| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.01.2013, 08:44
| #1 |
 |  GVU-Trojaner Hallo, ich habe mir den GVU-Trojaner eingefangen. Bin dann nach einem Neustart in den abgesicherten Modus und erst mal auf einen Systemwiederherstellungspunkt einen Tag vorher. Hier die Logs von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.26.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: MICROSTAR-*** [Administrator] 26.01.2013 18:08:19 mbam-log-2013-01-26 (18-08-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 742509 Laufzeit: 8 Stunde(n), 32 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\Software\TimeSink, Inc. (AdWare.TimeSink) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\TimeSink, Inc. (AdWare.TimeSink) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 9 C:\Program Files\TimeSink (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Ads (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***(AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Users (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Users\*** (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 16 C:\Users\***\AppData\Local\Temp\Temp1_iepv.zip\iepv.exe (PUP.PSW.Passview) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Local\Temp\Temp2_ACDSee_3.1_build_921_by_Lash.zip\KeyPatch.exe (Hacktool.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\Temp1_ACDSee_3.1_build_921_by_Lash.zip\KeyPatch.exe (Hacktool.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\Temp3_ACDSee_3.1_build_921_by_Lash.zip\KeyPatch.exe (Hacktool.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Done.cdb (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Done.idx (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Done1.cdb (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Done1.idx (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Pending.cdb (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Pending.idx (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Pending1.cdb (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Profiles\CuteFTP\***\GlobalSCAPE\Pending1.idx (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Users\***\Sched.cdb (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Users\***\Sched.idx (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Users\***\Sched1.cdb (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\TimeSink\AdGateway\Users\***\Sched1.idx (AdWare.Cydoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 27.01.2013 08:10:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 28,02% Memory free 6,72 Gb Paging File | 3,40 Gb Available in Paging File | 50,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,51 Gb Total Space | 638,52 Gb Free Space | 68,55% Space Free | Partition Type: NTFS Drive D: | 445,75 Gb Total Space | 51,25 Gb Free Space | 11,50% Space Free | Partition Type: NTFS Drive E: | 19,99 Gb Total Space | 16,27 Gb Free Space | 81,36% Space Free | Partition Type: FAT32 Drive F: | 549,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MICROSTAR-*** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Programme\TechSmith\Jing\Jing.exe (TechSmith Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Programme\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) PRC - C:\Programme\Windows Home Server\WHSTrayApp.exe (Microsoft Corporation) PRC - C:\Programme\Windows Home Server\WHSConnector.exe (Microsoft Corporation) PRC - C:\Programme\Windows Home Server\esClient.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) PRC - C:\Programme\Duden\Duden Korrektor\DKCore.exe (Expert System S.p.A.) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - C:\Programme\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Programme\Belkin\Switch2\Switch2.exe (Belkin Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\987dffa60dbf86bde2495e89d2195a84\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\a5cb85e04e47ce01706356092b954f90\CPKTMusicPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\c2022b09b43c9482bbeba266d6df9171\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\2cec10bd5078131e49e5c8f22a870822\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\48bf3a1d960e0f7ebc48ff01e497e239\System.Runtime.Remoting.ni.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wcore13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wgui13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wkont13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsguiwinapi48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wfabu13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wauff13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wimp13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wfvie13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wwerb13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\whau213.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wbae113.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wbae313.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wbae413.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\whau113.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wbae213.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wreli13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\wsteu13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rscorewinapi48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () MOD - C:\Programme\WISO\Steuersoftware 2013\wmain13.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsodbc48.dll () MOD - C:\Programme\WISO\Steuersoftware 2013\rsdcom48.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\ec290c9ab9e1bb9f083ba3090bd1cf70\BusinessLayer.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\c3f80c44ecbd7ea5ef47bedf435c59fc\Microsoft.Office.Interop.Outlook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\bd79065f7d7c5aa927a770d3983e775d\Microsoft.Interop.Mapi.Impl.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\ba62c63cafede6d5193d66eb168b344f\Microsoft.Interop.Mapi.PropTags.