10
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{671BFBC4-81B0-49B0-958F-765670D7E10A}" = Knoll Light Factory Photo 32 bit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B024D4C-DE80-4B17-A1B0-E3CEB7EDE3EE}" = Media Pro
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{6E633C09-EA0B-4785-82D5-62AE0784C0F8}" = DeepMeta
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1" = Mouse Recorder Pro 2.0.7.0
"{8F8E885E-6161-4F48-B5A0-041BF7E63F75}" = Light v3.5 for Adobe Photoshop
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver UltraDev 4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CC4ECCC8-11CE-4542-A3DB-78947BC11D1D}" = Digital Element Aurora
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2437C5C-2D8C-40D2-8059-689AD7239FA3}" = Intel(R) C++ Redistributables for Windows* on Intel(R) 64
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2010-10-03 14.45.59" = Anti-Twin (Installation 23.04.2012)
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"AutocompletePro3_is1" = AutocompletePro
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CorelDRAW 10_TV" = CorelDRAW 10_TV
"Cyberduck" = Cyberduck 4.3.1 (11008)
"DCamCapture" = DCamCapture 0.9.2.1
"DirPrintOK" = DirPrintOK
"DreamAqua" = Dream Aquarium
"druckstdu.de Designer 1.6.1_is1" = druckstdu.de Designer 1.6.1
"druckstdu.de Designer 1.6.8_is1" = druckstdu.de Designer 1.6.8
"druckstdu.de Designer 1.6.9_is1" = druckstdu.de Designer 1.6.9
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exif-Viewer" = Exif-Viewer 2.51
"FileZilla Client" = FileZilla Client 3.7.1
"Foxit Reader" = Foxit Reader
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Graphics2PDF" = Graphics2PDF
"GSview 4.9" = GSview 4.9
"HDR Efex Pro" = HDR Efex Pro
"Helicon Focus_is1" = Helicon Focus 5.3.5
"InstallShield_{037DAF73-DD9A-448E-A667-92850C1755B3}" = Effects Suite 32-bit
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{671BFBC4-81B0-49B0-958F-765670D7E10A}" = Knoll Light Factory Photo 32 bit
"InstallShield_{69F849EF-4918-4333-81C1-8D8FC07E62B1}" = Knoll Light Factory Photo 64 bit
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IsoBuster_is1" = IsoBuster 1.8
"JDownloader" = JDownloader
"Light v3.5 for Adobe Photoshop" = Light v3.5 for Adobe Photoshop
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"NHP Professional 12.0" = NHP Professional 12.0
"Nik Collection" = Nik Collection
"Nokia Suite" = Nokia Suite
"PDFMate PDF Converter_is1" = PDFMate PDF Converter 1.6.0
"Pixum Fotobuch" = Pixum Fotobuch
"Poser Figure Artist" = Poser Figure Artist
"PTGui" = PTGui Pro 8.2.1
"Spyder3Express" = Spyder3Express
"Tagebuch_is1" = Alltags-Tagebuch
"Viveza 2" = Viveza 2
"VLC media player" = VLC media player 1.1.11
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WavePad" = WavePad Audiobearbeitungs-Software
"Winamp" = Winamp
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-1
"Wisdom-soft AutoScreenRecorder 3.1 Free" = Wisdom-soft AutoScreenRecorder 3.1 Free
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 3.0.9044
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2012 08:39:05 | Computer Name = Kerstin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 27.03.2012 13:16:18 | Computer Name = Kerstin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 28.03.2012 03:40:03 | Computer Name = Kerstin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 29.03.2012 04:42:47 | Computer Name = Kerstin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 29.03.2012 14:07:08 | Computer Name = Kerstin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.03.2012 03:08:42 | Computer Name = Kerstin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.03.2012 04:42:18 | Computer Name = Kerstin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.03.2012 07:41:46 | Computer Name = Kerstin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 30.03.2012 09:09:00 | Computer Name = Kerstin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0x9fc Startzeit der fehlerhaften Anwendung: 0x01cd0e763c4fe7fc Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 834bea9c-7a69-11e1-9ab0-00262270ccaf
Error - 30.03.2012 14:11:22 | Computer Name = Kerstin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.03.2012 01:04:20 | Computer Name = Kerstin-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ OSession Events ]
Error - 09.08.2010 15:34:47 | Computer Name = Kerstin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09.08.2010 15:35:20 | Computer Name = Kerstin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09.08.2010 15:36:32 | Computer Name = Kerstin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.09.2012 01:22:26 | Computer Name = Kerstin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 60
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.01.2013 08:54:01 | Computer Name = Kerstin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 12 seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.02.2013 05:33:45 | Computer Name = Kerstin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.02.2013 05:33:57 | Computer Name = Kerstin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.4518.1014. This session
lasted 5 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.06.2013 14:38:10 | Computer Name = Kerstin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error - 26.06.2013 14:38:10 | Computer Name = Kerstin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.
Error - 26.06.2013 14:38:38 | Computer Name = Kerstin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 26.06.2013 14:39:19 | Computer Name = Kerstin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 26.06.2013 14:40:00 | Computer Name = Kerstin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst LanmanServer erreicht.
Error - 30.06.2013 13:53:06 | Computer Name = Kerstin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 04.07.2013 12:44:02 | Computer Name = Kerstin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 04.07.2013 15:37:20 | Computer Name = Kerstin-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 05.07.2013 04:29:12 | Computer Name = Kerstin-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy8" den Befehl "chkdsk" aus.
Error - 05.07.2013 04:43:12 | Computer Name = Kerstin-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy8" den Befehl "chkdsk" aus.
