Okay habe nun alle Schritte aus deinem letzten Post erledigt:
1. Wieder normal gebootet, keine Fehlermeldung bekommen und kein Virussymbol mehr in der Taskleiste - bedeutet das der Virus ist nicht mehr aktiv?
2. AdwCleaner Log: Code:
# AdwCleaner v2.115 - Datei am 01/04/2013 um 17:30:42 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)
# Benutzer : Ole - OLE-PC
# Bootmodus : Normal
# Ausgeführt unter : L:\Virus\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Ole\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16450
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v7.0.1 (de)
Datei : C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\4534wz3c.default\prefs.js
C:\Users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\4534wz3c.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [974 octets] - [01/04/2013 17:30:42]
########## EOF - C:\AdwCleaner[S1].txt - [1033 octets] ##########
3. CombiFix erneut laufen lassen mit folgender Logfile: Code:
ComboFix 13-04-01.01 - Ole 01.04.2013 17:37:31.2.8 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.8104.6350 [GMT 2:00]
ausgeführt von:: c:\users\Ole\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-01 bis 2013-04-01 ))))))))))))))))))))))))))))))
.
.
2013-04-01 15:43 . 2013-04-01 15:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-01 15:43 . 2013-04-01 15:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-21 22:29 . 2013-03-21 22:29 -------- d-----w- c:\users\Ole\AppData\Local\Apps
2013-03-21 22:29 . 2013-03-21 22:29 -------- d-----w- c:\users\Ole\AppData\Local\Deployment
2013-03-12 22:41 . 2013-03-12 22:41 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 19:52 . 2012-04-04 18:13 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 19:52 . 2011-09-03 14:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 18:16 . 2013-02-08 18:16 249856 ------w- c:\windows\Setup1.exe
2013-02-08 18:16 . 2013-02-08 18:16 73216 ----a-w- c:\windows\ST6UNST.EXE
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ole\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ole\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Ole\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-27 39408]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-11-09 1844296]
"Skype"="d:\internettools\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"MsgCenterExe"="d:\audio+video\Real Player\update\RealOneMessageCenter.exe" [2012-09-23 79048]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="d:\office anwendungen\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="d:\virenprogramme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="d:\audio+video\iTunes\iTunesHelper.exe"
"TkBellExe"="d:\audio+video\Real Player\Update\realsched.exe" -osboot
.
R2 SkypeUpdate;Skype Updater;d:\internettools\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-03-11 79360]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-05 27512]
R3 mdf16;mdf16;c:\users\Ole\AppData\Local\Temp\mdf16.sys [x]
R3 mvd23;mvd23;c:\users\Ole\AppData\Local\Temp\mvd23.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-11-05 34160]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-10-15 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-27 270912]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;d:\audio+video\Adobe Photoshop Elements\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AntiVirSchedulerService;Avira Planer;d:\virenprogramme\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\virenprogramme\Tune Up 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\virenprogramme\Tune Up 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:52]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 14:45]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 14:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ole\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ole\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ole\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Ole\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 2345848]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Ole\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Ole\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - d:\office~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - d:\office~1\MSOFFI~1\Office12\EXCEL.EXE/3000
Trusted Zone: fernuni-hagen.de\ca
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ole\AppData\Roaming\Mozilla\Firefox\Profiles\4534wz3c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-01 17:45:32
ComboFix-quarantined-files.txt 2013-04-01 15:45
ComboFix2.txt 2013-04-01 12:28
.
Vor Suchlauf: 10 Verzeichnis(se), 63.864.217.600 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 65.231.572.992 Bytes frei
.
