| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2012, 13:51
| #1 |
 |  Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Wie ich gesehen habe, ist das Problem hier nicht mehr neu. ich habe also auf meinem Rechner den folgenden Hinweis bekommen: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block  Das ist natürlich Quatsch. Wie in vergleichbaren Fällen hier im Forum habe ich nund die Logt, welche nur im Abgesicherten Modus machbar waren nachfolgend angehängt: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 mmartini :: MMARTINI-PC [Administrator] 22.07.2012 12:29:05 mbam-log-2012-07-22 (12-29-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 877184 Laufzeit: 1 Stunde(n), 45 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL Extras logfile created on: 22.07.2012 14:30:50 - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 74,79% Memory free
16,00 Gb Paging File | 14,43 Gb Available in Paging File | 90,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 332,90 Gb Free Space | 71,49% Space Free | Partition Type: NTFS
Drive E: | 1,87 Gb Total Space | 0,10 Gb Free Space | 5,23% Space Free | Partition Type: FAT
Drive F: | 14,89 Gb Total Space | 12,12 Gb Free Space | 81,35% Space Free | Partition Type: FAT32
Drive G: | 1,87 Gb Total Space | 0,44 Gb Free Space | 23,76% Space Free | Partition Type: FAT
Computer Name: MMARTINI-PC | User Name: mmartini | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08ED16EA-F712-4095-96BE-63B03CD292C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F4CAAC6-D022-4DBB-A6DA-E663CA90BE98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13CB0472-13E4-4AC3-BAA8-BFB49D216CE1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1BFDFD9B-EE16-4D8C-BAD4-BE44FB101077}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D70605E-83B3-48D6-BBC4-AD450669E35E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A56124B-DF22-453A-B645-4C220181B732}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32976EA4-5BE4-4688-939D-D5B42E0FF2E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{51807E6E-1970-492A-A066-3EDECB47970A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59E57115-4317-4C98-B893-50292268CFEF}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F8CEEE6-3A8A-4E89-8258-BBB966F9BF19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{663E820C-E3B4-46FD-A3A2-EA74D9AB53F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{68B2FA51-3FE2-4186-983A-A11530B194EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74C2AC9A-A8FD-4781-932D-5708148E5BC6}" = lport=445 | protocol=6 | dir=in | app=system |
"{7D0FF046-9E44-48A3-831F-F81069B02596}" = lport=10243 | protocol=6 | dir=in | app=system |
"{85D487F8-3D03-4758-93E4-1F76C65C4EC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{896D4D7D-29E1-47A0-B338-6A9F1AD58B91}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8C9BC057-8848-4A1A-8233-F72DFBF384EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{8EEDF5EF-E888-41BC-B280-291ED83C0CB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0296E20-6430-41A4-80E6-6BF41162FA89}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A87B7F06-5D9E-4904-9AE3-125166B0334F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9ADD313-9E76-4F4E-B33F-104D996CC1C4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B24A45E0-897A-4B18-8386-F0BC17193F44}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C1D01CF8-DC3D-42FF-97F3-4FE92D377AA4}" = rport=139 | protocol=6 | dir=out | app=system |
"{E3FB2FB1-1098-43AE-87B0-BC61F3C89F11}" = lport=138 | protocol=17 | dir=in | app=system |
"{EB828CFB-7F22-4FFF-B697-67C02A3DAE4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F3451412-8041-4553-9F31-60733E7AA547}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1107F0C8-AF92-4E19-863B-F1472C4B0EAE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{239F6CB1-236E-443C-AE4F-9CCFEBC51EC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24A143AB-F009-4C73-97EA-57DDE9CD0746}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{24E7745F-5463-431C-B360-E8D81F9531BF}" = protocol=6 | dir=out | app=system |
"{3057CA19-4B1A-483D-B31B-175D09541303}" = protocol=17 | dir=in | app=c:\users\mmartini\appdata\local\apps\2.0\rbwwqpyx.nhh\good6xgc.9ew\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{32F03718-E3AB-44BD-8AEE-06D1E8EC7399}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{35FE83B0-E0D5-4453-B58E-CD6E7021FC1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{474D656D-FF28-4C1F-A954-40F5F65CA83F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{545787B5-8493-495F-9399-FACB721F8893}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D6989BB-5883-4935-BD35-DEF00B4BA8BB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{66DDC2B5-8866-4DC5-83E4-7BD88EFF33D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{691FF0D9-6E10-47BA-B060-CDD152A3213A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E168F57-36F4-488A-912F-82719F8D8719}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9323AFC0-21EC-4F04-85A5-0F757A48492C}" = protocol=6 | dir=in | app=c:\users\mmartini\appdata\local\apps\2.0\rbwwqpyx.nhh\good6xgc.9ew\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{9583644A-B360-43BE-9126-C69DA581E6C4}" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\apps\2.0\plz4b6zc.jvm\xpooc3bg.370\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{9F0033FC-D11F-4D09-850D-F2342ABDAB4D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A645C568-DF48-479B-A70A-4E2E1AC6527D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABCB3DA9-1FAA-4C09-A4A2-062C24994E00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B44A5D36-34D8-4D80-B9E5-30D2D67D5319}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BA17CB12-8882-44FE-A555-5F604B95F833}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BC111CDD-976F-49AC-8886-E687F3CA9BD8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BC57FD60-433F-4C4F-AE99-D4E533014BC9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C500888F-E9F9-495B-A6D1-BFD124E37252}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9DDFC34-982A-4772-B915-C5D165E4C56C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4CB2CB3-42F5-4BBE-8EFB-7BE31E0CA428}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FCB58ECA-B3E9-4537-A0F3-5437EEFF6649}" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\apps\2.0\plz4b6zc.jvm\xpooc3bg.370\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{FF8F3509-5C9C-4BB4-AACD-D64B316DD666}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FFA33C50-987E-4499-8C10-C5A7F30DF053}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{018ABFF3-A300-44E5-9372-1D5A2710B38E}E:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=e:\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{28E97A83-C3F1-4435-8EED-7A7EED80C56A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{3338640F-C527-4A18-B265-3D0CC89405DB}C:\program files (x86)\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4\flashbuilder.exe |
"TCP Query User{374F9889-AD7D-4B5F-8BCC-225CBC65F718}C:\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\apache\bin\httpd.exe |
"TCP Query User{4E06C051-879F-44D2-B161-00BD04591CF1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{643F1076-C5CE-47AB-99C0-6A3624A147DC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{74425683-2A84-4DE9-BCD1-394AF653EBA4}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{9DE0C77E-AA89-41B0-A03E-A0239FA9EE24}\\mmartini-pc\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=\\mmartini-pc\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\apache\bin\httpd.exe |
"TCP Query User{A0A39261-380A-4BE9-AA29-CF63C2FDF336}C:\users\markus\appdata\local\apps\2.0\plz4b6zc.jvm\xpooc3bg.370\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\apps\2.0\plz4b6zc.jvm\xpooc3bg.370\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"TCP Query User{A9A8D5C2-36D9-4EB1-81F4-67551E36613E}C:\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\mysql\bin\mysqld.exe |
"TCP Query User{B63A25B0-F46D-49A7-9223-E86B68BAFB10}E:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{C38054D5-8366-43D5-BC1B-C4E746C1912F}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{D9DE47AB-72C9-4ECC-8EE8-3409F75FF3C3}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{E985B41F-C334-4766-A1E0-1F7C4E175492}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{EFA960C9-1B50-4152-A1F1-AF51AAAE38E2}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{008B50E1-8DB9-4F9F-9BB6-EA13772A2730}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0BFEBA4F-71BF-4466-AA46-CADB235853BB}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{19B7780C-FBEE-4849-BE29-437AE66F6075}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{246CEFC9-1A3A-47DB-9D94-147489AA22FD}C:\users\markus\appdata\local\apps\2.0\plz4b6zc.jvm\xpooc3bg.370\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\apps\2.0\plz4b6zc.jvm\xpooc3bg.370\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"UDP Query User{3C50A0C0-DF1B-44D3-BC26-A75209C5C51E}C:\program files (x86)\adobe\adobe flash builder 4\flashbuilder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4\flashbuilder.exe |
"UDP Query User{56CE3F1C-A530-45B8-B103-BBECF325372D}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{72050356-5E3F-4F10-BBBD-23B0FE4BEC34}C:\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\mysql\bin\mysqld.exe |
"UDP Query User{939CD290-2AAD-4AD6-9B3E-0DF3775FBA9C}E:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=e:\xampp\xampp\apache\bin\httpd.exe |
"UDP Query User{986DFCCC-1747-413C-9CE5-A5F389CCB329}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{9BE4EDB5-DF1E-438A-9EDB-A727E8EB22D0}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B12214FD-53A4-4BDE-9385-3F10A37BFC15}C:\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\apache\bin\httpd.exe |