< End of report >
Code:
ATTFilter OTL logfile created on: 06.07.2013 12:08:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,17% Memory free 15,99 Gb Paging File | 13,80 Gb Available in Paging File | 86,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 95,10 Gb Free Space | 20,42% Space Free | Partition Type: NTFS Computer Name: KERSTIN-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.06 10:37:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe PRC - [2013.07.05 10:35:23 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.06.18 09:36:41 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.05.15 16:11:24 | 001,806,336 | ---- | M] (Livedrive Internet Ltd) -- C:\Program Files (x86)\Livedrive\Livedrive.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.05 19:09:32 | 003,474,888 | ---- | M] (Webshots.com) -- C:\Program Files (x86)\Webshots\3.1.5.7620\webshots.scr PRC - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010.10.04 00:16:26 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe PRC - [2009.08.11 12:19:48 | 006,798,714 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe ========== Modules (No Company Name) ========== MOD - [2013.07.05 10:35:22 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.06.18 09:36:41 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.05.16 09:54:58 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013.05.15 22:57:06 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.15 22:56:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.15 16:14:06 | 000,068,760 | ---- | M] () -- C:\Program Files (x86)\Livedrive\Native.dll MOD - [2013.05.15 16:08:44 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Livedrive\Localisation.dll MOD - [2013.02.14 10:05:07 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013.01.10 11:47:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.10 11:07:20 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013.01.10 11:07:20 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013.01.10 11:07:19 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.01.10 11:07:14 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\abf5f0f6b5d995fb86b0529ac85e14ed\System.DirectoryServices.ni.dll MOD - [2013.01.10 11:06:33 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 11:06:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 11:05:59 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 11:04:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.07.28 16:20:34 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\Livedrive\AlphaFS.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.08.11 12:19:48 | 006,798,714 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe MOD - [2009.08.11 12:19:48 | 000,897,024 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\RBScript.dll MOD - [2009.08.11 12:19:48 | 000,762,368 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\XML.dll MOD - [2009.08.11 12:19:48 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\CGamma.dll MOD - [2009.08.11 12:19:48 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\RegEx.dll MOD - [2009.08.11 12:19:48 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\Appearance Pak.dll MOD - [2009.08.11 12:19:48 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\CSensor.dll MOD - [2009.08.11 12:19:48 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\Shell.dll MOD - [2009.08.11 12:19:48 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll MOD - [2009.08.11 12:19:48 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.03.16 01:24:18 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbccoms.exe -- (lxbc_device) SRV - [2013.05.15 16:14:10 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Livedrive\VSSService.exe -- (LivedriveVSSService) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.10.06 10:15:01 | 003,084,176 | ---- | M] (Emsisoft GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.08.01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.01.23 08:38:24 | 007,515,000 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2012.01.23 08:38:24 | 000,552,312 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV - [2011.09.01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2010.11.30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64) SRV - [2010.10.04 00:16:26 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.22 23:35:52 | 000,071,832 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.03.16 01:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbccoms.exe -- (lxbc_device) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.10 10:50:36 | 000,352,008 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3) DRV:64bit: - [2012.06.27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.16 13:45:58 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2012.01.16 13:45:58 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2012.01.16 13:45:58 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2012.01.09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.11.14 10:29:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011.11.14 10:29:44 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.11.14 10:29:42 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.11.03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.16 16:24:16 | 000,015,672 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV:64bit: - [2010.06.19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b) DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.10.05 15:49:34 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.19 15:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.09.08 18:26:20 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3) DRV - [2012.06.19 08:54:05 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver) DRV - [2011.05.19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2010.05.05 09:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util) DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\WNt500x64\sandra.sys -- (SANDRA) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7bfb15bf72-09c1-4219-a30f-cdee1ce236c7%7d&q={searchTerms} IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 82 05 E5 09 7D CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=323805679_106749078&did=%7bfb15bf72-09c1-4219-a30f-cdee1ce236c7%7d&q={searchTerms} IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.4: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.05 10:35:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.05 10:35:16 | 000,000,000 | ---D | M] [2010.07.31 21:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2010.07.31 21:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\fb19xjq8.default\extensions [2013.07.05 23:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.07.05 10:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.07.05 10:35:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.07.29 21:11:12 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2013.04.14 12:08:16 | 000,000,858 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll (Livedrive Internet Ltd) O2 - BHO: (agihelper.AGUtils) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll File not found O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Corel Reminder] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9706004B-2716-434C-A25C-4A1C6D2A5A14}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.05 11:36:48 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.06 10:37:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2013.07.05 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.05 10:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.07.04 19:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive [2013.07.04 19:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livedrive [2013.07.04 19:08:39 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin [2013.07.04 18:49:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2013.07.04 16:56:40 | 000,223,592 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsNetRdr3.dll [2013.07.04 16:56:40 | 000,190,312 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsMntNtf3.dll [2013.07.04 16:56:40 | 000,158,056 | ---- | C] (EldoS Corporation) -- C:\Windows\SysWow64\CbFsMntNtf3.dll [2013.07.04 16:56:40 | 000,141,672 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\CbFsNetRdr3.dll [2013.07.04 16:56:39 | 000,352,008 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\cbfs3.sys [2013.06.29 21:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StatsPrime [2013.06.29 21:48:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StatsPrime [2013.06.23 12:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck [2013.06.23 12:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberduck [2013.06.17 16:23:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2013.06.17 15:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\RedGiant [2013.06.06 14:09:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exif Viewer [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.06 12:07:38 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.06 12:04:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.06 11:57:42 | 000,026,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.06 11:57:42 | 000,026,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.06 11:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.06 11:48:58 | 2145,894,399 | -HS- | M] () -- C:\hiberfil.sys [2013.07.06 11:38:01 | 001,273,625 | ---- | M] () -- C:\Users\Administrator\Desktop\zoek.exe [2013.07.06 10:37:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2013.07.06 10:24:55 | 001,676,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.06 10:24:55 | 000,719,960 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.06 10:24:55 | 000,671,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.06 10:24:55 | 000,159,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.06 10:24:55 | 000,129,928 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.05 12:04:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.05 11:36:48 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.06.29 21:49:22 | 000,002,555 | ---- | M] () -- C:\Users\Public\Desktop\StatsPrime (allow 1GB RAM).lnk [2013.06.18 09:32:25 | 005,153,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.06 12:08:34 | 001,273,625 | ---- | C] () -- C:\Users\Administrator\Desktop\zoek.exe [2013.07.05 12:04:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.05 11:36:48 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.06.29 21:49:22 | 000,002,555 | ---- | C] () -- C:\Users\Public\Desktop\StatsPrime (allow 1GB RAM).lnk [2013.04.14 09:49:44 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2013.03.09 15:34:45 | 000,000,499 | ---- | C] () -- C:\Windows\alltag.ini [2012.12.25 15:53:07 | 000,000,117 | ---- | C] () -- C:\Windows\AutoScreenRecorder.INI [2012.07.30 15:01:38 | 000,202,752 | ---- | C] () -- C:\Windows\SysWow64\KLF_OGL.dll [2012.05.25 23:04:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\DirectoryService [2012.05.25 23:04:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT [2012.05.25 23:04:19 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Limiter [2012.05.25 23:04:16 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Displays [2012.05.25 23:04:15 | 000,000,012 | RH-- | C] () -- C:\ProgramData\MAS [2012.05.25 22:58:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2012.01.07 19:27:50 | 000,124,460 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 992 bytes -> C:\Program Files\Common Files\Microsoft Shared:yjg8NpTpq1fLiXDUA @Alternate Data Stream - 966 bytes -> C:\ProgramData\Microsoft:kkw92QOElgqJAhXpy @Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences @Alternate Data Stream - 1099 bytes -> C:\ProgramData\Microsoft:rKRd5HRXuIJiAYmHjuWbqJndLkl < End of report > |
|
06.07.2013, 13:17
| #6 |
| /// Malwareteam / Visitor | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los?