- - End Of File - - B1F55A99D50D92E4F7E722B8FA9F81BB
Nun konnte ich auch die im Forum beschrieben Anfangsschritte nachholen:
1. defogger logfile (es gab keinen neustart und auch keine fehlermeldung aber trotzdem die logfile); den Re-enable Button benutze ich noch nicht, richtig?: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:38 on 01/04/2013 (Ole)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
2. OTL
OTL: Code:
OTL logfile created on: 01.04.2013 16:39:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ole\Desktop\Virus
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,80 Gb Available Physical Memory | 85,88% Memory free
15,83 Gb Paging File | 14,92 Gb Available in Paging File | 94,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 59,45 Gb Free Space | 40,58% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 154,54 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive E: | 229,37 Gb Total Space | 84,85 Gb Free Space | 36,99% Space Free | Partition Type: NTFS
Drive G: | 24,98 Gb Total Space | 10,93 Gb Free Space | 43,74% Space Free | Partition Type: FAT32
Computer Name: OLE-PC | User Name: Ole | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.01 13:55:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ole\Desktop\Virus\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.12 21:52:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Internettools\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.29 19:05:34 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.19 12:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Stopped] -- D:\Virenprogramme\Tune Up 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.08 22:05:12 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- D:\Virenprogramme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 22:05:12 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- D:\Virenprogramme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.11 22:25:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.27 20:53:39 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Office Anwendungen\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.04.16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- D:\Audio+Video\Adobe Photoshop Elements\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.08 22:05:12 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:05:12 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.15 10:53:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.27 11:35:11 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 19:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.03 18:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.04.16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.11.05 22:46:22 | 000,027,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009.11.05 22:35:45 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009.10.22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008.05.14 12:55:38 | 000,327,456 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008.05.14 12:55:37 | 000,650,272 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV - [2012.09.19 11:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- D:\Virenprogramme\Tune Up 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 A6 8B E4 17 76 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deDE446
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Internettools\Java\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Audio+Video\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Audio+Video\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\OFFICE~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\OFFICE~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: D:\Audio+Video\Real Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: D:\Audio+Video\Real Player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: D:\Audio+Video\Real Player\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Office Anwendungen\Adobe Reader\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Internettools\Firefox\components [2013.03.11 15:28:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\Internettools\Firefox\components [2013.03.11 15:28:22 | 000,000,000 | ---D | M]
[2011.10.19 19:39:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Extensions
[2012.12.11 23:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\4534wz3c.default\extensions
[2012.02.14 12:25:37 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Ole\AppData\Roaming\mozilla\Firefox\Profiles\4534wz3c.default\extensions\piclens@cooliris.com
[2012.12.11 23:56:03 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Ole\AppData\Roaming\mozilla\firefox\profiles\4534wz3c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