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\f7ce7fb928574c6948304b4bf5d14edc\BCMRes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\office\da52581c2872e807f53aa9c37c1d22bb\office.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\2d11cf84a89b2904404a3bda7cbafae4\stdole.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\d1aeb66d31f3bc0b39f67917591c3c80\Microsoft.Interop.Mapi.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\8ab62700d598d6b4988feed4983124e6\BCMCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\57b7eb9291d0c8676734b2b4ab2984f7\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\8dea73b3a5ee331e2436dac6908e85ec\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\3a3abe3267021d15d3c6a5e5b2b1a466\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\309c155b063b6f94b19ce0f3b5e09070\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\d33fae6c2084e76943468f092880f2db\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\08578175d4ae37994f236fea2f31680e\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\9f5ea83c96866be89b738b1beafd4dfc\PodcastService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\397f6171cd6092a623f26c351380c201\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2cd48f0f5f4d025def9265b492fd6ded\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\2d4b558da2bda3f725b4e1116824109d\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\bc70491c65d9f172be3fc4571ab0337c\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\629108be62672fffad17d42bb62bbe90\EBookManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\625cf2f6d8887890630e6b548cccdb4e\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\9e8de971d0dc3071378a923df5d3c8a5\AllShareController.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\36e46ebe1c2d6d45eb0f5272bc4b9a24\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7945d0bd1d2b9a98e720ac90a2d8b78a\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\58f0b876c44331535102ecb13046865f\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\f8c8f34f4703169ec8ef159f4a3eff05\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\90cc995f77a271d561151f78245b4e40\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd56370080ab6286570e2c8c346b0411\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8e5c3adf19721d0ee8a6367ab350b60b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\67bd718f57274aa0419ba68e71344d5c\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7be67032ebb8fa32963b8abe350ee793\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\41e1f83e1b967aab636e08f4e978a059\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\055fbb8ac8719c694d9764e826646296\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\49c62033a5c8e5c0ff62f9807726d840\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\80a06208211ff5efdfc5dcb170bd92d7\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\b2991e7347afcb391a714b60ebf7fdff\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\1ea9d4d50c7fdf418de5c801ed76701d\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\d30bde27733b5d6f3ea6a0786a5d84d5\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\5911766cf78c9ff4b4b89dcd0d2f3899\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\fcaa070e943747cf6625e4464df9094f\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\900f7fa1a61e5780777f6fdfc78756bc\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\dd6c740085ff9051f0b9d7aec72f889f\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0d8a6c359208a783ffc5c2209d02cd3c\ICSharpCode.SharpZipLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\93470ab38b698c2e4b1fdcf3bd557593\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7b108f87a4091fc8bbb6aec2106675ae\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\2d61609a7f09305ef6e384741c3e863c\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\bde0a08409a14b6a69cd682699202e53\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\e844539aa6207846bc7cf281379e4b1b\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\088676cc322e339363b855b240aa1105\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\2710d983065221697dbb75e958f97984\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\6a53b5a77f0dc62c4d3ee8acb210da85\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6acf0e9a\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9d2b89dd\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d0382af8\system.xml.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_27b2c437\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a91890e4\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\FileZilla Client\fzshellext.dll () MOD - C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.dll () MOD - C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll () MOD - C:\Windows\assembly\GAC_32\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils\3.0.0.0__31bf3856ad364e35\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.dll () MOD - C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll () MOD - C:\Programme\Microsoft Office\Office12\ADDINS\ColleagueImport.dll () MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll () MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll () MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll () MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll () MOD - C:\Programme\Duden\Duden Korrektor\libxml2.dll () MOD - C:\Programme\Duden\Duden Korrektor\zlib1.dll () MOD - C:\Programme\GlobalSCAPE\CuteFTP\CuteShell.dll () ========== Services (SafeList) ========== SRV - (Terioaosbdyx) -- File not found SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Sony Ericsson PCCompanion) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (arXfrSvc) -- C:\Programme\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) SRV - (WHSConnector) -- C:\Programme\Windows Home Server\WHSConnector.exe (Microsoft Corporation) SRV - (esClient) -- C:\Programme\Windows Home Server\esClient.