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7620&uid=0&did=%7bfb15bf72-09c1-4219-a30f-cdee1ce236c7%7d&q={searchTerms}
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = hxxp://search.imgag.com/?appid=wsdt&component=&c=GNWDO59900&sbs=2&sc=2&f=web&vernum=3.1.5.7619&uid=323805679_106749078&did=%7bfb15bf72-09c1-4219-a30f-cdee1ce236c7%7d&q={searchTerms}
IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
O2 - BHO: (agihelper.AGUtils) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll File not found
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2013.07.04 19:08:39 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013.07.04 18:49:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
@Alternate Data Stream - 992 bytes -> C:\Program Files\Common Files\Microsoft Shared:yjg8NpTpq1fLiXDUA
@Alternate Data Stream - 966 bytes -> C:\ProgramData\Microsoft:kkw92QOElgqJAhXpy
@Alternate Data Stream - 128 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1099 bytes -> C:\ProgramData\Microsoft:rKRd5HRXuIJiAYmHjuWbqJndLkl
:services
:files
:reg
:Commands
[resethosts]
[purity]
[emptytemp]
|
|
06.07.2013, 13:26
| #7 |
| | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? vielen Dank für deine prompte Hilfe Hier der Text nach Ausführen von OTL und Neustart Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32b29df0-2237-4370-9a29-37cebb730e9b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Users\Kerstin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32B29DF0-2237-4370-9A29-37CEBB730E9B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\AI_RecycleBin\{D1E95293-8698-4AF8-883B-BC696D4E34FB} folder moved successfully.
C:\AI_RecycleBin\{77EAC893-440B-4696-A560-9E066486E559}\0\Cloudly\Uninstaller folder moved successfully.
C:\AI_RecycleBin\{77EAC893-440B-4696-A560-9E066486E559}\0\Cloudly\bin folder moved successfully.
C:\AI_RecycleBin\{77EAC893-440B-4696-A560-9E066486E559}\0\Cloudly folder moved successfully.
C:\AI_RecycleBin\{77EAC893-440B-4696-A560-9E066486E559}\0 folder moved successfully.
C:\AI_RecycleBin\{77EAC893-440B-4696-A560-9E066486E559} folder moved successfully.
C:\AI_RecycleBin folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{B5F6C91B-9133-4DB8-ADDE-D1F9E13AA2EC} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{A98E6DD6-66AC-4C9A-A14D-FFE5B3E3DDD7} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{94B224D0-0E9D-4B54-B85F-A519A7619BC9} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{7E09A678-ECCE-48C5-9234-C34ABF356719} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{5FF3A7A0-0D0A-4D55-994C-FEE7C036AA49} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin\{355B506A-E3CD-46DA-8A3A-4AAAFED9BF86} folder moved successfully.
C:\Windows\SysWow64\AI_RecycleBin folder moved successfully.
File/Folder C:\Windows\*.tmp not found.
C:\Program Files (x86)\GUM53DC.tmp folder deleted successfully.
C:\Program Files (x86)\GUM97F4.tmp folder deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:yjg8NpTpq1fLiXDUA deleted successfully.
ADS C:\ProgramData\Microsoft:kkw92QOElgqJAhXpy deleted successfully.
ADS C:\Windows:nlsPreferences deleted successfully.
ADS C:\ProgramData\Microsoft:rKRd5HRXuIJiAYmHjuWbqJndLkl deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 769536 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kerstin
->Temp folder emptied: 3479298 bytes
->Temporary Internet Files folder emptied: 606781 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17731954 bytes
->Flash cache emptied: 492 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 22,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 07062013_142055
Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Kerstin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
06.07.2013, 13:30
| #8 |
| /// Malwareteam / Visitor | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Es freut mir das es geklappt hat Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
|
06.07.2013, 13:52
| #9 |
| | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Danke für die schnelle Antwort Habe AdwCleaner ausgeführt, hat funktioniert. Das Junkware Tool wollte er jedoch nicht ausführen. Genau wie bei Zoek meint er, es sei nicht kompatibel, versucht es mit anderen Einstellungen, aber nichts funktioniert. Also Junkware - den Durchlauf konnte ich leider nicht machen Code:
ATTFilter # AdwCleaner v2.304 - Datei am 06/07/2013 um 14:39:30 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Administrator - KERSTIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\AutocompletePro
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\AGI
Ordner Gelöscht : C:\Users\Kerstin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Kerstin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Kerstin\AppData\LocalLow\AGI
Ordner Gelöscht : C:\Users\Kerstin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Kerstin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AGI
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\AGI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2704262
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro3_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKU\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Schlüssel Gelöscht : HKU\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKU\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default\prefs.js
C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2704262.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2704262.CTID", "CT2704262");
Gelöscht : user_pref("CT2704262.CurrentServerDate", "3-7-2011");
Gelöscht : user_pref("CT2704262.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2704262.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2704262.FeedLastCount129531287796537552", 160);
Gelöscht : user_pref("CT2704262.FeedPollDate129531287797162554", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.FeedPollDate129531287797162555", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.FeedPollDate129531287797162556", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.FeedPollDate129531287797162557", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.FeedPollDate129531287797162558", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.FeedPollDate129531287797162559", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.FeedPollDate129531287797162560", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.FeedPollDate129531287797162561", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.FeedTTL129531287797162554", 40);
Gelöscht : user_pref("CT2704262.FeedTTL129531287797162555", 40);
Gelöscht : user_pref("CT2704262.FeedTTL129531287797162556", 40);
Gelöscht : user_pref("CT2704262.FeedTTL129531287797162557", 40);
Gelöscht : user_pref("CT2704262.FeedTTL129531287797162558", 40);
Gelöscht : user_pref("CT2704262.FeedTTL129531287797162559", 40);
Gelöscht : user_pref("CT2704262.FeedTTL129531287797162560", 40);
Gelöscht : user_pref("CT2704262.FeedTTL129531287797162561", 40);
Gelöscht : user_pref("CT2704262.FirstServerDate", "3-7-2011");
Gelöscht : user_pref("CT2704262.FirstTime", true);
Gelöscht : user_pref("CT2704262.FirstTimeFF3", true);
Gelöscht : user_pref("CT2704262.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2704262.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2704262.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2704262.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2704262.Initialize", true);
Gelöscht : user_pref("CT2704262.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2704262.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2704262.InstalledDate", "Sun Jul 03 2011 21:00:06 GMT+0200");
Gelöscht : user_pref("CT2704262.InvalidateCache", false);
Gelöscht : user_pref("CT2704262.IsGrouping", false);
Gelöscht : user_pref("CT2704262.IsMulticommunity", false);
Gelöscht : user_pref("CT2704262.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2704262.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2704262.LanguagePackLastCheckTime", "Sun Jul 03 2011 21:00:06 GMT+0200");
Gelöscht : user_pref("CT2704262.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2704262.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2704262.LastLogin_2.7.1.3", "Sun Jul 03 2011 21:00:28 GMT+0200");
Gelöscht : user_pref("CT2704262.LatestVersion", "3.3.3.2");
Gelöscht : user_pref("CT2704262.Locale", "en");
Gelöscht : user_pref("CT2704262.LoginCache", 4);
Gelöscht : user_pref("CT2704262.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2704262.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2704262.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2704262.RadioIsPodcast", false);
Gelöscht : user_pref("CT2704262.RadioLastCheckTime", "Sun Jul 03 2011 21:00:04 GMT+0200");
Gelöscht : user_pref("CT2704262.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2704262.RadioLastUpdateServer", "129242955136270000");
Gelöscht : user_pref("CT2704262.RadioMediaID", "21037024");
Gelöscht : user_pref("CT2704262.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2704262.RadioMenuSelectedID", "EBRadioMenu_CT270426221037024");
Gelöscht : user_pref("CT2704262.RadioStationName", "California%20Rock");
Gelöscht : user_pref("CT2704262.RadioStationURL", "hxxp://feedlive.net/california.asx");
Gelöscht : user_pref("CT2704262.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2704262.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2704262.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2704262.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT270[...]