O1 HOSTS File: ([2013.04.01 14:25:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Internettools\Java\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Office Anwendungen\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Internettools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Office Anwendungen\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\Audio+Video\Terratec\THCDeskBand.dll (TerraTec Electronic GmbH)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] D:\Virenprogramme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] D:\Office Anwendungen\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsgCenterExe] D:\Audio+Video\Real Player\update\RealOneMessageCenter.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Ole\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ole\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Office Anwendungen\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\OFFICE~1\MSOFFI~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ole\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ole\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Office Anwendungen\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\OFFICE~1\MSOFFI~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Internettools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Internettools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fernuni-hagen.de ([ca] https in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B71B7A6-AD5D-414E-8BF4-1AA3080B386F}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F53570B0-F6F3-4E12-9668-756B6CBA4474}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Internettools\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Office Anwendungen\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.01 14:28:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.01 14:17:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.01 14:17:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.01 14:17:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.01 14:16:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.01 14:16:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.01 14:15:22 | 005,046,324 | ---- | C] (Swearware) -- C:\Users\Ole\Desktop\ComboFix.exe
[2013.04.01 14:00:29 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\Virus
[2013.04.01 13:12:19 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus
[2013.04.01 12:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{3011C56F-B87F-49B0-9909-DF941C2E11B0}
[2013.03.31 23:23:13 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{7B931F7A-34CD-4E0B-9E50-344E197623C4}
[2013.03.31 19:24:03 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\Partnerbilder
[2013.03.31 17:14:49 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\Torsten Toeller
[2013.03.31 11:30:29 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\AW AW Sportwelt Info
[2013.03.31 11:22:53 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{2890D3E8-EE8D-4EF3-87AF-890135F44DE7}
[2013.03.30 11:37:58 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{B5EA6C9C-FF12-4A83-A921-A178EE1C4AE3}
[2013.03.29 17:36:55 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{87C623C5-E2EB-471B-BDD4-E7117F8E161B}
[2013.03.28 21:14:23 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{AB96F993-DB5B-45A8-ADE3-9E6BEC6B3E34}
[2013.03.27 19:48:42 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{2DB63A87-3985-4A1D-9B3E-D42A9199540D}
[2013.03.26 21:56:58 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{30D2E904-4471-4C93-87A6-DA23DC9DF7B1}
[2013.03.25 13:36:53 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{B6E72732-32FF-4BFE-B9C1-A0D7C0D1229C}
[2013.03.25 02:10:29 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\Brinckmann Logos
[2013.03.25 01:36:42 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{012B002A-496D-47B0-9E9D-03081E8FB6E7}
[2013.03.24 13:36:31 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{8F36D082-2868-40CC-851F-E121426D5CF9}
[2013.03.23 19:53:49 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{642DBE53-5D76-47E9-BD92-82B37E32B0EA}
[2013.03.22 22:06:51 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\Fitting Guides - Fitting Sheets
[2013.03.22 21:32:45 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{059496A4-1F03-402E-8B68-F90F93C67F4E}
[2013.03.22 00:29:49 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\Apps
[2013.03.22 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\Deployment
[2013.03.21 23:38:37 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{24810B66-C6BF-478B-88C7-1A06B383CD2F}
[2013.03.20 12:04:01 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{44054CE6-D1F6-4401-9F6C-1674089DF3C6}
[2013.03.18 19:41:33 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{23A208D3-FFBF-4F9C-8E9D-0FC46F5115F9}
[2013.03.17 20:28:02 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{594B5FDC-D7A4-408A-AFE4-3B8327BD7711}
[2013.03.16 16:10:29 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{38407220-4B7B-4602-8052-03DF67E0E63C}
[2013.03.15 22:31:24 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{1B15EFBD-CBCF-4567-BF63-4F708A6EC71F}