"UDP Query User{D2B01A80-5F6B-4061-AAF2-39ED48AEA47F}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{D5F6E75D-6B4F-48A7-9166-2B072748398D}E:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{E2F824D3-2F0A-4CFE-8E0D-45E4355C01A3}\\mmartini-pc\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=\\mmartini-pc\users\mmartini\documents\gemeinsam\homepage\xampp-win32-1.7.3\xampp\apache\bin\httpd.exe |
"UDP Query User{F983B295-5D71-46E5-9BE4-5867C5775E47}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A65343E-A598-49BA-BB4B-D320F7370B6D}" = Adobe Creative Suite 5 Master Collection
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EA5CC76-8B4D-407B-87F4-DB052978D8A7}" = Adobe Setup
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9307988-3EA8-415E-A91E-0EB1FBF439DA}" = Adobe After Effects CS4 Third Party Content
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B3A9F2C2-380D-92AD-1548-5C0038CB5FE1}" = Market Samurai
"{B5FCBF46-D2DA-455C-8AB1-148181AEBA14}" = Adobe After Effects CS4
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF801913-15B4-4B6C-9FF0-987EF271435A}" = Adobe Premiere Pro CS4 Third Party Content
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45B21D2-1ABA-46C4-A226-722DC28EAAC4}" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E528A747-DC66-4FD4-AB53-110D024561CC}" = Adobe Premiere Pro CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EEEEAE12-EDED-44B7-ADA8-127CB40A5F5D}" = NVIDIA Design Garage
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 SmartFax" = 1&1 SmartFax
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1b5a11fde44351ae0f4c7fd0e4daadc" = Premiere Pro CS4 and After Effects CS4, 32-bit support for CS5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ElsterFormular für Unternehmer 12.1.1.6214u" = ElsterFormular für Unternehmer
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Supersonic Sled" = NVIDIA Supersonic Sled demo
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.08.2011 12:34:20 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Adobe\adobe
media encoder cs5\PhotoshopServer.exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files\Adobe\adobe media encoder cs5\PhotoshopServer.exe" in Zeile 2.
Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 26.08.2011 08:32:58 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 26.08.2011 08:32:58 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 26.08.2011 10:58:35 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
(x86)\Adobe\acrobat 9.0\designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 26.08.2011 11:00:06 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Adobe\adobe
media encoder cs5\PhotoshopServer.exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files\Adobe\adobe media encoder cs5\PhotoshopServer.exe" in Zeile 2.
Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 26.08.2011 12:42:13 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 26.08.2011 12:42:13 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27.08.2011 06:27:27 | Computer Name = mmartini-PC | Source = Application Hang | ID = 1002
Description = Programm Fireworks.exe, Version 11.0.0.484 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8a4 Startzeit:
01cc64a39a3be67c Endzeit: 12 Anwendungspfad: C:\Program Files (x86)\Adobe\Adobe Fireworks
CS5\Fireworks.exe Berichts-ID:
Error - 27.08.2011 06:32:07 | Computer Name = mmartini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fireworks.exe, Version: 11.0.0.484,
Zeitstempel: 0x4bb074c9 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e211319 Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b9bc ID des fehlerhaften
Prozesses: 0xf78 Startzeit der fehlerhaften Anwendung: 0x01cc64a4041f239c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe Fireworks CS5\Fireworks.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: cfced08c-d097-11e0-957a-485b39efcbc0
Error - 27.08.2011 11:21:05 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 27.08.2011 11:21:05 | Computer Name = mmartini-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ Media Center Events ]
Error - 12.02.2012 04:43:54 | Computer Name = mmartini-PC | Source = MCUpdate | ID = 0
Description = 09:43:47 - Fehler beim Herstellen der Internetverbindung. 09:43:47
- Serververbindung konnte nicht hergestellt werden..
Error - 12.02.2012 05:43:59 | Computer Name = mmartini-PC | Source = MCUpdate | ID = 0
Description = 10:43:58 - Fehler beim Herstellen der Internetverbindung. 10:43:58
- Serververbindung konnte nicht hergestellt werden..
Error - 05.03.2012 17:52:18 | Computer Name = mmartini-PC | Source = MCUpdate | ID = 0
Description = 22:52:18 - Fehler beim Herstellen der Internetverbindung. 22:52:18
- Serververbindung konnte nicht hergestellt werden..