Gelöscht : user_pref("CT2704262.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2704262.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2704262.SearchInNewTabLastCheckTime", "Sun Jul 03 2011 21:00:28 GMT+0200");
Gelöscht : user_pref("CT2704262.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2704262.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2704262.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2704262.SettingsLastCheckTime", "Sun Jul 03 2011 20:59:59 GMT+0200");
Gelöscht : user_pref("CT2704262.SettingsLastUpdate", "1309470258");
Gelöscht : user_pref("CT2704262.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2704262.ThirdPartyComponentsLastCheck", "Sun Jul 03 2011 20:59:59 GMT+0200");
Gelöscht : user_pref("CT2704262.ThirdPartyComponentsLastUpdate", "1246786978");
Gelöscht : user_pref("CT2704262.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2704262.UserID", "UN01369948172078061");
Gelöscht : user_pref("CT2704262.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2704262.alertChannelId", "1096603");
Gelöscht : user_pref("CT2704262.backendstorage.2704262a129531303481232105000000paramsgk0", "7B22757064617465526[...]
Gelöscht : user_pref("CT2704262.backendstorage.appbuttondisablenull", "30");
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat0", "253542253742253232[...]
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat1", "253542253742253232[...]
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat2", "253542253742253232[...]
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000cat3", "253542253742253232[...]
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000embeddedversion", "312E312[...]
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000feedsobj", "25374225323263[...]
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000lastreporttime", "31333039[...]
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000newfeeds", "6E657746656564[...]
Gelöscht : user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000readitemsarr", "2537422532[...]
Gelöscht : user_pref("CT2704262.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2704262.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2704262.myStuffEnabled", true);
Gelöscht : user_pref("CT2704262.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2704262.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2704262.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2704262.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2704262.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.qip.ru/search?from=FF&quer[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2704262");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2704262");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262");
Gelöscht : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Sun Jul 03 2011 21:00:07 GMT+0200"[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Sun Jul 03 2011 21:00:07 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Sun Jul 03 2011 21:00:07 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Sun Jul 03 2011 21:00:07 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Sun Jul 03 2011 21:00:07 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Sun Jul 03 2011 21:00:07 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Sun Jul 03 2011 21:00:07 GMT+0200")[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Sun Jul 03 2011 21:00:07 GMT+0200")[...]
Gelöscht : user_pref("browser.search.defaultenginename", "QIP Search");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "FreeSoundRecorder Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&Sea[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&q=");
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fb19xjq8.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\jawit4xv.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [14225 octets] - [06/07/2013 14:38:30]
AdwCleaner[S1].txt - [14107 octets] - [06/07/2013 14:39:30]
########## EOF - C:\AdwCleaner[S1].txt - [14168 octets] ##########
|
|
06.07.2013, 14:35
| #10 |
| /// Malwareteam / Visitor | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Ich bin gespannt ob der nächster Tool starten will  Scan mit Combofix
|
|
06.07.2013, 15:14
| #11 |
| | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? ja, ich war auch gespannt aber anscheinend gibt mein PC langsam auf diesmal ging es problemlos: ComboFix: Code:
ATTFilter ComboFix 13-07-06.03 - Administrator 06.07.2013 15:50:09.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.6510 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kerstin\AppData\Local\lame_enc.dll
c:\users\Kerstin\AppData\Local\no23xwrapper.dll
c:\users\Kerstin\AppData\Local\ogg.dll
c:\users\Kerstin\AppData\Local\vorbis.dll
c:\users\Kerstin\AppData\Local\vorbisenc.dll
c:\users\Kerstin\AppData\Local\vorbisfile.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-06 bis 2013-07-06 ))))))))))))))))))))))))))))))
.
.