[2013.03.15 18:31:46 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{0E47E821-9D4B-40A7-AAB4-943092EA7262}
[2013.03.14 23:18:48 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{E275B7B2-239A-418B-9D62-654542667CE1}
[2013.03.13 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{5C8D0EDD-4F1D-4A3D-B91A-9BB5392FE015}
[2013.03.13 00:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.03.12 20:37:17 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{76DB9398-8B61-48F5-89B9-7141422DC802}
[2013.03.11 11:49:33 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{363F684D-D898-45F8-BB26-D2461F105974}
[2013.03.10 21:33:45 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{5348F32C-EA9A-4169-804C-A68F003762CC}
[2013.03.10 01:49:20 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\schafttabelle
[2013.03.09 20:54:44 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{8FC8E391-3C86-42F1-8529-56553E44D231}
[2013.03.08 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{C3A8062D-D98C-4A25-9ABC-9786F69640C8}
[2013.03.07 22:06:40 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{D0E59F55-6599-4441-AF7B-1C2F3F74799A}
[2013.03.07 10:06:16 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{AD6AD91D-7673-451E-AB51-34F1E0F5D7B1}
[2013.03.06 19:12:09 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{27A4F161-5F91-4236-BD0A-F54D76F2DB12}
[2013.03.05 21:57:11 | 000,000,000 | ---D | C] -- C:\Users\Ole\Desktop\VIP
[2013.03.05 20:11:35 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{AD41A21A-8520-479F-8E57-A9EC969C9544}
[2013.03.04 21:05:56 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{89BF89DB-D11D-4A72-941E-1790B7FF8F08}
[2013.03.04 01:33:15 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{DB083A09-DA65-4384-AE6A-54C945438427}
[2013.03.03 13:31:33 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{CC614473-5281-4816-BADB-877AC2D7FEA1}
[2013.03.02 18:33:12 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{E7CD4F74-ED0B-4F5C-A47C-77F0C98D1A0A}
[2013.03.02 17:02:47 | 000,000,000 | ---D | C] -- C:\Users\Ole\AppData\Local\{D4F1647A-47BA-415F-B879-9E3DEBD075A4}
========== Files - Modified Within 30 Days ==========
[2013.04.01 16:38:33 | 000,000,000 | ---- | M] () -- C:\Users\Ole\defogger_reenable
[2013.04.01 14:25:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.01 14:17:04 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.01 14:17:04 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.01 14:17:04 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.01 14:17:04 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.01 14:17:04 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 14:13:52 | 005,046,324 | ---- | M] (Swearware) -- C:\Users\Ole\Desktop\ComboFix.exe
[2013.04.01 14:12:47 | 000,357,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.01 14:12:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 14:12:33 | 2078,158,847 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 13:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 13:33:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.01 13:05:22 | 000,003,853 | ---- | M] () -- C:\Users\Ole\Desktop\out.bin
[2013.03.31 19:33:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.31 11:38:03 | 000,165,055 | ---- | M] () -- C:\Users\Ole\Desktop\EXECUTIVE HEADCOVER hole in 1.pdf
[2013.03.27 22:28:00 | 000,001,009 | ---- | M] () -- C:\Users\Ole\Desktop\Dropbox.lnk
[2013.03.25 22:54:38 | 000,065,404 | ---- | M] () -- C:\Users\Ole\Desktop\Punktspiele 2013 1.Herren + 2.Herren - Tabellenblatt1.pdf
[2013.03.21 23:43:46 | 000,019,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.21 23:43:46 | 000,019,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 00:41:40 | 000,001,179 | ---- | M] () -- C:\Users\Ole\Desktop\Free YouTube to MP3 Converter.lnk
[2013.03.11 08:00:00 | 000,509,064 | ---- | M] () -- C:\Users\Ole\Desktop\Foto 1.JPG
========== Files Created - No Company Name ==========
[2013.04.01 16:38:33 | 000,000,000 | ---- | C] () -- C:\Users\Ole\defogger_reenable
[2013.04.01 14:17:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.01 14:17:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.01 14:17:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.01 14:17:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.01 14:17:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.01 13:05:22 | 000,003,853 | ---- | C] () -- C:\Users\Ole\Desktop\out.bin
[2013.03.31 11:38:02 | 000,165,055 | ---- | C] () -- C:\Users\Ole\Desktop\EXECUTIVE HEADCOVER hole in 1.pdf
[2013.03.25 22:54:38 | 000,065,404 | ---- | C] () -- C:\Users\Ole\Desktop\Punktspiele 2013 1.Herren + 2.Herren - Tabellenblatt1.pdf
[2013.03.14 01:13:41 | 000,509,064 | ---- | C] () -- C:\Users\Ole\Desktop\Foto 1.JPG
[2012.10.12 23:36:02 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.24 18:00:51 | 000,016,384 | ---- | C] () -- C:\Users\Ole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.10.25 17:14:52 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.10.25 17:14:52 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.09.04 19:45:27 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.11.26 20:48:29 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Auslogics