Error - 05.03.2012 17:52:26 | Computer Name = mmartini-PC | Source = MCUpdate | ID = 0
Description = 22:52:23 - Fehler beim Herstellen der Internetverbindung. 22:52:23
- Serververbindung konnte nicht hergestellt werden..
Error - 05.03.2012 18:52:31 | Computer Name = mmartini-PC | Source = MCUpdate | ID = 0
Description = 23:52:31 - Fehler beim Herstellen der Internetverbindung. 23:52:31
- Serververbindung konnte nicht hergestellt werden..
Error - 05.03.2012 18:52:37 | Computer Name = mmartini-PC | Source = MCUpdate | ID = 0
Description = 23:52:36 - Fehler beim Herstellen der Internetverbindung. 23:52:36
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 22.07.2012 06:21:41 | Computer Name = mmartini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 06:21:45 | Computer Name = mmartini-PC | Source = DCOM | ID = 10005
Description =
Error - 22.07.2012 06:21:45 | Computer Name = mmartini-PC | Source = DCOM | ID = 10005
Description =
Error - 22.07.2012 06:21:46 | Computer Name = mmartini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 06:21:46 | Computer Name = mmartini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 06:21:46 | Computer Name = mmartini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 06:21:46 | Computer Name = mmartini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 06:21:46 | Computer Name = mmartini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 06:21:46 | Computer Name = mmartini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 22.07.2012 06:22:23 | Computer Name = mmartini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Code:
ATTFilter OTL logfile created on: 22.07.2012 14:30:50 - Run 3 OTL by OldTimer - Version 3.2.54.0 Folder = G:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 74,79% Memory free 16,00 Gb Paging File | 14,43 Gb Available in Paging File | 90,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 332,90 Gb Free Space | 71,49% Space Free | Partition Type: NTFS Drive E: | 1,87 Gb Total Space | 0,10 Gb Free Space | 5,23% Space Free | Partition Type: FAT Drive F: | 14,89 Gb Total Space | 12,12 Gb Free Space | 81,35% Space Free | Partition Type: FAT32 Drive G: | 1,87 Gb Total Space | 0,44 Gb Free Space | 23,76% Space Free | Partition Type: FAT Computer Name: MMARTINI-PC | User Name: mmartini | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avmaudio) -- C:\Windows\SysNative\drivers\avmaudio.sys (AVM Berlin) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 48 A4 59 C1 59 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{E083E8E8-FE87-4e9f-BCE0-CAA2F44E3FE6}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{F6ECCF0F-05D3-47e4-BF23-05E2AEFE758B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.startup.homepage: "hxxp://typo3.p117137.mittwaldserver.info/typo3/index.php|hxxp://www.1-liga.de/typo3/index.php|hxxp://www.auf-pfoten.de/home.html|hxxp://www.traum-projekt.com/forum/112-typo3/75384-typo3-formularfelder-und-css.html|hxxp://typo3.org/documentation/document-library/extension-manuals/powermail/1.5.3/view/1/12/|hxxp://www.heilbronn-seo.de/optimierung-oder-gleich-ein-neues-design/|hxxp://www.profi-ranking.de/suchmaschinenoptimierung/keyword-recherche/|hxxp://www.brave-hunde.de/pagerank.html|hxxp://siteexplorer.search.yahoo.com/de/siteexplorer/search?p=http%3A%2F%2Fwww.brave-hunde.de&bwm=i&bwmf=u&bwms=p&fr=yfp-t-708&fr2=seo-rd-se" FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1 FF - prefs.js..extensions.enabledItems: webrank-toolbar@probcomp.com:4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.04.28 19:22:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Users\markus\AppData\Local\Mozilla Firefox\components [2012.07.21 17:09:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Users\markus\AppData\Local\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.03 16:38:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.22 17:42:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.01 10:25:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.01 10:25:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.01 10:25:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.01 10:25:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.01 10:25:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.10.06 01:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmartini\AppData\Roaming\mozilla\Extensions [2010.10.06 01:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmartini\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.01 11:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmartini\AppData\Roaming\mozilla\Firefox\Profiles\m2gane3a.default\extensions [2011.01.23 17:11:15 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\mmartini\AppData\Roaming\mozilla\Firefox\Profiles\m2gane3a.default\extensions\firebug@software.joehewitt.com [2011.01.23 17:11:19 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\mmartini\AppData\Roaming\mozilla\Firefox\Profiles\m2gane3a.default\extensions\webrank-toolbar@probcomp.com [2012.06.09 14:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.07 12:19:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.11 13:11:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.02 00:54:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.03 10:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.06.09 14:34:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012.04.28 19:22:34 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9} [2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.06.29 16:19:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\mmartini\AppData\Local\Apps\2.0\RBWWQPYX.NHH\GOOD6XGC.9EW\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\mmartini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{216E3E0C-7723-44EA-AC94-968A3EA44C15}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.12 00:42:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.12 00:42:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.12 00:42:11 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.12 00:42:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.12 00:42:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.12 00:42:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.12 00:42:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.12 00:42:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.12 00:42:09 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.12 00:42:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.12 00:42:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.12 00:42:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.12 00:42:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 22:30:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 22:30:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 22:30:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 22:30:43 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.11 22:30:43 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.04 19:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.07.04 19:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.07.04 19:53:33 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.07.04 19:53:33 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.07.04 19:53:33 