2013-07-06 12:44 . 2013-07-06 12:52 -------- d-----w- C:\JRT
2013-07-06 12:20 . 2013-07-06 12:20 -------- d-----w- C:\_OTL
2013-07-06 07:39 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48D32F3E-91CA-40ED-80E4-588809ABE4E0}\mpengine.dll
2013-07-05 09:36 . 2013-07-05 09:36 -------- d-----w- c:\program files\Enigma Software Group
2013-07-04 17:09 . 2013-07-04 17:10 -------- d-----w- c:\program files (x86)\Livedrive
2013-07-04 16:49 . 2013-07-06 13:23 -------- d-----w- c:\users\Kerstin\AppData\Local\Livedrive
2013-07-04 14:56 . 2012-11-10 08:56 141672 ----a-w- c:\windows\system32\CbFsNetRdr3.dll
2013-07-04 14:56 . 2012-11-10 08:56 223592 ----a-w- c:\windows\SysWow64\CbFsNetRdr3.dll
2013-07-04 14:56 . 2012-11-10 08:55 190312 ----a-w- c:\windows\system32\CbFsMntNtf3.dll
2013-07-04 14:56 . 2012-11-10 08:55 158056 ----a-w- c:\windows\SysWow64\CbFsMntNtf3.dll
2013-07-04 14:56 . 2012-11-10 08:50 352008 ----a-w- c:\windows\system32\drivers\cbfs3.sys
2013-07-04 14:55 . 2013-07-04 16:49 -------- d-----w- c:\users\Kerstin\AppData\Local\Cloudly
2013-06-29 19:48 . 2013-06-29 19:48 -------- d-----w- c:\program files (x86)\StatsPrime
2013-06-25 07:54 . 2013-06-26 12:20 248656 ----a-r- c:\users\Kerstin\AppData\Roaming\Microsoft\Installer\{6E633C09-EA0B-4785-82D5-62AE0784C0F8}\NewShortcut1_F7CF767F5C904D0C92D296FFE272F502.exe
2013-06-25 07:54 . 2013-06-26 12:20 248656 ----a-r- c:\users\Kerstin\AppData\Roaming\Microsoft\Installer\{6E633C09-EA0B-4785-82D5-62AE0784C0F8}\ARPPRODUCTICON.exe
2013-06-23 10:40 . 2013-06-23 10:40 -------- d-sh--w- c:\users\Kerstin\wc
2013-06-23 10:40 . 2013-06-23 10:40 -------- d-sh--w- c:\users\Kerstin\AppData\Roaming\wyUpdate AU
2013-06-23 10:40 . 2013-06-23 14:43 -------- d-----w- c:\users\Kerstin\AppData\Roaming\Cyberduck
2013-06-23 10:39 . 2013-06-23 10:40 -------- d-----w- c:\program files (x86)\Cyberduck
2013-06-17 14:23 . 2013-06-17 14:23 -------- d-----w- c:\program files (x86)\My Company Name
2013-06-17 13:37 . 2013-06-17 13:37 -------- d-----w- c:\programdata\RedGiant
2013-06-15 21:33 . 2013-06-08 14:08 279040 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-15 21:33 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-15 21:33 . 2013-06-08 11:41 218112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-15 21:33 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-15 21:33 . 2013-06-08 14:08 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-15 21:33 . 2013-06-08 14:06 2648064 ----a-w- c:\windows\system32\iertutil.dll
2013-06-15 21:33 . 2013-06-08 14:06 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-15 21:32 . 2013-06-08 14:06 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-15 21:32 . 2013-06-08 14:07 19233792 ----a-w- c:\windows\system32\mshtml.dll
2013-06-12 06:04 . 2013-05-17 01:25 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-12 06:04 . 2013-05-17 00:58 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-12 06:04 . 2013-05-17 01:25 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 06:04 . 2013-05-17 01:25 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-12 06:04 . 2013-05-17 00:58 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-12 06:04 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-12 06:04 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-12 06:04 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-12 05:34 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 05:34 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 05:34 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-06 15:39 . 2013-06-06 15:39 -------- d-----w- c:\users\Kerstin\AppData\Local\IsolatedStorage
2013-06-06 15:39 . 2013-06-06 15:39 -------- d-----w- c:\users\Kerstin\AppData\Local\MEDION
2013-06-06 14:32 . 2013-06-06 14:32 -------- d-sh--w- c:\users\Kerstin\AppData\Local\icsxml
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-18 07:36 . 2013-03-12 10:54 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-18 07:36 . 2011-12-28 12:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 06:05 . 2010-10-29 08:00 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-05-21 21:57 . 2013-05-21 21:57 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-21 21:57 . 2013-05-21 21:57 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-21 21:57 . 2013-05-21 21:57 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-21 21:57 . 2013-05-21 21:57 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-21 21:57 . 2013-05-21 21:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-21 21:57 . 2013-05-21 21:57 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-21 21:57 . 2013-05-21 21:57 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-21 21:57 . 2013-05-21 21:57 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-21 21:57 . 2013-05-21 21:57 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-21 21:57 . 2013-05-21 21:57 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-21 21:57 . 2013-05-21 21:57 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-21 21:57 . 2013-05-21 21:57 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-21 21:57 . 2013-05-21 21:57 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-21 21:57 . 2013-05-21 21:57 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-21 21:57 . 2013-05-21 21:57 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-21 21:57 . 2013-05-21 21:57 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-21 21:57 . 2013-05-21 21:57 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-21 21:57 . 2013-05-21 21:57 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-21 21:57 . 2013-05-21 21:57 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-21 21:57 . 2013-05-21 21:57 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-21 21:57 . 2013-05-21 21:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-21 21:57 . 2013-05-21 21:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-21 21:57 . 2013-05-21 21:57 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-21 21:57 . 2013-05-21 21:57 441856 ----a-w- c:\windows\system32\html.iec
2013-05-21 21:57 . 2013-05-21 21:57 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-21 21:57 . 2013-05-21 21:57 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-21 21:57 . 2013-05-21 21:57 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-21 21:57 . 2013-05-21 21:57 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-21 21:57 . 2013-05-21 21:57 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-21 21:57 . 2013-05-21 21:57 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-21 21:57 . 2013-05-21 21:57 235008 ----a-w- c:\windows\system32\url.dll
2013-05-21 21:57 . 2013-05-21 21:57 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-21 21:57 . 2013-05-21 21:57 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-21 21:57 . 2013-05-21 21:57 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-21 21:57 . 2013-05-21 21:57 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-21 21:57 . 2013-05-21 21:57 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-21 21:57 . 2013-05-21 21:57 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-21 21:57 . 2013-05-21 21:57 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-21 21:57 . 2013-05-21 21:57 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-21 21:57 . 2013-05-21 21:57 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-21 21:57 . 2013-05-21 21:57 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-21 21:57 . 2013-05-21 21:57 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-21 21:57 . 2013-05-21 21:57 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-21 21:57 . 2013-05-21 21:57 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-21 21:57 . 2013-05-21 21:57 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-21 21:57 . 2013-05-21 21:57 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-21 21:57 . 2013-05-21 21:57 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-21 21:57 . 2013-05-21 21:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-21 21:57 . 2013-05-21 21:57 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-02 00:06 . 2010-07-29 17:46 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 06:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 06:24 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 06:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 06:24 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 06:24 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 06:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:27 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 06:24 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 06:24 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 06:23 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-11-10 08:55 158056 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
c:\users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files (x86)\Webshots\3.1.5.7620\Launcher.exe /t [2012-10-12 157128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [x]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder3.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe;c:\program files (x86)\Livedrive\VSSService.exe [x]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe;c:\windows\SYSNATIVE\lxbccoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [x]
S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10 13:48]
.
2013-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-10 13:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]
@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"
[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]
2013-05-15 14:14 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-11-10 08:55 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2013-05-15 14:14 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2013-05-15 14:14 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2013-05-15 14:14 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2013-05-15 14:14 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-03 7982112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fb19xjq8.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-Corel Reminder - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk - c:\program files (x86)\Webshots\WebshotsTray.exe
AddRemove-DirPrintOK - c:\users\Kerstin\Downloads\DirPrintOK\DirPrintOK.exe
AddRemove-GSview 4.9 - c:\program files (x86)\Ghostgum\gsview\uninstgs.exe
AddRemove-{2857dbef-0b50-361c-8690-7d505747009f} - c:\program files (x86)\AGI\core\4.2.0.10755\InstallerGUI.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:ed,35,12,7d,62,07,77,36,91,cf,1f,91,51,6a,39,96,a1,a7,e4,68,e1,
53,af,f0,38,c2,e7,4d,f9,b0,c6,02,78,91,4d,65,1c,fb,f8,ed,e3,bf,e3,74,97,2f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:ed,35,12,7d,62,07,77,36,91,cf,1f,91,51,6a,39,96,a1,a7,e4,68,e1,
53,af,f0,38,c2,e7,4d,f9,b0,c6,02,78,91,4d,65,1c,fb,f8,ed,e3,bf,e3,74,97,2f,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-06 16:10:37
ComboFix-quarantined-files.txt 2013-07-06 14:10
.