[2012.11.30 00:57:35 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\BOM
[2011.09.14 21:26:23 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Canon
[2011.08.27 11:36:59 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\DAEMON Tools Lite
[2013.04.01 12:12:35 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Dropbox
[2013.03.13 00:41:39 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\DVDVideoSoft
[2011.12.24 17:52:28 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.07 01:13:57 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Enenv
[2012.12.05 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\GHISLER
[2012.11.07 23:15:30 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Irxyew
[2011.11.23 00:25:25 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\libimobiledevice
[2011.11.23 00:24:45 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\mediAvatar
[2013.02.28 09:20:38 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Oribry
[2011.11.29 18:47:22 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Samsung
[2012.03.02 00:02:59 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Software4u
[2011.11.29 18:48:39 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Temp
[2012.04.09 23:19:52 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\TerraTec
[2012.11.06 00:56:35 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\TuneUp Software
[2012.11.06 00:48:50 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Ufsulo
[2012.11.25 18:51:32 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\uTorrent
[2011.09.04 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Windows Live Writer
[2013.02.25 12:19:44 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Woxa
[2013.02.28 01:40:49 | 000,000,000 | ---D | M] -- C:\Users\Ole\AppData\Roaming\Zogeet
========== Purity Check ==========
< End of report >
Extra: Code:
OTL Extras logfile created on: 01.04.2013 16:39:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ole\Desktop\Virus
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,80 Gb Available Physical Memory | 85,88% Memory free
15,83 Gb Paging File | 14,92 Gb Available in Paging File | 94,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 59,45 Gb Free Space | 40,58% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 154,54 Gb Free Space | 79,13% Space Free | Partition Type: NTFS
Drive E: | 229,37 Gb Total Space | 84,85 Gb Free Space | 36,99% Space Free | Partition Type: NTFS
Drive G: | 24,98 Gb Total Space | 10,93 Gb Free Space | 43,74% Space Free | Partition Type: FAT32
Computer Name: OLE-PC | User Name: Ole | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office Anwendungen\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Audio+Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Audio+Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Office Anwendungen\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Audio+Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Audio+Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D063DF-F9A1-42F5-A989-5375015F0ECC}" = rport=137 | protocol=17 | dir=out | app=system |
"{09A7D422-B1A1-4018-8951-CE6C23EA16F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{0BCF6BF6-6D7A-4B4A-BC09-8BADCBA26DF6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C9A0418-6521-488D-8BB6-718338978DA2}" = rport=139 | protocol=6 | dir=out | app=system |
"{242A184E-6DED-4C88-B1FB-B786D6009805}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B552CCA-0471-4933-9912-0CC07AB8E976}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2E22FB5F-6C10-4383-A504-604D40ABC89C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F450579-143F-49DC-BC10-C567718415A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{43E86DB7-29BF-4C31-954A-06063F46261E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5111193D-7684-474C-A99A-9079A0405F5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{593B57BB-BFF3-47B8-AFC9-B82A8B20C8BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6418B27B-6C48-4FE2-B4D6-51D36D469B76}" = lport=138 | protocol=17 | dir=in | app=system |
"{7EB3BA5A-B1AA-45D6-81BE-863C42DE1C28}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{846221D5-61C7-4939-B6D4-FEFF4A36E2F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{848EA69A-082A-4F29-B67B-9C3CC1406A13}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8C21B7AD-F989-4BE4-B791-00208CADE9E6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C08C2EDD-8609-4FC7-B53F-42408BDCC5CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C58924E2-6A8C-4A79-BD9F-5F280D9B545A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D103C1C7-F4AE-4654-95EE-8A037AFA7518}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DD3EBF69-F2B8-4EA2-81E2-D635234FE2E5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8AE6C8B-5733-4E47-A0B3-240EEC45CB98}" = lport=139 | protocol=6 | dir=in | app=system |