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.07.04 19:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.07.04 19:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.07.01 10:31:08 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.01 10:24:09 | 018,358,744 | ---- | C] (Mozilla) -- C:\Users\mmartini\Desktop\Thunderbird Setup 13.0.1.exe [2012.06.29 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai [2012.06.29 16:42:09 | 000,000,000 | ---D | C] -- C:\Users\mmartini\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2012.06.29 16:21:44 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.29 16:19:35 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.06.29 15:14:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.29 15:14:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.29 15:14:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.29 15:13:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.29 15:11:34 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\mmartini\Desktop\ComboFix.exe [2012.06.29 15:03:15 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.27 20:10:23 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\mmartini\Desktop\OTL.exe [2012.06.22 18:26:56 | 000,000,000 | ---D | C] -- C:\Users\mmartini\AppData\Local\Macromedia [2012.06.22 17:58:40 | 000,000,000 | ---D | C] -- C:\Users\mmartini\Desktop\edv [2012.06.22 17:45:17 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2012.06.22 15:46:44 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.22 15:46:44 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.22 15:46:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.22 15:46:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.22 15:46:35 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.22 15:46:34 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.22 15:46:28 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.22 15:46:22 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.22 15:46:21 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.22 15:37:47 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.22 15:37:47 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.22 15:37:47 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.22 15:37:20 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.22 15:37:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.22 15:37:20 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.22 15:37:04 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.22 15:37:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe ========== Files - Modified Within 30 Days ========== [2012.07.22 12:25:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.22 12:25:55 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.22 12:25:55 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.22 12:25:55 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.22 12:25:55 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.22 12:25:46 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.22 12:18:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.22 12:18:42 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys [2012.07.22 12:16:16 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat [2012.07.22 11:43:50 | 000,015,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 11:43:50 | 000,015,328 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 11:29:41 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.12 21:53:45 | 005,015,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.12 00:15:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.12 00:15:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.04 19:54:21 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.01 10:46:58 | 000,349,184 | ---- | M] () -- C:\Users\mmartini\Documents\new.msam [2012.07.01 10:25:36 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.07.01 10:24:40 | 018,358,744 | ---- | M] (Mozilla) -- C:\Users\mmartini\Desktop\Thunderbird Setup 13.0.1.exe [2012.06.29 18:41:56 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk [2012.06.29 16:19:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.29 15:11:55 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\mmartini\Desktop\ComboFix.exe [2012.06.27 20:10:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\mmartini\Desktop\OTL.exe ========== Files Created - No Company Name ========== [2012.07.22 12:16:16 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat [2012.07.04 19:54:21 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.01 10:25:36 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.06.29 18:41:56 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk [2012.06.29 18:41:56 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk [2012.06.29 16:47:33 | 000,349,184 | ---- | C] () -- C:\Users\mmartini\Documents\new.msam [2012.06.29 15:14:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.29 15:14:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.29 15:14:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.29 15:14:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.29 15:14:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.12.20 15:03:09 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.12.20 15:03:09 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2010.10.09 01:38:12 | 000,001,456 | ---- | C] () -- C:\Users\mmartini\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.09.25 21:00:09 | 000,000,132 | ---- | C] () -- C:\Users\mmartini\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.09.21 23:11:26 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.09.21 23:11:26 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.09.21 23:11:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.09.21 23:11:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.09.21 22:44:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.09.21 22:44:51 | 000,023,167 | ---- | C] () -- C:\Windows\Ascd_tmp.ini < End of report > |
|
22.07.2012, 23:00
| #2 |
| /// Helfer-Team  | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E083E8E8-FE87-4e9f-BCE0-CAA2F44E3FE6}: "URL" = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{F6ECCF0F-05D3-47e4-BF23-05E2AEFE758B}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: webrank-toolbar@probcomp.com:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\mmartini\AppData\Local\Apps\2.0\RBWWQPYX.NHH\GOOD6XGC.9EW\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - Startup: C:\Users\mmartini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
[2012.07.04 19:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.07.22 11:29:41 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.29 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2012.06.29 18:41:56 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2012.06.29 18:41:56 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2012.06.29 18:41:56 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2012.06.29 15:14:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.29 15:14:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.29 15:14:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.29 15:14:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.29 15:14:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