Vor Suchlauf: 9 Verzeichnis(se), 125.729.198.080 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 128.661.778.432 Bytes frei
.
- - End Of File - - 00AA27031C6632509B1E2E9BE8009E28
A36C5E4F47E84449FF07ED3517B43A31
|
|
06.07.2013, 15:21
| #12 |
| /// Malwareteam / Visitor | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Gut  Kannst Du jetzt Zoek.exe und JRT nochmal ein versuch geben? |
|
06.07.2013, 16:13
| #13 |
| | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Hm, anscheinend hast du was gezaubert, mein PC hat aufgegeben er hat beide ausgeführt, zwar mit Sträuben aber immerhin ^^ Code:
ATTFilter Zoek.exe Version 4.0.0.3 Updated 05-July-2013
Tool run by Kerstin on 06.07.2013 at 16:43:20,15.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results06.07.2013-1631.log 390 bytes
==== Creating Sample__1649.zip ======================
Copied file C:\Users\Kerstin\AppData\Local\No23 Recorder.exe to sample\No23 Recorder.exe
sample\No23 Recorder.exe renamed to 66C2D240E8422AA395A5286CE7AE17A4
C:\Users\Public\Desktop\sample__1649.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully
HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{32B29DF0-2237-4370-9A29-37CEBB730E9B} deleted successfully
==== Running Processes ======================
C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Livedrive\Livedrive.exe
C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe
C:\Program Files (x86)\Webshots\3.1.5.7620\webshots.scr
C:\Users\Kerstin\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fb19xjq8.default
user.js not found
---- Lines CT2704262 removed from prefs.js ----
---- Lines CT2704262 modified from prefs.js ----
---- Lines Lyric removed from prefs.js ----
---- Lines Lyric modified from prefs.js ----
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines browser.startup.page modified from prefs.js ----
---- Lines {32B29DF0-2237-4370-9A29-37CEBB730E9B} removed from prefs.js ----
---- Lines {32B29DF0-2237-4370-9A29-37CEBB730E9B} modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1651_.backup
ProfilePath: C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\jawit4xv.default
user.js not found
---- Lines CT2704262 removed from prefs.js ----
---- Lines CT2704262 modified from prefs.js ----
---- Lines Lyric removed from prefs.js ----
---- Lines Lyric modified from prefs.js ----
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines browser.startup.page modified from prefs.js ----
---- Lines {32B29DF0-2237-4370-9A29-37CEBB730E9B} removed from prefs.js ----
---- Lines {32B29DF0-2237-4370-9A29-37CEBB730E9B} modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1651_.backup
ProfilePath: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default
user.js not found
---- Lines CT2704262 removed from prefs.js ----
---- Lines CT2704262 modified from prefs.js ----
---- Lines Lyric removed from prefs.js ----
---- Lines Lyric modified from prefs.js ----
---- Lines browser.startup.page removed from prefs.js ----
---- Lines browser.startup.page modified from prefs.js ----
---- Lines {32B29DF0-2237-4370-9A29-37CEBB730E9B} removed from prefs.js ----
---- Lines {32B29DF0-2237-4370-9A29-37CEBB730E9B} modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1651_.backup
==== Deleting Files \ Folders ======================
"C:\ProgramData\DirectoryService" deleted
"C:\ProgramData\Displays" deleted
"C:\ProgramData\Limiter" deleted
"C:\ProgramData\MAS" deleted
"C:\Users\Kerstin\AppData\Local\bass.dll" deleted
"C:\Users\Kerstin\AppData\Local\basscd.dll" deleted
"C:\Users\Kerstin\AppData\Local\CDRip.dll" deleted
"C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default\searchplugins\ebay-search-suggest.xml" deleted
"C:\Users\Kerstin\AppData\Local\No23 Recorder.exe" deleted
"C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default\CT2704262" deleted
"C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default\CT2704262" deleted
==== System Specs ======================
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8190 MB
CPU Info: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
CPU Speed: 1891,9 MHz
Sound Card: Lautsprecher (Realtek High Defi |
Realtek Digital Output (Realtek |
Display Adapters: NVIDIA GeForce GT 240M | NVIDIA GeForce GT 240M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; PnP-Monitor (Standard) |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Broadcom NetLink (TM)-Gigabit-Ethernet
CD / DVD Drives: 1x (D: | ) D: Optiarc BD ROM BC-5500S
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 465,8GB
Hard Disks - Free: C: 119,6GB
Manufacturer *: Packard Bell
BIOS Info: AT/AT COMPATIBLE | 09/29/09 | ACRSYS - 1
Time Zone: Mitteleuropäische Zeit
Motherboard *: Packard Bell EasyNote LJ65
Internet Explorer Version: 10.0.9200.16618
Sun Java version: 1.7.0_10
Country: Deutschland
Language: DEU
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-07-06 13:47:25 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2013-07-06 13:47:25 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2013-07-06 13:47:25 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2013-07-06 13:47:25 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2013-07-06 13:47:25 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\Kerstin\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-07-04 14:56:40 9D26998C33AC7E96FAB0FE59DFC35FDD 158056 ----a-w- C:\Windows\SysWOW64\CbFsMntNtf3.dll
2013-07-04 14:56:40 0E3A0C800FAF0ED967FB6FD40297EE01 223592 ----a-w- C:\Windows\SysWOW64\CbFsNetRdr3.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-07-04 14:56:40 C537679950757A84BB713FA377CD2381 141672 ----a-w- C:\Windows\Sysnative\CbFsNetRdr3.dll
2013-07-04 14:56:40 2508CC9B93D1A8C297DC01E7046CB4AB 190312 ----a-w- C:\Windows\Sysnative\CbFsMntNtf3.dll
====== C:\Windows\Sysnative\drivers =====
2013-07-04 14:56:39 3D50891CAA71E3479A8A10F25CA9207F 352008 ----a-w- C:\Windows\Sysnative\drivers\cbfs3.sys
2013-06-12 05:34:14 9849EA3843A2ADBDD1497E97A85D8CAE 1910632 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
====== C:\Windows\Tasks ======
2013-07-06 12:44:57 C25DE44E6D9DFE921CBA77305EE031E9 3158 ----a-w- C:\Windows\Sysnative\Tasks\{32F72A9D-B1CB-4F91-8025-27749DE22377}
2013-07-06 10:45:06 BCFE8DFBD44308AE98BFD75FF27ED9F3 3160 ----a-w- C:\Windows\Sysnative\Tasks\{136887E8-2227-4A2C-91C2-DA716253EBE3}
2013-07-06 09:52:27 09E305CAD92382967FE5BA9878BD5E04 2940 ----a-w- C:\Windows\Sysnative\Tasks\{064E5761-BF2C-418A-831F-02A6DA2350C6}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-07-05 09:36:12 -------- d-----w- C:\Program Files\Enigma Software Group
======= C:\Program Files (x86) =====