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AdobeVersionCue) -- C:\Programme\Adobe\Adobe Version Cue\service\VersionCue.exe (Adobe Sytems) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (BackupReader) -- C:\Windows\System32\drivers\BackupReader.sys (Microsoft Corporation) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo) DRV - (MosIrUsb) -- C:\Windows\System32\drivers\MosIrUsb.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (TACXDEV) -- C:\Windows\System32\drivers\I-magic.sys () DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (stusb2ir) -- C:\Windows\System32\drivers\stusb2ir.sys () DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\SearchScopes\{05C72334-11F3-4e9f-8740-98128F52EFB9}: "URL" = hxxp://search.ie7pro.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz= IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-150735292-161998131-4274805051-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.13 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.26 19:27:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.17 16:09:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.17 16:09:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.26 19:27:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.09.18 09:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.01.20 16:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p09u3l38.default\extensions [2010.08.02 22:05:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p09u3l38.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.01.20 16:25:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p09u3l38.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.12 20:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.09.18 09:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org [2012.04.15 11:36:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.15 11:35:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.15 11:35:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.15 11:35:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.15 11:35:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.15 11:35:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.15 11:35:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKU\S-1-5-18..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Jing] C:\Programme\TechSmith\Jing\Jing.exe (TechSmith Corporation) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Polar Sync] File not found O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch2.lnk = C:\Users\***\AppData\Roaming\Microsoft\Installer\{067B5E9A-A4BA-4BF2-AFF2-6D5414B2E88A}\NewShortcut1_067B5E9AA4BA4BF2AFF26D5414B2E88A.exe (Macrovision Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-150735292-161998131-4274805051-1002\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/28.25/uploader2.cab (UploadListView Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1224422808 (Image Uploader Control) O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=20080128-1 (Image Uploader Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=20080125-1 (Image Uploader Control) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E865C40C-7EBF-408B-8FC5-05172921AA53} https://***.homeserver.com/Remote/Microsoft.HomeServer.RichUpload.cab (Microsoft.HomeServer.RichUpload.UploadControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FCC0AC7-5F06-4FA9-9A90-24ACA883FDFC}: DhcpNameServer = 10.74.83.22 193.254.160.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2FCF1A8-E9D1-4F58-AEBE-0B518D946348}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.11.01 20:00:00 | 000,000,052 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{4118b0b3-bbe6-11dc-99fc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4118b0b3-bbe6-11dc-99fc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2012.11.01 20:00:00 | 000,087,704 | R--- | M] () O33 - MountPoints2\{4118b0b4-bbe6-11dc-99fc-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4118b0b4-bbe6-11dc-99fc-806e6f6e6963}\Shell\AutoRun\command - "" = G:\start.exe /auto O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.26 18:07:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.01.26 18:07:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.01.26 18:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.26 18:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.26 18:07:07 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.26 18:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.20 17:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2013 [2013.01.17 16:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.17 16:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.17 16:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.17 16:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.01.17 16:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.17 16:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.27 07:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 07:47:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 07:43:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.26 21:44:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.26 18:07:35 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.01.26 17:59:56 | 000,000,964 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.26 17:59:37 | 000,000,950 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [2013.01.26 17:56:28 | 000,149,965 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.01.26 17:56:27 | 000,149,965 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.01.26 17:56:24 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switch2.lnk [2013.01.26 17:43:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.26 17:43:08 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys [2013.01.26 17:31:59 | 095,023,320 | ---- | M] () -- C:\ProgramData\02Pv3XC.pad [2013.01.25 08:23:53 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.01.20 18:09:42 | 000,000,962 | ---- | M] () -- C:\Windows\wiso.ini [2013.01.20 17:38:27 | 000,001,898 | ---- | M] () -- C:\Users\***\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.01.20 17:19:12 | 000,001,912 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2013.01.20 17:19:12 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.01.17 22:55:25 | 000,000,211 | ---- | M] () -- C:\Users\***\Desktop\My Withings.url [2013.01.17 16:22:19 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.17 16:04:57 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2013.01.17 05:56:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.17 05:56:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.26 17:43:08 | 3488,931,840 | -HS- | C] () -- C:\hiberfil.sys [2013.01.26 17:19:15 | 095,023,320 | ---- | C] () -- C:\ProgramData\02Pv3XC.pad [2013.01.20 17:38:27 | 000,001,898 | ---- | C] () -- C:\Users\***\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.01.20 17:19:12 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2013.lnk [2013.01.17 16:22:19 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.04.30 21:51:15 | 285,815,514 | ---- | C] () -- C:\Users\***\VN860083.MP3 [2012.03.18 18:40:59 | 000,003,657 | ---- | C] () -- C:\Users\***\Wichtiger Hinweis zu Ihrem Zertifikat_ElsterOnline2.html [2012.03.18 18:36:56 | 000,010,231 | ---- | C] () -- C:\Users\***\SIC_2012_***s_sebu84_elster_2048_Kopie.pfx [2011.12.05 00:06:04 | 000,000,032 | ---- | C] () -- C:\Users\***\.simfy [2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.02.22 17:58:05 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.10.16 21:58:42 | 000,149,965 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.10.16 19:35:03 | 000,149,965 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.10.06 20:04:54 | 004,189,465 | ---- | C] () -- C:\Users\***\Sicherung_2010_10_06.zip [2010.01.02 14:06:40 | 000,038,445 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2009.07.28 19:33:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.04.06 11:59:41 | 000,010,599 | ---- | C] () -- C:\Users\***\***s_sebu84_elster_2048.pfx [2008.12.10 17:59:47 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.03.15 21:54:18 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.02.07 18:26:21 | 000,001,471 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2008.01.06 18:00:22 | 000,100,352 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.01.06 00:49:06 | 000,000,102 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2003.06.23 09:13:11 | 000,001,680 | ---- | C] () -- C:\Users\***\AppData\Roaming\Access10.pip ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.03.24 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2008.12.21 12:39:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2013.01.26 18:00:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.02.08 21:44:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.09.26 12:56:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG [2009.11.19 20:45:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2009.11.01 23:20:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2008.01.07 18:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlobalSCAPE [2008.02.07 18:26:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2008.01.06 22:16:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2008.11.07 23:49:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MiniDm [2009.02.08 22:12:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2008.10.19 14:25:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.10.17 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Prish [2009.03.30 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2012.10.12 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2011.06.22 18:14:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy [2008.01.06 15:23:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2008.12.23 10:04:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TACX [2011.08.27 10:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.02.16 23:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Home Server [2010.05.08 17:44:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Withings ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.01.2013 08:10:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 28,02% Memory free
6,72 Gb Paging File | 3,40 Gb Available in Paging File | 50,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 638,52 Gb Free Space | 68,55% Space Free | Partition Type: NTFS
Drive D: | 445,75 Gb Total Space | 51,25 Gb Free Space | 11,50% Space Free | Partition Type: NTFS
Drive E: | 19,99 Gb Total Space | 16,27 Gb Free Space | 81,36% Space Free | Partition Type: FAT32
Drive F: | 549,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: microStar-*** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B198807-0B30-4DA4-B22C-5C4C780462CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{45863E8F-5632-4102-BECF-9BB1980EB0BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45F9F639-C945-4AE9-A476-E02E7603190F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48A1E0E4-D95D-4A05-8562-12502C2B3F95}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{49AFA4D0-B0F3-4BCF-9FD0-72660854E7D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{592B015E-37C9-4F98-AE49-BCD17FEC5531}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6127A386-85E7-44E5-89E9-51161321E1D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BCB5CDC-6B16-428C-99BA-F25B03968CBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{7E861E55-1E73-4663-AF9D-8C186BCE03CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3E16885-CAD9-4CB6-BA34-F98F5FB629E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A893ACB6-0522-48B8-99FA-334CF96ECB34}" = lport=445 | protocol=6 | dir=in | app=system |