:Files
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
23.07.2012, 21:26
| #3 |
| | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Danke für die Hilfe
__________________Hier der Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Service IJPLMSVC stopped successfully!
Service IJPLMSVC deleted successfully!
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}\ deleted successfully.
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E083E8E8-FE87-4e9f-BCE0-CAA2F44E3FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E083E8E8-FE87-4e9f-BCE0-CAA2F44E3FE6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F6ECCF0F-05D3-47e4-BF23-05E2AEFE758B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6ECCF0F-05D3-47e4-BF23-05E2AEFE758B}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Amazon.de" removed from browser.search.selectedEngine
Prefs.js: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 removed from extensions.enabledItems
Prefs.js: firebug@software.joehewitt.com:1.6.1 removed from extensions.enabledItems
Prefs.js: webrank-toolbar@probcomp.com:4.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 removed from extensions.enabledItems
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File move failed. C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Cpu Level Up help deleted successfully.
C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVMUSBFernanschluss deleted successfully.
C:\Users\mmartini\AppData\Local\Apps\2.0\RBWWQPYX.NHH\GOOD6XGC.9EW\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe moved successfully.
C:\Users\mmartini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk moved successfully.
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Program Files (x86)\Market Samurai\theme\module\domains\img folder moved successfully.
C:\Program Files (x86)\Market Samurai\theme\module\domains\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\theme\module\domains\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\theme\module\domains folder moved successfully.
C:\Program Files (x86)\Market Samurai\theme\module folder moved successfully.
C:\Program Files (x86)\Market Samurai\theme folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\seo-competition\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\seo-competition\img folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\seo-competition\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\seo-competition\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\seo-competition\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\seo-competition folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\rank-tracker\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\rank-tracker\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\rank-tracker\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\rank-tracker\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\rank-tracker folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\script\types folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\img\browse folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\img\accounts folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\img folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\html\types\templates folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\html\types folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\css\types folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\publish-content folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\promotion\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\promotion\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\promotion\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\promotion\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\promotion folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\templates folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\script\unittests folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\img\source folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\img\buttons folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\img folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\monetization folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\keyword-research\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\keyword-research\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\keyword-research\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\keyword-research\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\keyword-research folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\find-content\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\find-content\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\find-content\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\find-content\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\find-content folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\domains\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\domains\img folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\domains\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\domains\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\domains\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\module\domains folder moved successfully.
C:\Program Files (x86)\Market Samurai\module folder moved successfully.
C:\Program Files (x86)\Market Samurai\misc\words folder moved successfully.
C:\Program Files (x86)\Market Samurai\misc folder moved successfully.
C:\Program Files (x86)\Market Samurai\META-INF\AIR folder moved successfully.
C:\Program Files (x86)\Market Samurai\META-INF folder moved successfully.
C:\Program Files (x86)\Market Samurai\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script\unittests folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script\underscore folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script\lib folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script\jquery folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script\html\new folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script\editor folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script\air folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\script folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\progress folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\8 folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\64 folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\48 folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\42 folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\32\flags folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\32 folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\20 folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\16\promotion folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\16\monetization folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\16\content folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon\16 folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\icon folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\domains folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img\calculator folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\img folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\html\new folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\html\nag folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\html\edit folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\html\accounts\wizard folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\html\accounts\edit folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\html\accounts folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\css\html\new folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\css\html folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\css\common folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\css\accounts folder moved successfully.
C:\Program Files (x86)\Market Samurai\core\css folder moved successfully.
C:\Program Files (x86)\Market Samurai\core folder moved successfully.
C:\Program Files (x86)\Market Samurai folder moved successfully.
C:\Users\Public\Desktop\Market Samurai.lnk moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk moved successfully.