2013-07-04 17:09:54 -------- d-----w- C:\Program Files (x86)\Livedrive
2013-06-29 19:48:19 -------- d-----w- C:\Program Files (x86)\StatsPrime
2013-06-23 10:39:05 -------- d-----w- C:\Program Files (x86)\Cyberduck
2013-06-17 14:23:18 -------- d-----w- C:\Program Files (x86)\My Company Name
======= C: =====
2013-07-06 12:39:30 97DA5CC29560E95A73FC769A2D87F0B4 14230 ----a-w- C:\AdwCleaner[S1].txt
2013-07-06 12:38:30 053FD15651C7C41AB3AD7840E4179AD0 14225 ----a-w- C:\AdwCleaner[R1].txt
2013-07-05 09:36:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
====== C:\Users\Kerstin\AppData\Roaming ======
2013-07-06 14:10:40 -------- d-----w- C:\users\Public\AppData\Local\temp
2013-07-06 14:10:40 -------- d-----w- C:\users\Gast\AppData\Local\temp
2013-07-06 14:10:40 -------- d-----w- C:\users\Default\AppData\Local\temp
2013-07-06 14:10:40 -------- d-----w- C:\users\Default User\AppData\Local\temp
2013-07-04 16:49:20 -------- d-----w- C:\users\Kerstin\AppData\Local\Livedrive
2013-07-04 14:55:58 -------- d-----w- C:\users\Kerstin\AppData\Local\Cloudly
2013-06-23 10:40:37 -------- d-sh--w- C:\users\Kerstin\AppData\Roaming\wyUpdate AU
2013-06-23 10:40:30 -------- d-----w- C:\users\Kerstin\AppData\Roaming\Cyberduck
2013-06-10 09:58:25 D85F8F74CAA3CD4658E510EA39476BBF 132 ----a-w- C:\users\Kerstin\AppData\Roaming\Adobe CS6-GIF-Format - Voreinstellungen
2013-06-06 15:39:12 -------- d-----w- C:\users\Kerstin\AppData\Local\IsolatedStorage
2013-06-06 15:39:10 -------- d-----w- C:\users\Kerstin\AppData\Local\MEDION
====== C:\Users\Kerstin ======
2013-07-06 14:10:40 -------- d-----w- C:\Users\Public\AppData
2013-07-06 12:38:12 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 ----a-w- C:\Users\Administrator\Desktop\adwcleaner.exe
2013-07-06 12:38:12 09A3F926C400C29B3CF04FD15A0D8DEA 545954 ----a-w- C:\Users\Administrator\Desktop\JRT.exe
2013-07-06 12:35:42 09A3F926C400C29B3CF04FD15A0D8DEA 545954 ----a-w- C:\Users\Kerstin\Desktop\JRT.exe
2013-07-06 12:35:20 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 ----a-w- C:\Users\Kerstin\Desktop\adwcleaner.exe
2013-07-06 10:50:30 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Administrator\Desktop\TFC.exe
2013-07-06 10:46:24 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Kerstin\Desktop\TFC.exe
2013-07-06 10:37:17 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
2013-07-06 08:39:40 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Kerstin\defogger_reenable
2013-07-06 08:38:44 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Kerstin\Desktop\gmer_2.1.19163.exe
2013-07-06 08:37:42 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Kerstin\Desktop\OTL.exe
2013-07-06 08:37:42 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Administrator\Desktop\OTL.exe
2013-07-06 08:37:20 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Kerstin\Desktop\Defogger.exe
2013-07-04 17:09:54 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive
2013-07-04 16:47:43 E22B1CF5388C88774BB9122F5CF76256 11283608 ----a-w- C:\Users\Kerstin\Downloads\Livedrive-Setup.exe
2013-06-29 19:49:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StatsPrime
2013-06-29 19:46:37 EA63985CB4E06EC5DA440CE7ADBE62EE 17236797 ----a-w- C:\Users\Kerstin\Downloads\StatsPrimeInstallerWin.exe
2013-06-23 10:40:49 -------- d-sh--w- C:\Users\Kerstin\wc
2013-06-23 10:40:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2013-06-23 10:37:11 158F9FFBB3717270469E31C5B344330B 15320336 ----a-w- C:\Users\Kerstin\Downloads\cyberduck-installer-4.3.1.exe
2013-06-17 13:37:39 -------- d-----w- C:\ProgramData\RedGiant
====== C: exe-files ==
2013-07-06 12:44:39 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\JRT\erunt\ERUNT.EXE
2013-07-06 12:38:12 1078C8BD8C62CF4DEE6FE1058C3D56A7 650027 ----a-w- C:\Users\Administrator\Desktop\adwcleaner.exe
2013-07-06 12:38:12 09A3F926C400C29B3CF04FD15A0D8DEA 545954 ----a-w- C:\Users\Administrator\Desktop\JRT.exe
2013-07-06 10:50:30 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\Administrator\Desktop\TFC.exe
2013-07-06 10:37:17 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
2013-07-06 08:37:42 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Administrator\Desktop\OTL.exe
=== C: other files ==
2013-07-06 12:44:37 E4B95882FB080670179EA3605395889B 29803 ----a-w- C:\JRT\iexplore.bat
2013-07-06 12:44:37 C0C9EBB0F67894B294057F8DFD982FB7 224236 ----a-w- C:\JRT\firefox.bat
2013-07-06 12:44:37 BC6829679AE4DF51BA5F2B6DF9C0BAFC 14243 ----a-w- C:\JRT\medfos.bat
2013-07-06 12:44:37 9EE3D7F3A45E24135711E9CBA48DC54F 11837 ----a-w- C:\JRT\JRT.bat
2013-07-06 12:44:37 892B8347BAF133646A19D3B90928AE86 15542 ----a-w- C:\JRT\chrome.bat
2013-07-06 12:44:37 833D69BA76F526DF45C9BEA1A92DC82B 29565 ----a-w- C:\JRT\prelim.bat
2013-07-06 12:44:37 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\JRT\ev_clear.bat
2013-07-06 12:44:37 6AFF3EA276AA312EFBB29BA0D5D2A85A 9763 ----a-w- C:\JRT\modules.bat
2013-07-06 12:44:37 63FEB4EAF9E8C709C3B3470BC40E3EF8 37373 ----a-w- C:\JRT\ask.bat
2013-07-06 12:44:37 620AD0970CC18D799A357D5B9C797F31 5379 ----a-w- C:\JRT\runvalues.bat
2013-07-06 12:44:37 44E5FFC65156A594FCD57D13A7546046 14028 ----a-w- C:\JRT\get.bat
2013-07-06 12:44:37 357F4F46BA2ADE86E2084DE3EC219A18 13025 ----a-w- C:\JRT\searchlnk.bat
2013-07-06 12:44:37 33A0F7BBDF15B84FB01A361D09F54DFE 1825 ----a-w- C:\JRT\delfolders.bat
2013-07-06 12:44:37 31D9F977B48014E79CC35A98D324B16A 1256 ----a-w- C:\JRT\FWPolicy.bat
2013-07-06 12:44:37 296AEB5FF1159F45030514E8C1751368 81579 ----a-w- C:\JRT\misc.bat
2013-07-06 12:44:37 1EE55AF77826E0E6F89A0ED6278E2C35 1040 ----a-w- C:\JRT\TDL4.bat
2013-07-05 09:36:48 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat
2013-06-29 19:48:20 6405CFBF797F900863FDE940898472EF 67 ----a-w- C:\Program Files (x86)\StatsPrime\Win\StartStatsPrime_32bit.bat