"{F54FD533-5CF4-4C46-A04C-4013C449D70A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F76F24A1-A2F5-413F-A646-E56FCB364F6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05EBAA20-1290-4CC7-9B79-0EA543152140}" = protocol=6 | dir=in | app=c:\users\ole\appdata\roaming\dropbox\bin\dropbox.exe |
"{1DF172E4-FF1F-43F8-8D48-8B6704831F88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27EEA9E9-AE70-4D75-82B1-E36868E2F792}" = protocol=17 | dir=in | app=d:\audio+video\terratec\cinergydvr.exe |
"{31929520-312C-44C6-9FF2-073814CC9B95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3529606D-E11E-4774-B9DB-A3084DD0CF9B}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe |
"{35ADD0CF-EF4F-421E-ABD4-BE6FD77460E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{364D560B-DAE7-4D6A-A4B5-C8C12F60A93F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F2869A4-EFF7-4649-B591-57BD2984C934}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4243B30A-BE20-4B82-82A7-28C3621C409C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4ACBA43E-0E2D-4BFF-BD81-BB552B2D8308}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4C9E98D7-6A37-49D8-AA34-00C323A06330}" = protocol=17 | dir=in | app=d:\office anwendungen\microsoft office\office14\groove.exe |
"{4F79F558-4673-48DC-9E85-2597CB875A83}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5BBB0D3C-B60C-4B28-A10B-A9D0E418FAB9}" = protocol=6 | dir=in | app=d:\office anwendungen\microsoft office\office14\groove.exe |
"{60778BC4-C664-4B31-92B9-E741720AD5CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{614C4BBE-F024-4FD1-B8D7-C56E120BF9CC}" = protocol=17 | dir=in | app=d:\office anwendungen\idevice manager\software4u.idevicemanager.exe |
"{65651349-D0FB-4A9C-8CE3-0CF3A55B6189}" = protocol=17 | dir=in | app=d:\audio+video\terratec\tvtvsetup\tvtv_wizard.exe |
"{6C63FA99-5708-4166-9D01-E0E15D2E6AA2}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe |
"{7298E492-8E93-41F9-9952-5F28B89B7ADC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7CA54282-9857-44E4-9D01-010675B66E8C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E5CCFFE-152A-4224-ADE9-BD8BF44F6739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7FE10012-6A3B-4097-BA15-0FFFDE16E055}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80E3D1F0-6D3D-44EE-82A9-0AF20368F667}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82957835-8C66-4DD5-A2D1-90A26F62DCF6}" = protocol=17 | dir=in | app=c:\users\ole\appdata\roaming\dropbox\bin\dropbox.exe |
"{84106890-4A4D-4845-90E7-6CDE3CF1EFA1}" = protocol=6 | dir=in | app=d:\audio+video\terratec\cinergydvr.exe |
"{89BEF94B-33A9-4DF9-9A0C-A5F29AC6183B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8E192D82-B3D7-4051-9684-F357EDBABCD9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{934B4B67-7F6A-44A8-93E6-B12D25571965}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{93DB2DAE-1F17-4DB8-B7D5-F30C4BC21034}" = protocol=17 | dir=in | app=d:\audio+video\terratec\insttool.exe |
"{99DECFA5-35D8-4E77-98F6-DAE5D873772A}" = protocol=6 | dir=in | app=d:\office anwendungen\idevice manager\software4u.idevicemanager.exe |
"{9ED7A143-490F-4884-837C-F27999A1E838}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AAED7D5A-C86A-49F3-8089-7D933F6C78EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3DDB3B8-18E4-45D0-B827-43DF3F738501}" = protocol=6 | dir=out | app=system |
"{B473DC5D-DBDC-445C-A56C-1439E8D814D1}" = protocol=6 | dir=in | app=d:\audio+video\terratec\insttool.exe |
"{C0BF60E6-BA2E-406E-889F-C7686C6FB311}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0CE90EA-668B-48F3-BFE9-BC53977A22F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3242671-9E6C-40AF-86F0-895C4F216AAD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C3DF970E-929D-4EEF-B2B8-45148B8B355E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\phillipio@gmx.net\counter-strike\hl.exe |
"{C7530232-6721-47F3-B638-883629EA8490}" = protocol=6 | dir=in | app=d:\audio+video\terratec\versioncheck\versioncheck.exe |
"{D0DE6815-D2B7-44DE-AB86-4A33F1C75C68}" = dir=in | app=d:\internettools\skype\phone\skype.exe |
"{D3A1395C-1843-4376-8DBB-B63CB22E0FB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFECD10C-A78A-44BE-936B-6C2AF04A20FF}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\phillipio@gmx.net\counter-strike\hl.exe |
"{E71D9B96-FABB-4108-9FE3-8B5EBE1D3E65}" = protocol=17 | dir=in | app=d:\audio+video\terratec\versioncheck\versioncheck.exe |
"{EE167228-E089-474B-8CE6-4A6F6C23E694}" = dir=in | app=d:\audio+video\itunes\itunes.exe |
"{F33E8E49-6CFF-4E3F-BBB4-521902BF6020}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F45136AA-5D54-46EC-9B3B-1A634EAC54A3}" = protocol=6 | dir=in | app=d:\audio+video\terratec\tvtvsetup\tvtv_wizard.exe |