"{AAFEDB97-9F6D-4CC4-9CF5-3CDC33A7BBED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2499E67-FF75-4349-B2E1-DBE7198EBA97}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B73C9135-B5E8-47E8-AC14-74F731922FD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{C6C21846-FF21-4048-BA69-16773BFD0830}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2C8849B-F129-4D3A-A01B-0FC71E45EC4C}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{EF13CC07-9A35-48F6-8D6F-6CBFBE8D10DD}" = lport=3389 | protocol=6 | dir=in | name=remote |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F25A80-8514-4799-BAFF-A368BAD2FCB5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{10F1181A-9F9A-4D1F-A9E2-4678525D64D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{135B59CD-B69B-4096-B80E-63B8933AD605}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{13E890E1-231B-4FAA-9D7D-AD5C62B10F86}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{153FE17A-AD75-45D5-BF84-836AC0900C65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{1B3293EC-4F14-4C38-8A8D-8059F454D239}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{1D613B45-958C-4472-AD9A-3EE2DFC2FEAD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{25859868-28C4-4FEB-A127-3E40B74E7D1B}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{2FCDC1EE-A30D-4283-9712-00B3DA311F87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33DB8904-9C4C-40D9-AFDB-E1DA3CF18D27}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{38E72D31-3B16-44CC-86DC-DFCE8DBC0F9B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{3D177EAF-92B6-4256-A1D4-C7B61D083DCB}" = protocol=6 | dir=out | app=system |
"{480BEB0F-7867-41EB-866A-36C54AE71DEA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{48B05B2F-E487-433B-A240-DFBC6CCC9509}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4CBFFEEB-36B6-4DCA-9FEE-52BA4EA36F5B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{508CA4AF-734F-44FF-9D77-A1CEDB30B46A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{51D91D43-6823-4460-B183-8791C751FF7D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{599603AA-4DEF-4FAF-B0D1-950BC8D27222}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5C9A9CAA-48BE-41CC-85E3-5DEF39FC37D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5DAB24C0-E144-4917-A3CD-5C986F8CD072}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A11AA31-F1F4-4225-9A2C-51D13DA507C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DD5F09E-FE2E-4E70-A7C0-6FAE2D67F774}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{718BE615-7611-4A4E-B36A-3CA2F0190A50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7956D93E-C882-4930-8B8B-35D4365B8C59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7ADA04D4-BFEB-4960-98CC-8178374128C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8BA21F2C-A3BF-44A8-A356-A8C38C784C35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{908AF391-4CA9-400B-A893-4F06F3264727}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{911861CB-C514-4D0E-A8D0-9ECE44939E36}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{92E02B4F-3794-47FD-A3D0-EB53FA570FD2}" = protocol=6 | dir=in | app=c:\program files\windows home server\discovery.exe |
"{92EF5CE1-FCA9-41E3-A6D6-297D048B4F8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{94E9AA1C-1738-4A37-8DE9-23F1DE4E185D}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{98B9CCA6-4EF9-4D79-831C-CE3AF5E86184}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99D7B092-59B7-47F5-A395-74D246A432E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{9B6A96F4-4AEB-407D-921A-E16E2582EED0}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{9CE08E4A-C2CA-459C-8278-50F22F1D05AB}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{AD728A2E-2C26-4AE3-8F95-700EF35876D3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{B06047D8-BFAC-4956-82DE-DE0BF23250C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2F0C2BF-5BD2-42D8-929D-703943E8A48F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B6DB5B8D-E0ED-426F-A71E-76EC9ED88678}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BC70050D-D4DF-4BAC-A365-29C817EEE8B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BE54877E-C8AF-4F26-A754-3E380F0A4DC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0E1B6D3-D8FB-4AEE-A8D6-5FC9DE5DBD65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C75AA7C5-30D9-4D21-B6D3-D2178870DD49}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{CA3F414C-B6C4-4A3C-91B8-E3EA848C1338}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CB2A1543-C05E-4404-A861-84C44A2423C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCA29AE2-6661-466D-B0DD-9627AC269D06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDF72B43-07D6-485D-965A-34F1C462C898}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{CEBFA2CE-1029-48A0-9AAA-1A9CCEEF47CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB040451-14E1-4D14-93A3-F9C34500B0A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E038DE1E-CA28-4BC3-876C-C7A246C8A7C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{E1EEDBEB-73CA-46B0-8FAA-043C252BF35F}" = protocol=17 | dir=in | app=c:\program files\windows home server\discovery.exe |
"{E20B2081-7AED-4450-B213-011C0CFC686D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{E33EB9E1-31B0-4EE8-BF34-FA5D7213BB92}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{F5CE0069-C9B7-4561-A55E-C1C32C28FAA4}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{F696B78E-FD9B-415D-9278-B941BCA1B977}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F97DDC74-A6BA-4368-93DE-5E44B2C54209}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{FE40EDD2-9EEF-477B-AA38-D40DCDB92808}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{021A6D75-E590-4F66-BFF1-930CE122A767}C:\program files\globalscape\cuteftp\cutftp32.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp\cutftp32.exe |
"TCP Query User{08A39C07-4995-4810-8492-65E01E08B69F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{1268A8B8-9CE4-454C-B1FA-5029EA008979}C:\program files\globalscape\cuteftp\cutftp32.exe" = protocol=6 | dir=in | app=c:\program files\globalscape\cuteftp\cutftp32.exe |