2013-06-29 19:48:20 46AB3A9159F18E2B0986855683F7E637 64 ----a-w- C:\Program Files (x86)\StatsPrime\Win\StartStatsPrime_64bit.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-3988861487-35324134-1556422857-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Livedrive"="C:\Program Files (x86)\Livedrive\Livedrive.exe /setup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Livedrive"="C:\Program Files (x86)\Livedrive\Livedrive.exe /setup"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeAAMUpdater-1.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeAAMUpdater-1.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\UpdaterStartupUtility.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS4ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS4ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS5ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS5ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS5ServiceManager\\CS5ServiceManager.exe\" -launchedbylogin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeCS6ServiceManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\CS6ServiceManager\\CS6ServiceManager.exe\" -launchedbylogin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgnt"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avgnt.exe\" /min"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupServiceHome3Run]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackupServiceHome3Run"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Alexosoft\\Backup Service Home 3\\Alexosoft.BackupService.MainApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAHeadless]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAHeadless"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Adobe\\Elements 10 Organizer\\CAHeadless\\ElementsAutoAnalyzer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CorelCorelDRAW10 Reminder]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CorelCorelDRAW10 Reminder"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Corel\\Graphics10\\Register\\NAVBrowser.exe\" /r /i \"C:\\Program Files (x86)\\Corel\\Graphics10\\Register\\NavLoad.ini\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleDriveSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDriveSync"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\Drive\\googledrivesync.exe\" /autostart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Malwarebytes' Anti-Malware"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaSuite.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NokiaSuite.exe"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Nokia\\Nokia Suite\\NokiaSuite.exe -tray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\renovator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="renovator"
"hkey"="HKCU"
"command"="C:\\Users\\Kerstin\\AppData\\Roaming\\Google Inc.\\{34C3EB87-470F-435D-BE9B-36F652F592C9}\\renovator.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SwitchBoard]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SwitchBoard"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Adobe\\SwitchBoard\\SwitchBoard.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VideoWebCamera]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VideoWebCamera"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\VideoWebCamera\\VideoWebCamera.exe\" -a"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Windows Mobile Device Center"
"hkey"="HKLM"
"command"="%windir%\\WindowsMobile\\wmdc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\a2AntiMalware]
==== Startup Folders ======================
2012-10-12 09:58:18 1136 ----a-w- C:\users\Kerstin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
2010-12-07 11:19:08 2340 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10.01.2013 15:48]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fb19xjq8.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
ProfilePath: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default
- EPUBReader - %ProfilePath%\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
- AlertBox - %ProfilePath%\extensions\alertbox@ajitk.com.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Kerstin\AppData\Roaming\Mozilla\Firefox\Profiles\fux0b7u5.default
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://qip.ru"
"Search Page"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://qip.ru"
"Default_Search_URL"="hxxp://search.qip.ru"
"Search Bar"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://search.qip.ru/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://qip.ru"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== HijackThis Entries ======================
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setup
O4 - Startup: Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7620\Launcher.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files (x86)\Spyder3Express\Spyder3Express\Utility\Spyder3Utility.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Livedrive VSS Service (LivedriveVSSService) - Unknown owner - C:\Program Files (x86)\Livedrive\VSSService.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: Wacom Professional Touch Service (TouchServiceWacom) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kerstin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Kerstin\AppData\Local\Mozilla\Firefox\Profiles\fux0b7u5.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Kerstin\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 06.07.2013 at 17:07:37,03 ======================
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by Kerstin on 06.07.2013 at 16:32:45,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Kerstin\appdata\local\software"
~~~ FireFox
Successfully deleted the following from C:\Users\Kerstin\AppData\Roaming\mozilla\firefox\profiles\fux0b7u5.default\prefs.js
user_pref("extensions.jid1-TEQTMbfVuFXLfg@jetpack.install-event-fired", true);
Emptied folder: C:\Users\Kerstin\AppData\Roaming\mozilla\firefox\profiles\fux0b7u5.default\minidumps [91 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.07.2013 at 16:41:30,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
06.07.2013, 16:17
| #14 |
| /// Malwareteam / Visitor | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? Bemerkst Du momentan noch einige Probleme? Downloade Dir bitte  SecurityCheck und:
|
|
06.07.2013, 16:36
| #15 |
| | Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? ich habe eher das Gefühl die Hälfte meiner Festplatte wurde gelöscht, soviel wie scheinbar unnütze Einträge in den logs aufgetaucht sind  Irgendwie fühlt es sich so an, als hätte ich jetzt mehr Platz auf der Platte auch das Programm hat er anstandslos ausgeführt Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Emsisoft Anti-Malware Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spyder3Express Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 10 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.7.700.224 Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Geändert von moniet (06.07.2013 um 16:55 Uhr) |
|
| Themen zu Syphunter 4 ausgeführt - wie kriege ich ihn wieder los? |
| adware, anti, beendet, deinstallation, ebenfalls, einfach, firefox, geschichte, gesucht, internet, internetverbindung, logfiles, nicht mehr, ordner, programm, programme, rechner, save as dealfinder, systemsteuerung, verbindung, zuviel |
Textbox.
WARNUNG an die MITLESER: 
Linear-Darstellung