"{FB7E4F76-CA89-46A4-A1B2-018B680AA3E3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCFA3192-9DF3-4CFE-9BEE-D8AB3E372E78}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FDF26A1C-80CC-49BF-81BF-B34AB00F92A5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{25FC522D-DD41-420C-B5A5-BEB7C5BF39B9}D:\audio+video\real player\realplay.exe" = protocol=6 | dir=in | app=d:\audio+video\real player\realplay.exe |
"TCP Query User{319A9BDB-C2EF-40D8-A592-20D9583339C6}D:\office anwendungen\spss 19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\office anwendungen\spss 19\jre\bin\javaw.exe |
"TCP Query User{457ACCD9-F66C-4FE3-BAFC-D5874F21F8CE}D:\office anwendungen\spss 19\stats.exe" = protocol=6 | dir=in | app=d:\office anwendungen\spss 19\stats.exe |
"TCP Query User{57123DC1-5312-4015-A0B7-402C0E1244C2}D:\games\cs lanversion\hl.exe" = protocol=6 | dir=in | app=d:\games\cs lanversion\hl.exe |
"TCP Query User{6F67489E-CEE4-4289-81D6-0C43EB481021}C:\users\ole\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\ole\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{74D64FCD-E3AA-4667-8EEB-23AA9C8C119F}C:\users\ole\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\ole\desktop\utorrent.exe |
"TCP Query User{921274AA-F6D0-471C-9358-734CDCC4A1D1}D:\games\cs lanversion\hl.exe" = protocol=6 | dir=in | app=d:\games\cs lanversion\hl.exe |
"TCP Query User{97C7BE52-57FB-44D0-A05F-C0649B3ECEAC}D:\games\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\games\fifa 12\game\fifa.exe |
"TCP Query User{9F76B493-A058-471D-9BF4-C3C8DAB3CEBB}D:\office anwendungen\spss 19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\office anwendungen\spss 19\jre\bin\javaw.exe |
"TCP Query User{DB1332D7-984E-468A-A30C-8EF5CCEB5434}D:\office anwendungen\spss 19\stats.exe" = protocol=6 | dir=in | app=d:\office anwendungen\spss 19\stats.exe |
"UDP Query User{11F1C8EC-95F6-4159-A703-5B9D1D8507D3}C:\users\ole\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\ole\desktop\utorrent.exe |
"UDP Query User{558768D7-0C78-48D4-82B1-ECC65BC1A8C9}D:\games\cs lanversion\hl.exe" = protocol=17 | dir=in | app=d:\games\cs lanversion\hl.exe |
"UDP Query User{61A638B6-29C2-4008-8D95-2166991CA487}D:\games\cs lanversion\hl.exe" = protocol=17 | dir=in | app=d:\games\cs lanversion\hl.exe |
"UDP Query User{69BDCA66-7FA5-46B3-B833-98857C3763E3}C:\users\ole\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\ole\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{79FE5CCA-0D0C-4E0E-9D0F-65560D7C3E49}D:\office anwendungen\spss 19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\office anwendungen\spss 19\jre\bin\javaw.exe |
"UDP Query User{7C38C974-E1B5-484C-9A10-BD36191C2120}D:\audio+video\real player\realplay.exe" = protocol=17 | dir=in | app=d:\audio+video\real player\realplay.exe |
"UDP Query User{8D5E50F4-83BC-4E4E-AE30-2026D49380BC}D:\office anwendungen\spss 19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\office anwendungen\spss 19\jre\bin\javaw.exe |
"UDP Query User{96E7F7C2-72FA-4015-AA11-9B7589040281}D:\games\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\games\fifa 12\game\fifa.exe |
"UDP Query User{AE6BA1A5-2E18-4C36-B5BA-7E448D0B33AB}D:\office anwendungen\spss 19\stats.exe" = protocol=17 | dir=in | app=d:\office anwendungen\spss 19\stats.exe |
"UDP Query User{FC924CF3-5AA4-4AFE-A25E-84D5A770D8E9}D:\office anwendungen\spss 19\stats.exe" = protocol=17 | dir=in | app=d:\office anwendungen\spss 19\stats.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{5EBE0F1F-45DF-4298-AC6B-E8E54EAEC834}" = Microsoft IntelliPoint 7.1
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"268AA50CD86B9702EA8CB6F7585AE1204E9A2B80" = Windows-Treiberpaket - zebris CDM Driver Package (05/10/2010 3.02.00)
"B82BAB0C822511A374CEAF0A51E33A61D5325EB9" = Windows-Treiberpaket - zebris CDM Driver Package (05/10/2010 3.02.00)
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.1.0 (64-bit)
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 12 DEMO
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CloneDVD2" = CloneDVD2
"Counter-Strike 1.6" = Counter-Strike 1.6
"cSwing2010" = cSwing 2010
"DAEMON Tools Lite" = DAEMON Tools Lite
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"SAM BalanceLab 2" = SAM BalanceLab 2
"SAM PuttLab 2010" = SAM PuttLab 2010
"ST6UNST #1" = Shaft Profiling System
"Steam App 10" = Counter-Strike
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 09.08.2012 16:38:33 | Computer Name = Ole-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 01.04.2013 10:32:11 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:34:17 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:34:17 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:34:17 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:39:17 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:39:17 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:39:17 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:41:25 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:41:25 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 01.04.2013 10:41:25 | Computer Name = Ole-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