File C:\Users\Public\Desktop\Market Samurai.lnk not found.
C:\Windows\PEV.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache konnte nicht geleert werden: Beim Ausfhren der Funktion ist ein Fehler aufgetreten.
C:\Users\mmartini\Desktop\cmd.bat deleted successfully.
C:\Users\mmartini\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: markus
->Temp folder emptied: 7460043 bytes
->Temporary Internet Files folder emptied: 150707912 bytes
->Java cache emptied: 38057 bytes
->FireFox cache emptied: 195988465 bytes
->Opera cache emptied: 4775575 bytes
->Flash cache emptied: 57085 bytes
User: mmartini
->Temp folder emptied: 695509 bytes
->Temporary Internet Files folder emptied: 131284142 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8770603 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57085 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4349426 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 481,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: markus
->Flash cache emptied: 0 bytes
User: mmartini
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.53.0 log created on 07232012_221525
Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll scheduled to be moved on reboot.
C:\Users\mmartini\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
[2012.03.26 08:38:51 | 000,349,640 | ---- | M] (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll : MD5=FB1900FCD061E4678D6A8052D83B287B
File C:\Users\mmartini\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
 |
|
23.07.2012, 21:42
| #4 |
| /// Helfer-Team | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
26.07.2012, 20:35
| #5 |
| | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Hi! Ich konnte leider nicht früher antworten. Die Angelegenheit scheint noch nicht behoben. Hier die Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mmartini :: MMARTINI-PC [Administrator] 26.07.2012 18:49:40 mbam-log-2012-07-26 (18-49-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 849450 Laufzeit: 2 Stunde(n), 23 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\markus\AppData\Local\Microsoft\Windows\128\WindowsCodecsExt.exe (Trojan.Agent.3D) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/26/2012 at 21:26:48
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : mmartini - MMARTINI-PC
# Running from : G:\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\markus\AppData\Local\AskToolbar
Folder Found : C:\Users\markus\AppData\LocalLow\AskToolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\mmartini\AppData\Roaming\Mozilla\Firefox\Profiles\m2gane3a.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\pe1zfldd.default\prefs.js
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.startup.homepage", "hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
-\\ Opera v10.63.3516.0
File : C:\Users\mmartini\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\markus\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [3726 octets] - [26/07/2012 21:26:48]
########## EOF - C:\AdwCleaner[R1].txt - [3854 octets] ##########
|
|
26.07.2012, 22:12
| #6 |
| /// Helfer-Team | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block |
|
27.07.2012, 11:45
| #7 |
| | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Hi! So, jetzt habe ich die Logs. Ist da noch was übriggeblieben  Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/27/2012 at 08:57:37
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : mmartini - MMARTINI-PC
# Running from : G:\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\markus\AppData\Local\AskToolbar
Folder Deleted : C:\Users\markus\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\mmartini\AppData\Roaming\Mozilla\Firefox\Profiles\m2gane3a.default\prefs.js
[OK] File is clean.
Profile name : default
File : C:\Users\markus\AppData\Roaming\Mozilla\Firefox\Profiles\pe1zfldd.default\prefs.js
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
-\\ Opera v10.63.3516.0
File : C:\Users\mmartini\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
File : C:\Users\markus\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [3833 octets] - [26/07/2012 21:26:48]
AdwCleaner[S1].txt - [3255 octets] - [27/07/2012 08:57:37]
########## EOF - C:\AdwCleaner[S1].txt - [3383 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.27.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 mmartini :: MMARTINI-PC [Administrator] 27.07.2012 09:04:30 mbam-log-2012-07-27 (09-04-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 849477 Laufzeit: 3 Stunde(n), 27 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
27.07.2012, 11:47
| #8 |
| /// Helfer-Team | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Bitte Emsisoft Scan  http://www.trojaner-board.de/120108-...tml#post875209 |
|
28.07.2012, 17:12
| #9 |
| | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Sorry  leider habe ich doch noch wa gefunden Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 28.07.2012 11:58:07
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 28.07.2012 11:58:59
c:\program files (x86)\phenomedia gefunden: Trace.File.moorfrog 1.0!E1
C:\_OTL\MovedFiles\06292012_150315\C_Users\markus\AppData\Local\{0fb6302a-2cb1-18f6-344f-39d260fffb6a}\U\00000001.@ gefunden: Trojan.Win32.Small!E2
C:\Windows\SysWOW64\fldrv090.ocx gefunden: Trojan.Win32.InfoStealer!E1
C:\Windows\System32\fldrv090.ocx gefunden: Trojan.Win32.InfoStealer!E1
Gescannt 1074631
Gefunden 4
Scan Ende: 28.07.2012 14:56:07
Scan Zeit: 2:57:08
C:\Windows\SysWOW64\fldrv090.ocx Quarantäne Trojan.Win32.InfoStealer!E1
C:\_OTL\MovedFiles\06292012_150315\C_Users\markus\AppData\Local\{0fb6302a-2cb1-18f6-344f-39d260fffb6a}\U\00000001.@ Quarantäne Trojan.Win32.Small!E2
c:\program files (x86)\phenomedia Quarantäne Trace.File.moorfrog 1.0!E1
Quarantäne 3
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 28.07.2012 11:58:07
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 28.07.2012 15:07:01
Gescannt 1074630
Gefunden 0
Scan Ende: 28.07.2012 17:56:45
Scan Zeit: 2:49:44
|
|
28.07.2012, 21:09
| #10 |
| /// Helfer-Team | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
29.07.2012, 12:15
| #11 |
| | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Hi jetzt aber der Log. Es hat eine Zeit gedauert. Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4c8fc566fac5b9478bff5902a3baf91f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-17 10:28:18
# local_time=2012-04-18 12:28:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 185606 71222601 194119 0
# compatibility_mode=5893 16776574 100 94 25008488 86320588 0 0
# compatibility_mode=8192 67108863 100 0 326 326 0 0
# scanned=630727
# found=4
# cleaned=0
# scan_time=10960
C:\Users\markus\AppData\Local\Temp\jar_cache6561176433506254600.tmp probably a variant of Java/Exploit.Agent.FH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\markus\AppData\Local\Temp\jar_cache6715319405032169347.tmp a variant of J2ME/Agent.AA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\markus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\1deb4ad-17be2a30 Java/TrojanDownloader.OpenStream.NBL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\mmartini\Documents\gemeinsam\geschäft\edv etc\x-download-youtube-video2-de.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4c8fc566fac5b9478bff5902a3baf91f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-29 10:46:36
# local_time=2012-07-29 12:46:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2115885 2115885 0 0
# compatibility_mode=5893 16776574 100 94 33858043 95170143 0 0
# compatibility_mode=8192 67108863 100 0 8849881 8849881 0 0
# scanned=1323739
# found=2
# cleaned=2
# scan_time=18503
C:\Users\mmartini\Documents\gemeinsam\geschäft\edv etc\x-download-youtube-video2-de.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\kopie\sicherung\gemeinsam\geschäft\edv etc\x-download-youtube-video2-de.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
29.07.2012, 12:24
| #12 |
| /// Helfer-Team | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
03.08.2012, 17:15
| #13 |
| | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Danke nochmal für die Hilfe. Habe alles so eingestellt.  |
|
03.08.2012, 17:29
| #14 |
| /// Helfer-Team | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Sehr gut! damit bist Du sauber und entlassen!  Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
|
05.08.2012, 13:10
| #15 |
| | Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block Ich war gerade am letzten Punkt angelangt und wollte den cccleaner laufen lassen, da kommen die zwei Meldungen durch Antivir In der Datei 'C:\Users\mmartini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EY1MN09Z\v1element[1].js' wurde ein Virus oder unerwünschtes Programm 'HTML/Silly.Gen' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Users\mmartini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AO5SW3MG\v1element[5].js' wurde ein Virus oder unerwünschtes Programm 'HTML/Silly.Gen' [virus] gefunden. Ausgeführte Aktion: Zugriff verweigern Dann habe ich das Problem, dass auf einem zweiten Rechner die jucheck.exe nicht gefunden wird. Es lief eigentlich immer alles normal, aber als ich die alten java Versionen gelöscht hatte und die neue installiert hatte ging das Update nicht mehr.  |
|
| Themen zu Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block |
| adobe after effects, avira, bho, browser, bundesrepublik, computer, der computer ist für die verletzung, der computer ist für die verletzung der gesetze, desktop, device driver, error, excel, firefox, flash player, helper, heuristiks/extra, heuristiks/shuriken, home, homepage, hängen, iexplore.exe, langs, logfile, microsoft office word, nodrives, nvidia update, pixel, plug-in, problem, programm, registry, richtlinie, scan, searchscopes, security, senden, software, svchost.exe, third party, vdeck.exe, verletzung der gesetze, version. |
Linear-Darstellung