"TCP Query User{1624D445-25C8-4E50-8211-130D4DBF5A11}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{20E07FFA-BC4B-4657-B1DF-4DA90A9AE19E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{226E9A42-54F2-4A5C-BEF7-064F7BE7B92A}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{470F8E97-994E-48BE-8EB5-B0132A076DB3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A033E47D-820A-47E3-AA00-898BB81935E9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A720A18B-3DC0-4A33-BCDD-1D1DFD513B8B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C666C882-47F0-490E-B462-7EFCE828293B}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"TCP Query User{DAF79252-4536-455B-81A9-A582FF9E0DEB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F0908082-689C-49C1-9E4E-2C1BAC9B65E8}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{F4D26085-FF8F-4D31-8B2D-996C7FB4FEEC}C:\program files\samsung\frame manager\frameratingservice.exe" = protocol=6 | dir=in | app=c:\program files\samsung\frame manager\frameratingservice.exe |
"TCP Query User{FAD97B03-C6DD-4163-95B0-02EB66D99CBE}C:\users\***\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{1697FA9C-E363-4E1C-8165-F1DF956FECB2}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{2745075A-5332-4690-9B11-816591899A63}C:\program files\globalscape\cuteftp\cutftp32.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp\cutftp32.exe |
"UDP Query User{5BE546C3-4661-4FEE-A612-1B979262D644}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{5D27AAE4-39AC-41A0-A9C8-6C12E49A5EEE}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe |
"UDP Query User{6D872E1F-09DA-4231-B789-134ABDEDCA61}C:\users\***\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\nero web\setupxu.exe |
"UDP Query User{7D38AAB2-7970-465D-BEEC-6A8318915027}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8FA2927F-FE1A-4F24-8464-3C142B2F7AB7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9E4811D5-DC34-494B-B762-765F36D40524}C:\program files\globalscape\cuteftp\cutftp32.exe" = protocol=17 | dir=in | app=c:\program files\globalscape\cuteftp\cutftp32.exe |
"UDP Query User{A400E205-A8B8-4756-8B58-57645B8A8F1E}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{A4F37A11-616E-42D0-8E2D-6B67949A0406}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A9A745A2-FD5E-4272-B33C-60BBCCBEEFD7}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{AF730797-8DED-4859-A755-005F16EF1149}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{C5EB3B95-8ECD-4BF8-9D02-D70AA4429D99}C:\program files\samsung\frame manager\frameratingservice.exe" = protocol=17 | dir=in | app=c:\program files\samsung\frame manager\frameratingservice.exe |
"UDP Query User{DFB70FC3-D89C-44ED-94A7-2A02559ECCE4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{00F3D43F-B5A9-4C8D-B5A1-5FD2DE16CC21}" = Polar IrDA USB 1.1 Adapter
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{067B5E9A-A4BA-4BF2-AFF2-6D5414B2E88A}" = Switch2
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E49794-7C13-4E84-8659-55BD378267D5}" = Windows Home Server-Connector
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{2555AF7D-1766-42E9-934C-E408933AEBF9}" = Fortius Imagic
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FEFAD2B-CD9B-478F-8AD4-4A9B54FB786D}" = Prish Image Resizer
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91BF142C-E8C0-4279-A98D-A61A4404CF56}" = Duden Korrektor
"{96F0EF0A-5852-470D-94AD-6F39DD51C3D4}" = NI LabWindows/CVI 7.1 Run Time Engine
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{99284958-43A1-E44A-B9CE-BB2E3D460617}" = simfy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}" = Microsoft Office Live Add-in Patches
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B727BD4D-0C42-43F7-AC60-4AFBDDC732BD}" = FlexPoints 2.01
"{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software
"{B8BF5CD8-B02D-48f9-96A9-7183F868D6EE}" = C6200_Help
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C14266F9-1464-4285-9094-043633EFC3B0}" = C6200
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext
"{D2BAFC44-D10B-401E-B744-808CAA85E886}" = Fortius
"{D41EB7A7-1AAA-4282-AD6A-1FAC72BE55C5}" = C6200_doccd
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7B2B002-97C7-4D2E-B76F-150F96604CF5}" = Frame Manager
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F851520E-16E5-4C7B-BE3A-A90326A8160B}" = Fortius
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"3D Traumhaus Designer 8_is1" = DATA BECKER 3D Traumhaus Designer 8
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BBMediaSyncUninstall" = BlackBerry Media Sync
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CuteFTP" = CuteFTP
"Designer 2.0_is1" = Designer 2.0
"Digsby" = Digsby
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3611 [2010-10-06]
"FileZilla Client" = FileZilla Client 3.3.5.1
"FLV Player" = FLV Player 2.0, build 23
"Google Calendar Sync" = Google Calendar Sync
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}" = Duden Korrektor
"InstallShield_{E7B2B002-97C7-4D2E-B76F-150F96604CF5}" = Frame Manager
"iPhoneBackupExtractor" = iPhone Backup Extractor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RarZilla Free Unrar 2.52" = RarZilla Free Unrar 2.52
"Recuva" = Recuva
"Simfy" = simfy
"Tacx Imagic Vista drivers_is1" = Tacx Imagic Vista drivers 0.1
"TeamViewer 7" = TeamViewer 7
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-150735292-161998131-4274805051-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 04:07:37 | Computer Name = microStar-*** | Source = Windows Search Service | ID = 3013
Description =
Error - 20.07.2011 08:23:15 | Computer Name = microStar-*** | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
Error - 20.07.2011 08:23:15 | Computer Name = microStar-*** | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
Error - 20.07.2011 10:24:43 | Computer Name = microStar-*** | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
Error - 20.07.2011 10:24:43 | Computer Name = microStar-*** | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
[ OSession Events ]
Error - 07.02.2010 18:45:04 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6055
seconds with 300 seconds of active time. This session ended with a crash.
Error - 02.05.2011 06:40:04 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6469
seconds with 60 seconds of active time. This session ended with a crash.
Error - 25.05.2011 15:27:21 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 163
seconds with 60 seconds of active time. This session ended with a crash.
Error - 29.07.2011 02:49:43 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 618
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.08.2011 06:49:18 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 5455
seconds with 300 seconds of active time. This session ended with a crash.
Error - 05.11.2011 02:39:33 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 102
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.01.2012 15:06:00 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3267
seconds with 660 seconds of active time. This session ended with a crash.
Error - 15.02.2012 17:18:35 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7287
seconds with 300 seconds of active time. This session ended with a crash.
Error - 15.03.2012 07:04:20 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14325
seconds with 2580 seconds of active time. This session ended with a crash.
Error - 27.03.2012 17:32:33 | Computer Name = microStar-*** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 167
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.01.2013 12:34:57 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7026
Description =
Error - 26.01.2013 12:34:57 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2013 12:34:57 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2013 12:34:59 | Computer Name = microStar-*** | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:35:03 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2013 12:35:31 | Computer Name = microStar-*** | Source = DCOM | ID = 10005
Description =
Error - 26.01.2013 12:35:33 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7001
Description =
Error - 26.01.2013 12:44:45 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7000
Description =
Error - 26.01.2013 12:45:00 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7022
Description =
Error - 26.01.2013 12:45:01 | Computer Name = microStar-*** | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
27.01.2013, 15:47
| #2 |
| /// Helfer-Team  | GVU-Trojaner Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKU\S-1-5-21-150735292-161998131-4274805051-1002..\Run: [Polar Sync] File not found
[2013.01.26 17:31:59 | 095,023,320 | ---- | M] () -- C:\ProgramData\02Pv3XC.pad
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\***\*.tmp
C:\Users\***\AppData\Local\Temp\*.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
27.01.2013, 22:26
| #3 |
| | GVU-Trojaner hier die logs:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_USERS\S-1-5-21-150735292-161998131-4274805051-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Polar Sync deleted successfully.
C:\ProgramData\02Pv3XC.pad moved successfully.
ADS C:\ProgramData\Temp:8FF81EB0 deleted successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\***\*.tmp not found.
C:\Users\***\AppData\Local\Temp\6ACC2D~1.exe moved successfully.
C:\Users\***\AppData\Local\Temp\718631~1.exe moved successfully.
C:\Users\***\AppData\Local\Temp\DivXSetup.exe moved successfully.
C:\Users\***\AppData\Local\Temp\Execute2App.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate01.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate02.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate03.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate04.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate05.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate06.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate07.exe moved successfully.
C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate08.exe moved successfully.
C:\Users\***\AppData\Local\Temp\GDM2BC3.exe moved successfully.
C:\Users\***\AppData\Local\Temp\JingSetup.exe moved successfully.
C:\Users\***\AppData\Local\Temp\JingSetup2.1.9146.exe moved successfully.
C:\Users\***\AppData\Local\Temp\JingSetup2.2.9337.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u13-windows-i586-p-iftw.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u15-windows-i586-iftw.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u17-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u19-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Users\***\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe moved successfully.
C:\Users\***\AppData\Local\Temp\Kies2RemoveAll.exe moved successfully.
C:\Users\***\AppData\Local\Temp\npp.4.7.5.Installer.exe moved successfully.
C:\Users\***\AppData\Local\Temp\npp.5.0.3.Installer.exe moved successfully.
C:\Users\***\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\***\AppData\Local\Temp\setpointdeu.exe moved successfully.
C:\Users\***\AppData\Local\Temp\xmlUpdater.exe moved successfully.
C:\Users\***\AppData\Local\Temp\_is86EB.exe moved successfully.
C:\Users\***\AppData\Local\Temp\_isC8FC.exe moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58305 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: ***
->Temp folder emptied: 21384760111 bytes
->Temporary Internet Files folder emptied: 1800039545 bytes
->FireFox cache emptied: 59320236 bytes
->Flash cache emptied: 62364 bytes
User: TEMP
User: TEMP.microStar-***
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4555383538 bytes
RecycleBin emptied: 19239969123 bytes
Total Files Cleaned = 44.860,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01272013_163822
Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\Temp1_Backup files 14.zip\C\Users\***\Favorites\Links\FlexiSpy - Spionage-software für Handys. Schützen Sie Ihre Kinder, finden Sie gestohlene Handys zurück, finden Sie heraus ob Ihr Partner Sie betrügt!.url not found!
File move failed. C:\Windows\SD2A8B6EB.tmp scheduled to be moved on reboot.
C:\Windows\temp\JETFB00.tmp moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.27.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: MICROSTAR-*** [Administrator] 27.01.2013 17:14:35 mbam-log-2013-01-27 (17-14-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 600908 Laufzeit: 3 Stunde(n), 22 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v2.109 - Datei am 27/01/2013 um 21:49:53 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - MICROSTAR-***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Description
Schlüssel Gelöscht : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v9.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\p09u3l38.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [2270 octets] - [27/01/2013 21:49:53]
########## EOF - C:\AdwCleaner[S1].txt - [2330 octets] ##########
 |
|
27.01.2013, 22:47
| #4 |
| /// Helfer-Team | GVU-Trojaner Sehr gut!  Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
29.01.2013, 05:33
| #5 |
| | GVU-Trojaner Läuft gut soweit. Einzig Samsung Kies meckert, da dieses Programm wohl Daten im Java-Temp hatte. Hier das log: Code:
ATTFilter Emsisoft Anti-Malware - Version 7.0
Letztes Update: 28.01.2013 22:41:17
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 28.01.2013 22:42:08
C:\Windows\Downloaded Program Files\default.inf gefunden: Trace.File.iePlugin (A)
C:\Users\***\Desktop\MyPhoneExplorer_Setup_1.7.1.exe gefunden: Adware.Win32.ADON.AMN (A)
D:\Installations Dateien\kmdv2.exe gefunden: Trojan.Generic.8435322 (B)
Gescannt 699045
Gefunden 3
Scan Ende: 29.01.2013 02:15:18
Scan Zeit: 3:33:10
D:\Installations Dateien\kmdv2.exe Quarantäne Trojan.Generic.8435322 (B)
C:\Users\***\Desktop\MyPhoneExplorer_Setup_1.7.1.exe Quarantäne Adware.Win32.ADON.AMN (A)
C:\Windows\Downloaded Program Files\default.inf Quarantäne Trace.File.iePlugin (A)
Quarantäne 3
|
|
29.01.2013, 13:41
| #6 |
| /// Helfer-Team | GVU-Trojaner Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
__________________ --> GVU-Trojaner |
|
30.01.2013, 05:27
| #7 |
| | GVU-Trojaner Der erste Start gestern ging leider in die Hose. Man sah nach dem anmelden nur den Desktop und die Maus. Evtl. lag dies noch Emsisoft? Nach einem erneuten Neustart ging es dann: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=b107e02c8d65a348ba32889b17da240b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-30 01:57:57
# local_time=2013-01-30 02:57:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 100 22746 224934367 15363 0
# compatibility_mode=5892 16776638 100 100 83934558 197043805 0 0
# scanned=397434
# found=1
# cleaned=1
# scan_time=17449
C:\_OTL\MovedFiles\01272013_163822\C_Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\152ac54f-563f8fb1 a variant of Java/Exploit.CVE-2013-0422.AY trojan (deleted - quarantined) 2C0FEA8955C6358A5F2D6AA33FBECE9EBFBB9257 C
|
|
30.01.2013, 16:34
| #8 |
| /// Helfer-Team | GVU-Trojaner Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
30.01.2013, 23:56
| #9 |
| | GVU-Trojaner Hallo, das Update 11 hatte ich direkt nach der Systemwiederherstellung als erstes installiert. Ich habe es jetzt einfach nochmal drüber gebügelt. Hier die Ausgaben: Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Internet Explorer 9.0 ist aktuell
Flash (11,5,502,146) ist aktuell.
Java (1,7,0,11) ist aktuell.
Adobe Reader 10,1,0,0 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0
Nach der Deaktivierung: Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Internet Explorer 9.0 ist aktuell
Flash (11,5,502,146) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.
Adobe Reader 10,1,0,0 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version: 11.0
|
|
31.01.2013, 01:19
| #10 |
| /// Helfer-Team | GVU-Trojaner Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
06.04.2013, 13:19
| #11 |
| /// Helfer-Team | GVU-Trojaner Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu GVU-Trojaner |
| 32 bit, 7-zip, adware.cydoor, adware.timesink, antivir, autorun, becker, bho, bonjour, dsl, error, flash player, google, hacktool.gen, iexplore.exe, install.exe, intranet, logfile, microsoft office 2003, office 2007, plug-in, pup.psw.passview, realtek, recuva, registry, security, senden, software, svchost.exe, wiso |
Linear-Darstellung