3. Gmer (es kann keine "Warning" Meldung): Code:
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-01 17:25:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547564A9E384 rev.JEDOA60A 596,17GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Ole\AppData\Local\Temp\uwldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076872da4 5 bytes JMP 0000000172019ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007688cbf3 5 bytes JMP 000000017216902e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007688cfca 5 bytes JMP 0000000171f71893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000768acb0c 3 bytes JMP 0000000172168fc9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!DialogBoxParamA + 4 00000000768acb10 1 byte [FB]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000768ace64 3 bytes JMP 0000000172169093
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA + 4 00000000768ace68 1 byte [FB]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000768bfbd1 5 bytes JMP 0000000172168f50
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000768bfc9d 5 bytes JMP 0000000172168ed7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000768bfcd6 5 bytes JMP 0000000172168e73
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000768bfcfa 5 bytes JMP 0000000172168e0f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076e793ec 5 bytes JMP 0000000172169248
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777c1465 2 bytes [7C, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777c14bb 2 bytes [7C, 77]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073fb388e 5 bytes JMP 00000001721690f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000074057922 5 bytes JMP 00000001721691a0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2000] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000767e2694 5 bytes JMP 0000000172169440
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000778225fd 6 bytes JMP 0000000172038042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077832a63 6 bytes JMP 0000000171fd980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000764c34b5 5 bytes JMP 0000000171fd75e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076868a29 5 bytes JMP 00000001720403cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007686d22e 5 bytes JMP 0000000171fe3643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076872da4 5 bytes JMP 0000000172019ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076876285 5 bytes JMP 0000000172037fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076877603 5 bytes JMP 00000001720125b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007688cbf3 5 bytes JMP 000000017216902e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007688cfca 5 bytes JMP 0000000171f71893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007688f52b 5 bytes JMP 000000017205ed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 00000000768acb0c 3 bytes JMP 0000000172168fc9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!DialogBoxParamA + 4 00000000768acb10 1 byte [FB]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 00000000768ace64 3 bytes JMP 0000000172169093
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA + 4 00000000768ace68 1 byte [FB]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000768bfbd1 5 bytes JMP 0000000172168f50
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000768bfc9d 5 bytes JMP 0000000172168ed7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000768bfcd6 5 bytes JMP 0000000172168e73
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000768bfcfa 5 bytes JMP 0000000172168e0f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000753a6143 5 bytes JMP 00000001721697fc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076e13e59 5 bytes JMP 00000001721698f4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076e13eae 5 bytes JMP 0000000172169972
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000076e14731 5 bytes JMP 0000000172169866
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000076e15dee 5 bytes JMP 0000000172169912
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000076e793ec 5 bytes JMP 0000000172169248
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000777c1465 2 bytes [7C, 77]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777c14bb 2 bytes [7C, 77]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheetW 0000000073fb388e 5 bytes JMP 00000001721690f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll!PropertySheet 0000000074057922 5 bytes JMP 00000001721691a0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[1680] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000767e2694 5 bytes JMP 0000000172169440
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1188:796] 000007fef68d9688
---- EOF - GMER 2.1 ----
Ich hoffe ich konnte alles richtig machen?
Viele Dank für den tollen Support!! |
Bitte lesen:
AdwCleaner auf deinen Desktop.
SecurityCheck und:
