| |
| |||||||
Log-Analyse und Auswertung: TR/ATRAPS.GEN2 sowie TR/Sirefef.AHWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
06.04.2013, 15:57
| #1 |
| |  TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Hallo miteinenander, nachdem Avira Antivir mir seit zwei bis drei Tagen TR/ATRAPS.GEN2 (in C:\$Recycle.Bin\S-1-5-18\$f8df9bb1569cb3b588c9848a3f2cd3ee\U\80000064.@ und C:\$Recycle.Bin\S-1-5-18\$f8df9bb1569cb3b588c9848a3f2cd3ee\U\80000032.@) sowie TR/Sirefef.AH (anfangs in C:\$Recycle.Bin\S-1-5-18\$f8df9bb1569cb3b588c9848a3f2cd3ee\n, später in C:\$Recycle.Bin\S-1-5-18\$f8df9bb1569cb3b588c9848a3f2cd3ee\n) regelmäßig meldet, habe ich versucht mich hier und via Google darüber zu belesen, woraus dann hervor ging dass man dieses Problem wohl individuell angehen sollte. Darum habe ich dann beschlossen, dem hiesigen Hilfsthread folgend die nötigen Information für ein eigenes Thema zusammenzufassen. Mein Vorgehen bisher sah so aus, dass ich zunächst bei den Antivir-Meldungen unten rechts auf dem Bildschirm den "Entfernen"-Button geklickt habe. Nachdem die Meldung sich mehrmals wiederholte habe ich die von Antivir angegebenen Verzeichnisse mittels angezeigter Systemdateien aufgesucht und die angegebenen Quelldateien gelöscht, was ebenfalls nichts an den fortlaufenden Meldungen geändert hat. Als ich begonnen habe, die oben genannte Anleitung vom Board hier durchzuarbeiten, habe ich Avira-Meldungen nur noch ausgeblendet. Hier nun die Logs von defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:39 on 06/04/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 06.04.2013 14:45:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,41% Memory free 8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 104,61 Gb Free Space | 22,46% Space Free | Partition Type: NTFS Drive D: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,89 Gb Total Space | 1,61 Gb Free Space | 85,34% Space Free | Partition Type: FAT Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.06 14:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.04.03 11:29:06 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.12.14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.11.30 19:43:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:26:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:26:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.02 21:57:41 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2010.11.21 12:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005.04.06 17:53:06 | 003,502,080 | ---- | M] () -- c:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 17:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2013.04.03 11:29:06 | 003,143,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.06.14 14:27:10 | 000,907,496 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService) SRV:64bit: - [2010.02.03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.03 11:29:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.18 00:54:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.12.14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.05.08 21:26:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:26:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.02 21:57:41 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.11.21 12:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.11.16 15:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.04.06 01:45:04 | 000,167,936 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:26:44 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:26:44 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.02 17:03:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2012.03.02 17:03:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2012.03.02 17:03:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.02 21:57:42 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2011.09.02 21:57:42 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.09.02 21:57:42 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011.09.02 21:57:42 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011.08.19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011.08.19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.11 21:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp) DRV:64bit: - [2010.03.28 18:43:40 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.12.23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.09.29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009.09.29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009.09.29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009.08.26 13:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini) DRV:64bit: - [2009.07.30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.08 19:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV:64bit: - [2006.10.31 23:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.09.28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1E EB 8F 0D CD CA 01 [binary data] IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{C180AE0B-B636-4C50-A687-7600D857640F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092; ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google Deutschland - auf Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://soke.cwsurf.de/soke3/index.php" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.11 12:47:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.13 23:04:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 11:29:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.05 10:32:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 11:29:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.05 10:32:30 | 000,000,000 | ---D | M] [2010.03.26 20:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.03.05 13:53:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jhfh2meo.default\extensions [2013.03.05 13:53:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jhfh2meo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.10 17:13:37 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jhfh2meo.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2013.02.10 21:24:00 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jhfh2meo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2011.05.07 12:38:08 | 000,149,985 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\extensions\radiobar@toolbar.xpi [2013.02.14 11:34:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.06 09:24:06 | 000,000,957 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\conduit.xml [2010.03.28 18:44:00 | 000,002,055 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\daemon-search.xml [2013.04.01 11:51:38 | 000,002,449 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\google-deutschland---auf-deutsch.xml [2013.04.01 11:51:37 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin-2.xml [2010.07.05 07:19:20 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin-3.xml [2010.07.24 22:02:42 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin-4.xml [2010.07.26 21:30:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin-5.xml [2011.03.30 16:14:34 | 000,001,042 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin.xml [2013.04.03 11:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.04.03 11:29:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.03 11:29:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.02.27 08:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.27 08:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.27 08:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.27 08:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.27 08:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.27 08:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12A469C1-B4AA-462F-9298-F67784A55BEA}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151A7B50-9181-48F1-9711-22D90FBC5B8A}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52C71FB7-4C02-4FA2-8B69-63E7C5F9189B}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A86DE19-2934-4AE8-9AFA-AEC4CB04EDFB}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEBCB2FD-E1F1-46D6-91C9-D9A33EBFFCDC}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F15E8072-E4C0-4C88-9A06-404A6D735984}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.07 10:12:33 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{0f52c81a-d59d-11e0-96dc-00306735ed71}\Shell - "" = AutoRun O33 - MountPoints2\{0f52c81a-d59d-11e0-96dc-00306735ed71}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0f52c829-d59d-11e0-96dc-00306735ed71}\Shell - "" = AutoRun O33 - MountPoints2\{0f52c829-d59d-11e0-96dc-00306735ed71}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{0f52c853-d59d-11e0-96dc-00306735ed71}\Shell - "" = AutoRun O33 - MountPoints2\{0f52c853-d59d-11e0-96dc-00306735ed71}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{43ed09a0-9934-11e1-aef6-00306735ed71}\Shell - "" = AutoRun O33 - MountPoints2\{43ed09a0-9934-11e1-aef6-00306735ed71}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{545b99a3-3a89-11df-a4ab-00306735ed71}\Shell - "" = AutoRun O33 - MountPoints2\{545b99a3-3a89-11df-a4ab-00306735ed71}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\{545b99af-3a89-11df-a4ab-00306735ed71}\Shell - "" = AutoRun O33 - MountPoints2\{545b99af-3a89-11df-a4ab-00306735ed71}\Shell\AutoRun\command - "" = F:\RunGame.exe O33 - MountPoints2\{86818a1d-555d-11e1-8d22-00306735ed71}\Shell - "" = AutoRun O33 - MountPoints2\{86818a1d-555d-11e1-8d22-00306735ed71}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{86819d0a-555d-11e1-8d22-00306735ed71}\Shell - "" = AutoRun O33 - MountPoints2\{86819d0a-555d-11e1-8d22-00306735ed71}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{8baf2725-38ff-11df-bf1f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8baf2725-38ff-11df-bf1f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Launcher.exe -- [2007.06.07 10:43:41 | 001,820,160 | R--- | M] () O33 - MountPoints2\{e81ca038-6ab8-11e2-bf68-f7c8b6f0e0fa}\Shell - "" = AutoRun O33 - MountPoints2\{e81ca038-6ab8-11e2-bf68-f7c8b6f0e0fa}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.06 14:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.03 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2013.04.03 13:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games [2013.04.03 11:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.30 13:08:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Teewars [2013.03.28 19:20:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Teeworlds [2013.03.28 01:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg [2013.03.22 11:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.21 11:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.21 11:05:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.18 20:26:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ESRS [2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.06 14:48:31 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 14:48:31 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 14:47:46 | 001,527,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.06 14:47:46 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.06 14:47:46 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.06 14:47:46 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.06 14:47:46 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 14:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.06 14:42:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.06 14:40:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.06 14:40:52 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.04.06 14:39:48 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.06 14:39:16 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.06 13:54:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.06 13:51:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.03 13:18:13 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.04.01 21:21:23 | 000,241,791 | ---- | M] () -- C:\Users\***\Sokeesel.jpg [2013.03.31 16:57:29 | 004,462,667 | ---- | M] () -- C:\Users\***\RIMG00871.jpg [2013.03.29 13:20:45 | 009,925,612 | ---- | M] () -- C:\Users\***\03 Waldspaziergang mit Gott.mp3 [2013.03.28 13:18:23 | 000,012,177 | ---- | M] () -- C:\Users\***\Documents\timetable.ods [2013.03.28 13:11:10 | 000,041,736 | ---- | M] () -- C:\Users\***\Documents\zeitplan.pdf [2013.03.21 15:13:25 | 000,474,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 22:17:06 | 000,963,214 | ---- | M] () -- C:\Users\***\Scannen0020.jpg [2013.03.18 21:30:27 | 001,356,414 | ---- | M] () -- C:\Users\***\Scannen0019.jpg [2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.06 14:39:48 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.06 14:39:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.03 13:18:13 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.04.01 21:21:21 | 000,241,791 | ---- | C] () -- C:\Users\***\Sokeesel.jpg [2013.03.31 16:57:28 | 004,462,667 | ---- | C] () -- C:\Users\***\RIMG00871.jpg [2013.03.29 13:18:55 | 009,925,612 | ---- | C] () -- C:\Users\***\03 Waldspaziergang mit Gott.mp3 [2013.03.28 13:18:22 | 000,012,177 | ---- | C] () -- C:\Users\***\Documents\timetable.ods [2013.03.28 13:06:09 | 000,041,736 | ---- | C] () -- C:\Users\***\Documents\zeitplan.pdf [2013.03.18 22:17:05 | 000,963,214 | ---- | C] () -- C:\Users\***\Scannen0020.jpg [2013.03.18 21:30:27 | 001,356,414 | ---- | C] () -- C:\Users\***\Scannen0019.jpg [2013.03.07 01:28:39 | 000,579,988 | ---- | C] () -- C:\Users\***\Klimatologie.pdf [2013.03.05 20:13:31 | 001,567,875 | ---- | C] () -- C:\Users\***\nevaroningraveyardtheme.mp3 [2013.03.05 19:27:48 | 000,068,242 | ---- | C] () -- C:\Users\***\Snapshot_20130305.JPG [2013.03.05 18:31:23 | 001,567,875 | ---- | C] () -- C:\Users\***\nvgt.mp3 [2013.03.02 03:31:15 | 007,542,481 | ---- | C] () -- C:\Users\***\_MG_4632.jpg [2013.03.02 03:31:15 | 004,676,747 | ---- | C] () -- C:\Users\***\_MG_4450.jpg [2013.02.28 00:39:51 | 000,877,474 | ---- | C] () -- C:\Users\***\DieMaske.jpg [2013.02.27 00:25:41 | 000,942,680 | ---- | C] () -- C:\Users\***\Stadtöko.odt [2013.02.22 22:30:55 | 002,480,664 | ---- | C] () -- C:\Users\***\_MG_4198.jpg [2013.02.22 22:28:00 | 003,283,742 | ---- | C] () -- C:\Users\***\_MG_4210.jpg [2013.02.22 22:17:35 | 000,405,396 | ---- | C] () -- C:\Users\***\blabla.gif [2013.02.12 00:56:47 | 022,267,437 | ---- | C] () -- C:\Users\***\MVI_4257.MOV [2013.02.12 00:38:42 | 003,078,438 | ---- | C] () -- C:\Users\***\_MG_4263.jpg [2013.02.12 00:38:12 | 003,742,113 | ---- | C] () -- C:\Users\***\_MG_4201.jpg [2013.02.12 00:38:02 | 010,283,481 | ---- | C] () -- C:\Users\***\_MG_4199.jpg [2013.02.12 00:38:02 | 003,565,462 | ---- | C] () -- C:\Users\***\_MG_4194.jpg [2013.01.20 16:07:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2013.01.17 21:41:56 | 003,836,242 | ---- | C] () -- C:\Users\***\RIMG0106.JPG [2013.01.17 21:41:56 | 003,814,758 | ---- | C] () -- C:\Users\***\RIMG0100.JPG [2013.01.17 21:41:56 | 003,733,477 | ---- | C] () -- C:\Users\***\RIMG0101.JPG [2013.01.17 21:41:56 | 003,714,714 | ---- | C] () -- C:\Users\***\RIMG0099.JPG [2013.01.17 21:41:56 | 003,688,120 | ---- | C] () -- C:\Users\***\RIMG0103.JPG [2012.06.10 17:54:59 | 000,000,367 | ---- | C] () -- C:\Users\***\AppData\Local\springsettings.cfg [2012.03.01 15:01:10 | 000,001,282 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.01.23 15:47:13 | 000,306,220 | ---- | C] () -- C:\Users\***\Graf Karl.wav [2012.01.23 15:46:15 | 000,056,032 | ---- | C] () -- C:\Users\***\Graf Karl.mp3 [2012.01.19 16:45:19 | 000,042,380 | ---- | C] () -- C:\Users\***\dÄ.xspf [2012.01.02 23:41:29 | 000,009,932 | ---- | C] () -- C:\Users\***\playlist 1.xspf [2011.12.11 14:56:58 | 001,840,802 | ---- | C] () -- C:\Users\***\Unbekannter Song.mp3 [2011.12.10 16:12:26 | 000,750,848 | ---- | C] () -- C:\Users\***\01 - Rob van U. - Unbekannt.mp3 [2011.11.27 23:12:55 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2011.10.27 18:32:15 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.10.27 18:32:15 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\329B4E0743.sys [2011.08.29 00:47:59 | 001,039,045 | ---- | C] () -- C:\Users\***\ich hab's nicht kleiner.mp3 [2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.07.26 00:24:51 | 000,041,421 | ---- | C] () -- C:\Users\***\Coco.mp3 [2011.07.25 23:49:17 | 000,077,364 | ---- | C] () -- C:\Users\***\frech.mp3 [2011.07.25 23:38:31 | 000,005,475 | ---- | C] () -- C:\Users\***\Vogel.mp3 [2011.07.25 23:30:12 | 000,040,584 | ---- | C] () -- C:\Users\***\siebenmark.mp3 [2011.07.25 19:28:03 | 000,156,358 | ---- | C] () -- C:\Users\***\glanz2.mp3 [2011.07.25 19:05:22 | 000,156,356 | ---- | C] () -- C:\Users\***\glanz.mp3 [2011.07.25 11:13:29 | 000,027,625 | ---- | C] () -- C:\Users\***\Rudi.mp3 [2011.07.25 00:34:27 | 000,000,044 | ---- | C] () -- C:\Users\***\Rud.wav [2011.07.25 00:34:11 | 000,000,044 | ---- | C] () -- C:\Users\***\Rudi ist nicht zu verkaufen - Teil3 - YouTube.wav [2011.07.25 00:33:44 | 000,000,044 | ---- | C] () -- C:\Users\***\why.wav [2011.07.25 00:33:11 | 000,000,044 | ---- | C] () -- C:\Users\***\Wieso.wav [2011.07.24 22:52:19 | 000,311,832 | ---- | C] () -- C:\Users\***\soos.wav [2011.07.24 22:45:34 | 000,329,552 | ---- | C] () -- C:\Users\***\frechheit.wav [2011.07.24 22:31:18 | 000,576,356 | ---- | C] () -- C:\Users\***\Vogelfamilie.wav [2011.07.24 22:11:05 | 000,456,096 | ---- | C] () -- C:\Users\***\Absolut sicher.wav [2011.07.24 21:45:05 | 000,958,840 | ---- | C] () -- C:\Users\***\stille.wav [2011.07.24 21:36:59 | 000,194,840 | ---- | C] () -- C:\Users\***\Weil ich das so will.wav [2011.07.24 21:31:27 | 000,086,056 | ---- | C] () -- C:\Users\***\Wieso denn.wav [2011.07.17 01:12:14 | 000,016,374 | ---- | C] () -- C:\Users\***\CIMG0668.AVI.avi [2011.07.14 22:12:22 | 005,904,522 | ---- | C] () -- C:\Users\***\02 - La Sedia Vuota.wav [2011.07.14 12:05:57 | 000,275,098 | ---- | C] () -- C:\Users\***\CHRISTIAN.wav [2011.07.12 00:22:47 | 027,076,268 | ---- | C] () -- C:\Users\***\Stck vom Himmel Lied 1 Herbert Grnemeyer.wav [2011.07.05 01:13:45 | 002,825,452 | ---- | C] () -- C:\Users\***\CIMG0388.AVI.wav [2011.07.05 00:39:39 | 000,000,039 | ---- | C] () -- C:\Users\***\reverse.avs [2011.07.01 15:35:40 | 000,048,509 | ---- | C] () -- C:\Users\***\rauschen.mp3 [2011.06.30 20:48:11 | 000,641,593 | ---- | C] () -- C:\Users\***\asdasd.mp3 [2011.06.30 20:42:14 | 000,309,335 | ---- | C] () -- C:\Users\***\Paralyzer - Finger Eleven.mp3 [2011.06.30 20:28:16 | 000,084,991 | ---- | C] () -- C:\Users\***\16. Timbaland feat. OneRepublic - Apologize.mp3 [2011.06.21 18:06:22 | 000,000,136 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2011.06.05 15:50:23 | 000,019,977 | ---- | C] () -- C:\Users\***\Graphics Rules.sgr [2011.06.03 17:56:29 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.21 21:47:23 | 000,070,128 | ---- | C] () -- C:\Users\***\kombi1.anl [2011.05.21 21:47:23 | 000,007,662 | ---- | C] () -- C:\Users\***\kombi1.danl [2011.05.21 20:34:44 | 000,006,459 | ---- | C] () -- C:\Users\***\Anlage_A Kombination.danl [2011.05.21 20:34:43 | 000,059,624 | ---- | C] () -- C:\Users\***\Anlage_A Kombination.anl [2011.05.18 14:07:37 | 000,024,060 | ---- | C] () -- C:\Users\***\Anlage A.anl [2011.05.18 14:07:37 | 000,005,760 | ---- | C] () -- C:\Users\***\Anlage A.danl [2011.05.17 19:53:26 | 008,821,244 | ---- | C] () -- C:\Users\***\vEEEC.rar [2010.12.24 19:42:45 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.12.16 00:39:30 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2010.10.03 00:28:47 | 000,006,568 | ---- | C] () -- C:\Users\***\Band of Horses.xspf [2010.09.01 18:18:56 | 003,445,280 | ---- | C] () -- C:\Users\***\This Calling ulrich - All That Remains HD.mp3 [2010.07.05 16:50:49 | 000,019,490 | ---- | C] () -- C:\Users\***\Gemischt.xspf [2010.05.31 18:34:10 | 000,000,000 | ---- | C] () -- C:\Users\***\Content.html [2010.04.16 22:34:06 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.04 20:10:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.04.06 12:03:16 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.04.06 12:03:16 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-4212743489-4097622776-4119676861-1001\$f8df9bb1569cb3b588c9848a3f2cd3ee\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$f8df9bb1569cb3b588c9848a3f2cd3ee\n -- File not found "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.09.03 19:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7632ED400FA15302303AC4C1EEE699AA [2013.01.13 23:05:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2013.04.01 02:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2013.02.03 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2011.07.11 16:43:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Celemony Software GmbH [2011.04.30 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Clonk [2011.04.30 17:17:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Clonk Rage [2010.04.13 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crayon Physics Deluxe [2010.03.28 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.03.03 22:17:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dyiqam [2013.01.13 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2013.03.03 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Etygcy [2011.04.09 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Expu [2011.09.29 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader [2011.07.16 14:03:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fesowa [2010.05.23 17:42:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.12.22 16:22:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios [2013.02.03 18:54:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2013.01.28 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2013.03.21 02:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.02.08 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imaxel [2010.12.17 12:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imaxel_temp [2012.06.10 17:13:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kikin [2010.04.27 16:44:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.04.10 12:54:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lost Marble [2011.01.03 18:33:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Musicmatch [2011.04.07 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Netydi [2010.04.06 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.02.23 14:51:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.04.10 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy [2013.01.13 23:04:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011.10.27 18:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2011.07.15 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Puugi [2010.05.18 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP [2012.06.10 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpringLobby [2012.06.10 17:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpringSettings [2012.02.12 16:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2010.05.31 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SWI-Prolog [2013.03.30 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teewars [2013.03.28 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2013.04.04 02:48:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2013.03.28 01:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay [2013.01.10 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay_hook_win64 [2013.02.03 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 1285 bytes -> C:\Users\***\AppData\Local\qtvpKciPO:SNLbkgSuiHqeXgoyVuZRDgtk4M1C @Alternate Data Stream - 1183 bytes -> C:\Users\***\AppData\Local\Temp:68ahpWn13rTHgcO8F0lEUK8 @Alternate Data Stream - 1038 bytes -> C:\Users\***\AppData\Local\AOUvI4BaJOvC:DuA1Vj1OHMBBtFDo4jYk50m < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.04.2013 14:45:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,41% Memory free
8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 104,61 Gb Free Space | 22,46% Space Free | Partition Type: NTFS
Drive D: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,89 Gb Total Space | 1,61 Gb Free Space | 85,34% Space Free | Partition Type: FAT
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
"{7DE223C2-C857-44E5-9311-67AA5731B39B}" = Melodyne Runtime 4.0 (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{A7096369-9332-466C-8357-08770CDCE277}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64
"{E3B264CE-D9CF-448B-960F-4F832FB1F990}" = Corel Graphics - Windows Shell Extension 64 Bit
"{F24FF688-7138-4CCF-A83F-71E9FB01170E}" = Folder Size for Windows (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F76D4E7F-4AC6-48DC-9ABB-E9769DD24977}" = Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{01DBF423-E27B-45DA-B7F3-F9D4DB39B1C9}" = DRIV3R
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09531CAE-B186-49A9-B44F-C607CC54FA2A}" = PDF Architect
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16DF894D-FC3F-4B87-908D-671E201CD7A8}" = Melodyne singletrack
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{3db3f2b4-7ba2-4d6e-bb23-6e968bd20ac1}_is1" = SuperTux Editor 0.3.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4438107B-FACB-4662-8A68-BF970E04F3E3}" = PicShrink
"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light
"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing
"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BEF4147-E17A-4848-BDC4-60A0AAC70F2A}_is1" = SuperTux 0.3.0
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76AEA7BB-24A5-482C-A5AD-77C1DD76E4FF}" = Return To The Roots
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88D489A4-D954-414F-9F49-117EFB372951}" = Battle Realms WOTW Expansion
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BA9C8A3B-7A17-4A52-9F11-A6E823EE4305}" = Google SketchUp 7
"{BD91DCC0-3FE4-469A-AE48-01F607898049}" = Corel Grafigo 2
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold HD
"{c9ad712c-5aa6-4687-af41-7743fb4d61a9}_is1" = Mono for Windows 2.10.5
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1" = Stranded II 1.0.0.1
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation
"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.10
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FFBAAF1F-307D-4973-B1D2-079CC469EDE2}" = CuneiForm v12 Master
"8461-7759-5462-8226" = Vuze
"Abloadtool" = Abloadtool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Anime Studio Pro_is1" = Anime Studio Pro 5.6
"AquaNox 2 Revelation" = AquaNox 2 Revelation
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Audiosurf_is1" = Audiosurf Beta
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"BurnAware Free_is1" = BurnAware Free 3.3.1
"Clonk Rage" = Clonk Rage
"CPUCooL" = CPUCooL (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Die Sims" = Die Sims
"DivX Setup.divx.com" = DivX-Setup
"ExplorerXP" = ExplorerXP (remove only)
"Fiddler2" = Fiddler2 (remove only)
"FileZilla Client" = FileZilla Client 3.2.7.1
"foobar2000" = foobar2000 v1.1.1
"Fotobuchexpress24 - Fotobuch" = Fotobuchexpress24 - Fotobuch
"Foxit Reader_is1" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Freeware.de Toolbar" = Freeware.de Toolbar
"GameSpy Arcade" = GameSpy Arcade
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}" = MacroKey Manager
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Kalender-Excel-8.8_is1" = Kalender-Excel-8.8
"LG PC Suite IV" = LG PC Suite IV
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magicka_is1" = Magicka
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messer_is1" = Messer v0.992
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Portal1.0" = Portal
"RealPlayer 12.0" = RealPlayer
"S2TNG" = Die Siedler II - Die nächste Generation
"Spring" = Spring 88.0
"Steam App 218230" = PlanetSide 2
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 640" = Alien Swarm - SDK
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SuperTux 0.3.3" = SuperTux 0.3.3
"SuperTux_is1" = SuperTux 0.1.3
"SWI-Prolog" = SWI-Prolog (remove only)
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Virtual Villagers 4 - The Tree of Life1.0" = Virtual Villagers 4 - The Tree of Life
"VLC media player" = VLC media player 1.0.3
"VTFEdit_is1" = VTFEdit 1.2.5
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warzone 2100-2.3.9" = Warzone 2100-2.3.9
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyPaint" = MyPaint 0.9.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
"YaCy" = YaCy
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.10.2011 10:06:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.10.2011 10:06:01 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.10.2011 01:29:45 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.10.2011 01:29:45 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.10.2011 08:48:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.10.2011 08:48:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.10.2011 01:29:07 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.10.2011 01:29:07 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.10.2011 10:16:42 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.10.2011 10:16:42 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.10.2011 13:31:57 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.0.3.0, Zeitstempel:
0x4aeacbb7 Name des fehlerhaften Moduls: vlc.exe, Version: 1.0.3.0, Zeitstempel:
0x4aeacbb7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000016e2 ID des fehlerhaften Prozesses:
0x150c Startzeit der fehlerhaften Anwendung: 0x01cc90e07ef32dd0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: bd0e8fb0-fcd3-11e0-a2db-00306735ed71
Error - 22.10.2011 13:32:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.0.3.0, Zeitstempel:
0x4aeacbb7 Name des fehlerhaften Moduls: vlc.exe, Version: 1.0.3.0, Zeitstempel:
0x4aeacbb7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000016e2 ID des fehlerhaften Prozesses:
0x1434 Startzeit der fehlerhaften Anwendung: 0x01cc90e08e409160 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Berichtskennung: cd66d390-fcd3-11e0-a2db-00306735ed71
[ System Events ]
Error - 06.04.2013 06:03:53 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
Error - 06.04.2013 06:04:05 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 06.04.2013 08:41:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "CPUCooLServer Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 06.04.2013 08:41:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 06.04.2013 08:41:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 06.04.2013 08:41:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Mobile Partner. OUC erreicht.
Error - 06.04.2013 08:41:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 06.04.2013 08:41:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 06.04.2013 08:41:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ntiomin
Error - 06.04.2013 08:42:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-06 16:18:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3500418AS rev.CC38 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\kwliqpow.sys
---- User code sections - GMER 2.1 ----
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!free 0000000075b29894 5 bytes JMP 000000010a90d2d0
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!malloc 0000000075b29cee 5 bytes JMP 000000010a90d230
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!??3@YAXPAX@Z 0000000075b2b0b9 5 bytes JMP 000000010a90d2d0
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!??2@YAPAXI@Z 0000000075b2b0c9 5 bytes JMP 000000010a90d480
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!realloc 0000000075b2b10d 5 bytes JMP 000000010a90d2b0
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!calloc 0000000075b2c456 5 bytes JMP 000000010a90d270
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_msize 0000000075b2f43b 5 bytes JMP 000000010a90d2e0
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_aligned_free 0000000075b45942 5 bytes JMP 000000010a90d2d0
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_aligned_malloc 0000000075b5028d 5 bytes JMP 000000010a90d3c0
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_malloc 0000000075b502a9 5 bytes JMP 000000010a90d3e0
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 0000000075b7bfd1 5 bytes JMP 000000010a90d500
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_aligned_offset_realloc 0000000075b7bfe1 5 bytes JMP 000000010a90d420
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_aligned_realloc 0000000075b7c16b 5 bytes JMP 000000010a90d400
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_expand 0000000075b7c18a 5 bytes JMP 000000010a90d3a0
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_heapadd 0000000075b7dd03 5 bytes JMP 000000010a90d550
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_heapchk 0000000075b7dd17 5 bytes JMP 000000010a90d560
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_heapset + 1 0000000075b7de16 4 bytes {JMP 0xffffffff94d8f76b}
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_heapmin 0000000075b7de1f 3 bytes JMP 000000010a90d650
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_heapmin + 4 0000000075b7de23 1 byte [94]
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_heapused 0000000075b7df05 5 bytes JMP 000000010a90d620
.text c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1628] C:\Windows\syswow64\msvcrt.dll!_heapwalk 0000000075b7df18 5 bytes JMP 000000010a90d590
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077441465 2 bytes [44, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000774414bb 2 bytes [44, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread [1492:1508] 0000000074fe7587
Thread [1492:1512] 000000007497c59c
Thread [1492:1520] 000000007497c59c
Thread [1492:1524] 000000007497c59c
Thread [1492:4772] 00000000774c3e45
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ?????????????????????????7??98??????????? ???????|?????????????:????????????&????????????????????E????N????????????s????????? ??????X?????????????????"?????p?"??????1??{4d36e972-e325-11ce-bfc1-08002be10318}?-A5??? ????????????????????????????$?N?5?????????????????? ?????????????????????0????????????&????????????????????6??? ?????????????????????0????????????????????????????? ?????????????????????0?????????????????????????????????????F??4E??nettun.inf?4FF??? ???????i?????{9C??6to4mp.ndi?533??? ??????????????????6-21-2006???? ?????????????????????0?????????????????????????????\??st??6to4mp.ndi?ll,??????????? ????????????????????????????$?N?S???????????`?????????????????????? ???????|?????????????:????????????&????????????????????4@??&????????????????????????????????????????N?????????????????11??????{4d36e972-e325-11ce-bfc1-08002be10318}\0051?? ??{FFDC7DD8-4688-4D92-837B-0F4CD4C1D25C}??????? ?????????????????????0????????????&???????????????????????? ???????????????????z?0??????*?&??? ???????? ????????????$LAN-
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ????????? ?????????????????????0????????????????????6to4mp.ndi??????tunnel???\??? ??????????????????6-21-2006???? ?????????????????????0????????????????????? ?????????????????????0????????????????????6to4mp.ndi?533???????????2??????}???Microsoft???? ?????????????????????0????????????????????????????????????????#?H?hid_device????(??????????????????c??? ?????????????????????0?????????????????? ?????????????????????? ???????????????????u?0????????$?????????h?HID-konformes Ger?t??? ??????????\??\C??*6to4mp?-2??? ?????????????????????0?????????????????? ???????????????????????N???????????D?????{4d36e96b-e325-11ce-bfc1-08002be10318}??????? ???????????????????????????? ?6????????????????&???&???&???&???&???&???&??????????????????{4d36e96b-e325-11ce-bfc1-08002be10318}\0006?????? ????????????????????????????????????????????s??????????????????????????????????h??keyboard.inf????????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ????????????? ??????????????n???6.1.7601.17514??????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????? ??????X?????????????????"?????p????????1??????????????????????????????????Volume????????:?????????????@volume.inf,%msft%;Microsoft????????????????????????????????????????????? ?????????????????????0????????????&????????????????????F??? ?????????????????????0????????????????????????#??????????????????????????????????????s????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????????????????????? ?????????????????????0????????????????????????????????????????????????????? ?????????????????????0?????????????????????????????????????????????????????????&??? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ???????????????????????????? ??????????????$???&???&???&???&???&???&???&???&???&???&???&???&???&???&???&???&???&???&???&?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????????????nettun.inf?8-4??? ?????????????????????0??L????????? ??????9AD??? ?????????????????????0????????????&????????????????????{??? ?????????????????????0?????????????????????????????????????????????7??98??????????? ???????|?????????????:????????????&????????????????????E????N????????????s????????? ??????X?????????????????"?????p?"??????1??{4d36e972-e325-11ce-bfc1-08002be10318}?-A5??? ????????????????????????????$?N?5?????????????????? ?????????????????????0????????????&????????????????????6??? ?????????????????????0????????????????????????????? ?????????????????????0?????????????????????????????????????F??4E??nettun.inf?4FF??? ???????i?????{9C??6to4mp.ndi?533??? ??????????????????6-21-2006???? ?????????????????????0?????????????????????????????\??st??6to4mp.ndi?ll,??????????? ????????????????????????????$?N?S???????????`?????????????????????? ???????|?????????????:????????????&????????????????????4@??&????????????????????????????????????????N?????????????????11??????{4d36e972-e325-11ce-bfc1-08002be103
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ????????? ?????????????????????????????? ????????????8??Typ??????? ??????"????cDE1??Netzwerkadresse?EC??? ??????????????????????????????????????46???????????7????cBEA???????????c??p"??int?B7???????????3???e??tunnel?74C????<?????? ??????Microsoft-6zu4-Adaptertreiber???? ???????"?????bio??????????? ??????????????????????????????????????p_???????????4???t???????????7??4A??int??\???????????T???e??tunnel?2-F????<??????6??????Microsoft-6zu4-Adaptertreiber???? ??????????????????????????????"??? ??????Net??6-21-2006????????????A??-4????????~??????e??ce???????????s???e??tunnel?sSm??? .?????????????????????????????????????? ?????????????????????0?????????? ?&???????????????????????? ?????????????????????0??????*?&??? ???????????????????????????????????????????????4????-??????????LAN-Verbindung* 52????????????????????????????$LAN-Verbindung* 52??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????? ??????X?????????????????"?????p????????1????N??????d??????????????????????????? ??????????????????????????????"??? ???????????? ????????????????????????????????????????????s?????Microsoft-6zu4-Adapter #22?9????????????????????????????????? ?????????????????????0??L????????? ???????????? ?????????????????????0????????????&???????????????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????? ??????????????????6-21-2006???? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????C??6F???????????F??F1??Microsoft????????????F???????"??????4A????????????????????.?????????????????? ?????????????????????0????????????????????? ?????????????????????0?????????????????????????????????????3??D1???????????8??42??????-4??? ???????3??????n9??6.1.7600.16385?F6-??Microsoft-6zu4-Adapter??????tunnel???????????????4??A6?????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ????BT??????ip??? ??????????????????????????????`????????e??? P??????4?????9B-??{EA84538D-E081-49A1-B895-26438240FB71}??B0????*??????5????d"{C??TCPIP6TUNNEL?Tcpip6??5????`??????}???{??\Device\{EA84538D-E081-49A1-B895-26438240FB71}??C5???????????3??????6B??????????????????????????? ???????????????????????????????????????f??? ??????X?????????????????"?????p?p??????????? ?????????????Net???????????????????????-07B????N????????????D00??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?A0-??? ???????0?????????????,????????$?o?<????????????????????????????????"??? ?????????????????????,????????z?????#{82??????#?????$??????5???????A??Root\*6TO4MP\0111?????z??????9??????F1??\\?\Root#*6TO4MP#0111#{cac88484-7515-4c03-82e6-71a87abac361}?F??? ???????1?????????????,??N?????$?o?<???????????????????????????????{C??? ?????????????????????,????????????'????????????????????}????????????$??????"???????C??Root\*6TO4MP\0111????????????????7??????-5??\\?\Root#*6TO4MP#0111#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{EA84538D-E081-49A1-B895-26438
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0xA6 0x97 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0x46 0xA2 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x65 0xF7 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x42 0x70 0x43 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???e?m??????????? ??????????????????????????????P???&?????????????????????????,?????????????Media Center Extender?????P???????????c?????@%SystemRoot%\system32\McxDriv.dll,-100???????,?????????Media Center Extender?\McxDriv.dll,-100???????0????????????2????McxDriv.dll,Mcx2Install???????????????????P?????????????%systemroot%\system32\McxDriv.dll,-101??????? ??1???????????l???????????????????????1???????????????? ?????????????????????0???????????? ???????????? ?????????????@?????@???????? ?R???&???????????????????????????????????s???PnpPrinters???????R???????????c?????@%systemroot%\system32\ntprint.dll,-1300??????8? @????????P?x@???????????@??????????????IEEE 1394 and SCSI printers?nt.dll,-1300????%systemroot%\system32\setupapi.dll,-38?????????@?????@??????1????????????????????=???????????????????????@?@????cdrom_install???Microsoft???t???? ?????????????????????0???????????? ???????????? ?????????????@?????@??????????T???&???????????????????????Dot4??????T??@????????c?????@%SystemRoot%\system32\sysclass.dll,-30
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???m?o???????????????{???i?????????r???????????????g????FltMgr??????????????????????????HIDClass?????????????????????????????????r?y?????????????????????{????G???????b??m?????????e?????????m???:???:???????????????e???????????p??ta??? ???{??????????? ??@%SystemRoot%\system32\drivers\mountmgr.sys,-100????????????????????????????????????t???????????????????????????????@%SystemRoot%\system32\drivers\mountmgr.sys,-101?????m?m?m?m?m?m?m????\??m?????????n????????????????????system32\DRIVERS\mouhid.sys?\mouhid.sys???????<??m????????h?????@%SystemRoot%\system32\FirewallAPI.dll,-23092???system32\drivers\msisadrv.sys???????????????t?????b??m?????????n????@%SystemRoot%\system32\drivers\netbt.sys,-2??????????o??????????????????Boot Bus Extender????j?S?j?j?s???z??????f???tunnel?d?e??????????????????????hd??????gr???r?yos??t????????????y?y?????????{???????a???y?y????%SystemRoot%\system32\srvsvc.dll?????m?m?m???????*??CSCFlags=2048?MaxUses=4294967295?Path=C:\Users?Permissions=0?Remark=?ShareName=Users?Type=0??o????H?X??????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????????????????????????????????f???????????????u??????????????????????????? 0??i???????????????????????r??ei???????g??????s0???????????????????????????\??GI???????h???E??YS???????????2??????\D??6-21-2006?????N??i?????????D18??{00000000-0000-0000-0000-000000000000}??????? ???????i?????7???????0??L????????? ???????????? ???????i?????????????0????????????&????????????????????????????i???i???????????<?g?g?g?h?g?i?i?i?i?i??? ???????????????? ??n?,????????????????????????????NetworkProvider?????? ???i???r?????erv???????i??????s????u?u?u??{4d36e972-e325-11ce-bfc1-08002be10318}?_Tc??? ???h???????????????j?o?????????i??????????????????????t????|?|????????????Microsoft???? 0??i???i???????????i???????????*?????s?\???????g????????????????N??j???5??????????.NT?VX????P??~???E???????.???????i???????h??HID\VID_172F&PID_0501&Col03\6&2150cd9&0&0002?\???i???i?i?i?i?i?i?i???????????c??????{7????J??????????????a???m?mRD????????????????????????????????X??r???&???&??NO_DRV????????H?????????????????????????????!????????????9?????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???m??????????????????????????????P??o?????????e?????????????????????????@???s??ep???m?m?m?m?m?m?m???????????u?g?????o?y?5??????????????????t???????????????????????????????????????\SystemRoot\system32\drivers\luafv.sys???????????w???e??sc??sc??????p?????????????????????????V??m???????????d??????????????? ???7???????m???????2??@%SystemRoot%\system32\FirewallAPI.dll,-23093???? p??n?????????WEI???o?r?t???????m???2???????????m???????n??@%systemroot%\system32\drivers\luafv.sys,-101????n???????????????????s?s?s???m??????????????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}? "{??Microsoft-6zu4-Adapter #12?2-F????N??w??????????????????????? ?? ????\??????x{???m??{4d36e972-e325-11ce-bfc1-08002be10318}\0030?13??@nettun.inf,%msft%;Microsoft?5??@nettun.inf,%msft%;Microsoft?3????N??}???9?????D26???????<???e??sB??System32\DRIVERS\fvevol.sys??????????????H??WE??????????????????????????Co???????????????????e???????????????m??\??\C:\pagefile.sys??e????V??t??????????????????EHCI.Dev????????????????????????????CD-ROM-Laufwerktreiber?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???i?????????@???????h??cdrom.inf???DVD/CD-ROM drives?em32\StorProp.dll,-17001???????????????????????????????????7??????????????????? ???@??????????????????????Modem?????$??@??????Microsoft???NDIS?:??? ???i????????????????T??@????????c???????4??@????????N??@???????????@??? ???????@???????????????????? ? ????????????????y???????x??????????????????????LegacyDriver????KSecDD??dN??Network?????ACPI\PNP0C04?*PNP0C04???????MBRES???S????????@???s???h??disk_install?????e?e?f??????????6.1.7601.17514??????????????????????????? ?????????????????6-21-2006????@??? ???????@?????????????0??????*????? ???????????? n??w???????????????????t???y???|??????????cdrom.inf???? ?????????????@?????@??????????T? ?&????????????????????????????@??????????Computer??????T??@??????????????@%SystemRoot%\System32\SysClass.dll,-3000????????@??????Computer?oot%\System32\SysClass.dll,-3000?????P??@???????????@???@??????????????%SystemRoot%\System32\setupapi.dll,-27??????hal.inf???????H??@?????????2????SysClass.dll,ComputerClassInstaller????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ????oo???????z???e???5??Microsoft?????B??????u???|???????????????????????????????????????????????????????????????????.??vi????N??????D????D??????????????????????D??-F??volsnap.inf?t????{???J??NO_DRV???????????N??t???usbprint.inf?r??USB-Massenspeicherger?t??????????????U??????????? "?????????????????????volsnap.inf?????????????????volsnap.inf:MSFT.NTamd64:volume_snapshot_install:6.1.7600.16385:storage\volumesnapshot?ase???????x???????????a??6to4mp.ndi?-70????*??????s?????????n?t???????????????????????????????????????????????????e???????????????z???9??1-??*6to4mp??????????z???3??84???????????6??24??????USBPRINT_Inst???VolumeSnapshot??????????????????? ???y???2??????t\?????? ??????????????? ??????????????????????????????????????????????????????????????????e????? ?????????????????????,?????? ????????????????4???????? ??????????????? ????n??ys??????????????????? l??????????????????????????i??\T???????}???g???3??? ?????????????????????,?????? ?????????????????????? ?????????????????????,?????? ????? ???????????? ?
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????4-??11?405???????#0????????????????????????????????????s??????N?????????????????*6to4mp?????Microsoft???? ??????X?????????????????"?????p? ??????????????????????????s??? ???????|???????????g?:??????????E?&????????????????????2???????????????e????N??????g????D.sy???????????????s??????????????????????????????? ??????X?????????????????"?????p????????1??{4d36e972-e325-11ce-bfc1-08002be10318}?-A5??? ????????????????????????????$?N???????????{4d36e972-e325-11ce-bfc1-08002be10318}\0031?????????????? ????????????N?????????????????{942B084A-6A43-4AF4-87FE-EE586B9AE1D0}???r???????????????e???????????y???????s??? ??????????????Ne???????????s??????????????????????????????? ?????????????????????0??????????Q?&???????????????????????? ???????????????????r?0??????*?&??? ???????????????????????? ???????????????????v?0??????*?&??? ????????A????N??????d??????????????????????????? ??????????6-21-2006???????????????????????????????s???????????*6to4mp??????????????j???????????????????????n??????????????? ??????????????????6-2
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1C 0xA6 0x97 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0x46 0xA2 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD0 0x65 0xF7 0x83 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x42 0x70 0x43 0x76 ...
---- EOF - GMER 2.1 ----
 Viele Grüße |
|
06.04.2013, 16:52
| #2 | ||
| /// TB-Ausbilder   | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Hallo r.jue und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Zitat:
Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
06.04.2013, 16:53
| #3 |
| /// Malwareteam   | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Das gibt's doch nicht, da war aharonov wohl schneller...
__________________
__________________ |
|
06.04.2013, 18:05
| #4 |
| | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Hallo, danke erstmal für die zügige Rückmeldung Bin die angegebenen Schritte durchgegangen.Log von AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 06/04/2013 um 18:08:12 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : ICQ Service
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Freeware.de
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\kikin
Ordner Gelöscht : C:\Program Files (x86)\Vuze_Remote
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Fam\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Freeware.de
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\***\AppData\Roaming\kikin
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\ConduitEngine
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\CT2504091
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Freeware.de
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Vuze_Remote
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AD58C1A-99E5-4CA0-A2E3-2BAC442D1F4A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeware.de
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AD58C1A-99E5-4CA0-A2E3-2BAC442D1F4A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Vuze_Remote
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0AD58C1A-99E5-4CA0-A2E3-2BAC442D1F4A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{50BA0FF5-8CF4-4A36-8DF0-BDA26616252F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00A23A9F-6619-4B55-AD5E-CC42B14DD47A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B13A238-C8B3-400C-BD40-0E4CFAAD0850}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1FCE6D9-1FB6-4D97-9FA8-3A979C52867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F51A2BA8-8ECC-4363-B549-98D46953EBAE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "12-4-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Mon Apr 12 2010 19:03:00 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "12-4-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstalledDate", "Mon Apr 12 2010 19:02:58 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Apr 12 2010 19:03:01 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.5.8.6", "Mon Apr 12 2010 19:02:59 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Mon Apr 12 2010 19:02:59 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2269050.SavedHomepage", "hxxp://start.icq.com/");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Apr 12 2010 19:02:59 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Apr 12 2010 19:02:57 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1271081794");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Mon Apr 12 2010 19:02:57 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1271081794");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN26593818502948785");
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Mon Apr 12 2010 19:03:00 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2504091.CTID", "CT2504091");
Gelöscht : user_pref("CT2504091.CurrentServerDate", "30-1-2011");
Gelöscht : user_pref("CT2504091.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2504091.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2504091.EMailNotifierPollDate", "Sun Jan 30 2011 11:30:44 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
Gelöscht : user_pref("CT2504091.FeedPollDate128891351169457140", "Sun Jan 30 2011 11:25:43 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedPollDate129079840422964131", "Sun Jan 30 2011 11:25:43 GMT+0100");
Gelöscht : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Gelöscht : user_pref("CT2504091.FirstServerDate", "30-1-2011");
Gelöscht : user_pref("CT2504091.FirstTime", true);
Gelöscht : user_pref("CT2504091.FirstTimeFF3", true);
Gelöscht : user_pref("CT2504091.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2504091.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2504091.Initialize", true);
Gelöscht : user_pref("CT2504091.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2504091.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2504091.InstalledDate", "Sun Jan 30 2011 11:25:43 GMT+0100");
Gelöscht : user_pref("CT2504091.IsGrouping", false);
Gelöscht : user_pref("CT2504091.IsMulticommunity", false);
Gelöscht : user_pref("CT2504091.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2504091.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2504091.LanguagePackLastCheckTime", "Sun Jan 30 2011 11:25:46 GMT+0100");
Gelöscht : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2504091.LastLogin_2.7.2.0", "Sun Jan 30 2011 11:25:44 GMT+0100");
Gelöscht : user_pref("CT2504091.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2504091.Locale", "en-us");
Gelöscht : user_pref("CT2504091.LoginCache", 4);
Gelöscht : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sun Jan 30 2011 11:25:44 GMT+0100");
Gelöscht : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2504091.SearchProtectorToolbarDisabled", true);
Gelöscht : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2504091.SettingsLastCheckTime", "Sun Jan 30 2011 11:25:42 GMT+0100");
Gelöscht : user_pref("CT2504091.SettingsLastUpdate", "1295944923");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Sun Jan 30 2011 11:25:42 GMT+0100");
Gelöscht : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2504091.ToolbarDisabled", true);
Gelöscht : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2504091.UserID", "UN71004844263099411");
Gelöscht : user_pref("CT2504091.alertChannelId", "897164");
Gelöscht : user_pref("CT2504091.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2504091.myStuffEnabled", true);
Gelöscht : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFOB10&ctid=CT27[...]
Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "Freeware.de Customized Web Search");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2736476/CT2736476[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1128724/1124413/AT", "\"0\"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2736476", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2736476",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.300");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,CT2504091,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050,CT2504091");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Apr 22 2011 09:04:02 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 16:08:28 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 17:27:14 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "5f9fb02a-07ec-43bb-aee6-1e364e920f68");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 12 2010 19:02:59 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "2fe853ce-3cdb-494b-8726-0f48b260e5e0");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2736476");
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jun 10 2012 17:39:2[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jun 10 2012 17:39:22 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jun 10 2012 17:39:20 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "cf990457-60e4-4e5f-adf3-f1b8c4354a55");
Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.facebook.com/home.php?ref=hp");
Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Wikipedia (de)");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Jun 20 2011 14:49:29 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Apr 22 2011 09:04:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "04/22/2011 10");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Fri Apr 22 2011 09:04:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Apr 22 2011 09:04:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Apr 22 2011 09:04:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Apr 22 2011 09:04:02 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN95621565039481582");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Apr 22 2011 09:04:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Apr 22 2011 09:04:03 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFOB10&ctid=C[...]
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", true);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1280170514);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "fringe||Bayreuther%20Festspiele||fresh%20d%20vs%20mc%20V||sauerland[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1278334372");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "3.6.8");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "yes");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "109420187016840416661269626674840");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1280170520);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
Gelöscht : user_pref("tfp.CT2736476", true);
Datei : C:\Users\Fam\AppData\Roaming\Mozilla\Firefox\Profiles\tyss0gig.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [31235 octets] - [06/04/2013 18:08:12]
########## EOF - C:\AdwCleaner[S1].txt - [31296 octets] ##########
Log von Combofix (Combofix hat vor dem Scan angegeben, dass noch Antiviren- und Antispywarescanner über Avira Antivir aktiv wären. Ich hatte den Antivir-Echtzeit-Scanner ausgestellt, andere zielführende Optionen konnte ich im Antivir-Interface nicht entdecken) [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 13-04-06.02 - *** 06.04.2013 18:24:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2778 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$f8df9bb1569cb3b588c9848a3f2cd3ee\@
c:\$recycle.bin\S-1-5-18\$f8df9bb1569cb3b588c9848a3f2cd3ee\n
c:\users\***\.COMMgr
c:\users\***\AppData\Local\Windows Server
c:\users\***\AppData\Local\Windows Server\admin.txt
c:\users\***\AppData\Local\Windows Server\server.dat
c:\users\***\Documents\~WRL1004.tmp
c:\users\***\Documents\~WRL1480.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\IsUn0407.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-06 bis 2013-04-06 ))))))))))))))))))))))))))))))
.
.
2073-04-13 15:17 . 2006-11-21 18:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2013-04-06 16:30 . 2013-04-06 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-06 16:30 . 2013-04-06 16:30 -------- d-----w- c:\users\Fam\AppData\Local\temp
2013-04-05 08:32 . 2013-04-05 08:32 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-05 08:32 . 2013-04-05 08:32 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-03 11:18 . 2013-04-03 11:18 -------- d-----w- c:\program files (x86)\Grinding Gear Games
2013-03-30 11:08 . 2013-03-30 11:08 -------- d-----w- c:\users\***\AppData\Roaming\Teewars
2013-03-28 17:20 . 2013-03-28 17:22 -------- d-----w- c:\users\***\AppData\Roaming\Teeworlds
2013-03-27 23:59 . 2013-03-27 23:59 -------- d-----w- c:\programdata\dbg
2013-03-22 09:35 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-03-21 09:06 . 2013-03-21 09:06 -------- d-----w- c:\windows\system32\SPReview
2013-03-21 09:05 . 2013-03-21 09:05 -------- d-----w- c:\windows\system32\EventProviders
2013-03-20 20:21 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-18 08:19 . 2013-02-02 06:47 1392128 ----a-w- c:\windows\system32\wininet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-05 08:32 . 2011-05-07 12:07 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-21 09:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-03-21 09:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-03-18 08:21 . 2011-10-12 14:20 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-17 22:54 . 2012-06-22 16:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-17 22:54 . 2011-06-04 08:13 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-22 09:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-22 09:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-22 09:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-22 09:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-22 09:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-22 09:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-08 00:28 . 2013-03-01 10:42 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EB7EEA5-9E62-4BF3-9F2E-662333719C96}\mpengine.dll
2013-01-17 00:28 . 2010-03-26 18:07 273840 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 2101848]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-30 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Adobe Version Cue CS2"="c:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 ntiomin;ntiomin; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [2011-09-02 218624]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-09-02 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-09-02 256000]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-03 1255736]
R4 Guphatta;Guphatta; [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-28 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2012-12-14 1522912]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2012-12-14 906464]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 WTService;WTService;c:\windows\System32\atwtusb.exe [2010-06-14 907496]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-02 85504]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 22:54]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 20:06]
.
2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-09 20:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:6092;
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{12A469C1-B4AA-462F-9298-F67784A55BEA}: NameServer = 194.24.128.100 81.3.216.100
TCP: Interfaces\{151A7B50-9181-48F1-9711-22D90FBC5B8A}: NameServer = 194.24.128.100 81.3.216.100
TCP: Interfaces\{52C71FB7-4C02-4FA2-8B69-63E7C5F9189B}: NameServer = 194.24.128.100 81.3.216.100
TCP: Interfaces\{7A86DE19-2934-4AE8-9AFA-AEC4CB04EDFB}: NameServer = 194.24.128.100 81.3.216.100
TCP: Interfaces\{AEBCB2FD-E1F1-46D6-91C9-D9A33EBFFCDC}: NameServer = 194.24.128.100 81.3.216.100
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\
FF - prefs.js: browser.search.selectedEngine - Google Deutschland - auf Deutsch
FF - prefs.js: browser.startup.homepage - hxxp://soke.cwsurf.de/soke3/index.php
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-14 10:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jhfh2meo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-Die Sims - c:\windows\IsUn0407.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a9,95,71,66,32,5d,0c,d6,f6,70,a4,1d,86,e2,d3,8b,11,2f,9e,2f,9f,51,2b,
1f,a1,51,31,00,17,71,13,f0,9e,13,17,fa,bd,e8,99,8e,61,9b,8b,31,1a,f3,c1,12,\
"??"=hex:d3,ab,1f,fe,1f,2f,92,dd,11,e9,f8,36,b1,4c,45,32
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-06 18:39:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-04-06 16:39
.
Vor Suchlauf: 29 Verzeichnis(se), 111.553.593.344 Bytes frei
Nach Suchlauf: 34 Verzeichnis(se), 113.742.725.120 Bytes frei
.
- - End Of File - - 623BBECCDBF7D4994CB2E34595A6134A
Log von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.04.2013 18:44:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,60% Memory free 8,00 Gb Paging File | 6,42 Gb Available in Paging File | 80,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 105,99 Gb Free Space | 22,76% Space Free | Partition Type: NTFS Drive D: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,89 Gb Total Space | 1,61 Gb Free Space | 85,34% Space Free | Partition Type: FAT Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.06 14:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.12.14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.11.30 19:43:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:26:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:26:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.02 21:57:41 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005.04.06 17:53:06 | 003,502,080 | ---- | M] () -- c:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 17:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2010.06.14 14:27:10 | 000,907,496 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService) SRV:64bit: - [2010.02.03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.03 11:29:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.18 00:54:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.12.14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.05.08 21:26:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:26:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.02 21:57:41 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.11.16 15:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.04.06 01:45:04 | 000,167,936 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:26:44 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:26:44 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.02 17:03:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2012.03.02 17:03:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2012.03.02 17:03:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.02 21:57:42 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2011.09.02 21:57:42 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.09.02 21:57:42 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011.09.02 21:57:42 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011.08.19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011.08.19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.11 21:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp) DRV:64bit: - [2010.03.28 18:43:40 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.12.23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.09.29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009.09.29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009.09.29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009.08.26 13:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini) DRV:64bit: - [2009.07.30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.08 19:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV:64bit: - [2006.10.31 23:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.09.28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1E EB 8F 0D CD CA 01 [binary data] IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms} IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\SearchScopes\{C180AE0B-B636-4C50-A687-7600D857640F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092; ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google Deutschland - auf Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://soke.cwsurf.de/soke3/index.php" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.11 12:47:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.13 23:04:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 11:29:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.05 10:32:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 11:29:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.05 10:32:30 | 000,000,000 | ---D | M] [2010.03.26 20:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.06 18:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jhfh2meo.default\extensions [2011.05.07 12:38:08 | 000,149,985 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\extensions\radiobar@toolbar.xpi [2013.02.14 11:34:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.01 11:51:38 | 000,002,449 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\google-deutschland---auf-deutsch.xml [2010.07.24 22:02:42 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin-4.xml [2010.07.26 21:30:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin-5.xml [2013.04.03 11:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.04.03 11:29:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.03 11:29:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.02.27 08:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.27 08:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.27 08:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.27 08:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.27 08:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.27 08:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.06 18:31:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12A469C1-B4AA-462F-9298-F67784A55BEA}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151A7B50-9181-48F1-9711-22D90FBC5B8A}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52C71FB7-4C02-4FA2-8B69-63E7C5F9189B}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A86DE19-2934-4AE8-9AFA-AEC4CB04EDFB}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEBCB2FD-E1F1-46D6-91C9-D9A33EBFFCDC}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F15E8072-E4C0-4C88-9A06-404A6D735984}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.07 10:12:33 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.06 18:33:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.06 18:18:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.06 18:18:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.06 18:18:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.06 18:17:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.06 18:17:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.06 18:12:58 | 005,048,200 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.06 14:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.03 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2013.04.03 13:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games [2013.04.03 11:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.30 13:08:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Teewars [2013.03.28 19:20:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Teeworlds [2013.03.28 01:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg [2013.03.22 11:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.21 11:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.21 11:05:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.18 20:26:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ESRS ========== Files - Modified Within 30 Days ========== [2013.04.06 18:49:42 | 001,527,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.06 18:49:42 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.06 18:49:42 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.06 18:49:42 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.06 18:49:42 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 18:43:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.06 18:42:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.06 18:42:31 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.04.06 18:41:51 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 18:41:50 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 18:31:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.06 18:13:05 | 005,048,200 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.06 18:07:28 | 000,613,083 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.06 17:58:06 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.06 17:57:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.06 17:12:55 | 1316,232,212 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.06 15:02:24 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.06 14:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.06 14:39:48 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.06 14:39:16 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.03 13:18:13 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.04.01 21:21:23 | 000,241,791 | ---- | M] () -- C:\Users\***\Sokeesel.jpg [2013.03.31 16:57:29 | 004,462,667 | ---- | M] () -- C:\Users\***\RIMG00871.jpg [2013.03.29 13:20:45 | 009,925,612 | ---- | M] () -- C:\Users\***\03 Waldspaziergang mit Gott.mp3 [2013.03.28 13:18:23 | 000,012,177 | ---- | M] () -- C:\Users\***\Documents\timetable.ods [2013.03.28 13:11:10 | 000,041,736 | ---- | M] () -- C:\Users\***\Documents\zeitplan.pdf [2013.03.21 15:13:25 | 000,474,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 22:17:06 | 000,963,214 | ---- | M] () -- C:\Users\***\Scannen0020.jpg [2013.03.18 21:30:27 | 001,356,414 | ---- | M] () -- C:\Users\***\Scannen0019.jpg ========== Files Created - No Company Name ========== [2013.04.06 18:18:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.06 18:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.06 18:18:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.06 18:18:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.06 18:18:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.06 18:07:28 | 000,613,083 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.06 15:02:23 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.06 14:39:48 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.06 14:39:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.03 13:18:13 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.04.01 21:21:21 | 000,241,791 | ---- | C] () -- C:\Users\***\Sokeesel.jpg [2013.03.31 16:57:28 | 004,462,667 | ---- | C] () -- C:\Users\***\RIMG00871.jpg [2013.03.29 13:18:55 | 009,925,612 | ---- | C] () -- C:\Users\***\03 Waldspaziergang mit Gott.mp3 [2013.03.28 13:18:22 | 000,012,177 | ---- | C] () -- C:\Users\***\Documents\timetable.ods [2013.03.28 13:06:09 | 000,041,736 | ---- | C] () -- C:\Users\***\Documents\zeitplan.pdf [2013.03.18 22:17:05 | 000,963,214 | ---- | C] () -- C:\Users\***\Scannen0020.jpg [2013.03.18 21:30:27 | 001,356,414 | ---- | C] () -- C:\Users\***\Scannen0019.jpg [2013.03.07 01:28:39 | 000,579,988 | ---- | C] () -- C:\Users\***\Klimatologie.pdf [2013.03.05 20:13:31 | 001,567,875 | ---- | C] () -- C:\Users\***\nevaroningraveyardtheme.mp3 [2013.03.05 19:27:48 | 000,068,242 | ---- | C] () -- C:\Users\***\Snapshot_20130305.JPG [2013.03.05 18:31:23 | 001,567,875 | ---- | C] () -- C:\Users\***\nvgt.mp3 [2013.03.02 03:31:15 | 007,542,481 | ---- | C] () -- C:\Users\***\_MG_4632.jpg [2013.03.02 03:31:15 | 004,676,747 | ---- | C] () -- C:\Users\***\_MG_4450.jpg [2013.02.28 00:39:51 | 000,877,474 | ---- | C] () -- C:\Users\***\DieMaske.jpg [2013.02.27 00:25:41 | 000,942,680 | ---- | C] () -- C:\Users\***\Stadtöko.odt [2013.02.22 22:30:55 | 002,480,664 | ---- | C] () -- C:\Users\***\_MG_4198.jpg [2013.02.22 22:28:00 | 003,283,742 | ---- | C] () -- C:\Users\***\_MG_4210.jpg [2013.02.22 22:17:35 | 000,405,396 | ---- | C] () -- C:\Users\***\blabla.gif [2013.02.12 00:56:47 | 022,267,437 | ---- | C] () -- C:\Users\***\MVI_4257.MOV [2013.02.12 00:38:42 | 003,078,438 | ---- | C] () -- C:\Users\***\_MG_4263.jpg [2013.02.12 00:38:12 | 003,742,113 | ---- | C] () -- C:\Users\***\_MG_4201.jpg [2013.02.12 00:38:02 | 010,283,481 | ---- | C] () -- C:\Users\***\_MG_4199.jpg [2013.02.12 00:38:02 | 003,565,462 | ---- | C] () -- C:\Users\***\_MG_4194.jpg [2013.01.20 16:07:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2013.01.17 21:41:56 | 003,836,242 | ---- | C] () -- C:\Users\***\RIMG0106.JPG [2013.01.17 21:41:56 | 003,814,758 | ---- | C] () -- C:\Users\***\RIMG0100.JPG [2013.01.17 21:41:56 | 003,733,477 | ---- | C] () -- C:\Users\***\RIMG0101.JPG [2013.01.17 21:41:56 | 003,714,714 | ---- | C] () -- C:\Users\***\RIMG0099.JPG [2013.01.17 21:41:56 | 003,688,120 | ---- | C] () -- C:\Users\***\RIMG0103.JPG [2012.06.10 17:54:59 | 000,000,367 | ---- | C] () -- C:\Users\***\AppData\Local\springsettings.cfg [2012.03.01 15:01:10 | 000,001,282 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.01.23 15:47:13 | 000,306,220 | ---- | C] () -- C:\Users\***\Graf Karl.wav [2012.01.23 15:46:15 | 000,056,032 | ---- | C] () -- C:\Users\***\Graf Karl.mp3 [2012.01.19 16:45:19 | 000,042,380 | ---- | C] () -- C:\Users\***\dÄ.xspf [2012.01.02 23:41:29 | 000,009,932 | ---- | C] () -- C:\Users\***\playlist 1.xspf [2011.12.11 14:56:58 | 001,840,802 | ---- | C] () -- C:\Users\***\Unbekannter Song.mp3 [2011.12.10 16:12:26 | 000,750,848 | ---- | C] () -- C:\Users\***\01 - Rob van U. - Unbekannt.mp3 [2011.11.27 23:12:55 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2011.10.27 18:32:15 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.10.27 18:32:15 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\329B4E0743.sys [2011.08.29 00:47:59 | 001,039,045 | ---- | C] () -- C:\Users\***\ich hab's nicht kleiner.mp3 [2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.07.26 00:24:51 | 000,041,421 | ---- | C] () -- C:\Users\***\Coco.mp3 [2011.07.25 23:49:17 | 000,077,364 | ---- | C] () -- C:\Users\***\frech.mp3 [2011.07.25 23:38:31 | 000,005,475 | ---- | C] () -- C:\Users\***\Vogel.mp3 [2011.07.25 23:30:12 | 000,040,584 | ---- | C] () -- C:\Users\***\siebenmark.mp3 [2011.07.25 19:28:03 | 000,156,358 | ---- | C] () -- C:\Users\***\glanz2.mp3 [2011.07.25 19:05:22 | 000,156,356 | ---- | C] () -- C:\Users\***\glanz.mp3 [2011.07.25 11:13:29 | 000,027,625 | ---- | C] () -- C:\Users\***\Rudi.mp3 [2011.07.25 00:34:27 | 000,000,044 | ---- | C] () -- C:\Users\***\Rud.wav [2011.07.25 00:34:11 | 000,000,044 | ---- | C] () -- C:\Users\***\Rudi ist nicht zu verkaufen - Teil3 - YouTube.wav [2011.07.25 00:33:44 | 000,000,044 | ---- | C] () -- C:\Users\***\why.wav [2011.07.25 00:33:11 | 000,000,044 | ---- | C] () -- C:\Users\***\Wieso.wav [2011.07.24 22:52:19 | 000,311,832 | ---- | C] () -- C:\Users\***\soos.wav [2011.07.24 22:45:34 | 000,329,552 | ---- | C] () -- C:\Users\***\frechheit.wav [2011.07.24 22:31:18 | 000,576,356 | ---- | C] () -- C:\Users\***\Vogelfamilie.wav [2011.07.24 22:11:05 | 000,456,096 | ---- | C] () -- C:\Users\***\Absolut sicher.wav [2011.07.24 21:45:05 | 000,958,840 | ---- | C] () -- C:\Users\***\stille.wav [2011.07.24 21:36:59 | 000,194,840 | ---- | C] () -- C:\Users\***\Weil ich das so will.wav [2011.07.24 21:31:27 | 000,086,056 | ---- | C] () -- C:\Users\***\Wieso denn.wav [2011.07.17 01:12:14 | 000,016,374 | ---- | C] () -- C:\Users\***\CIMG0668.AVI.avi [2011.07.14 22:12:22 | 005,904,522 | ---- | C] () -- C:\Users\***\02 - La Sedia Vuota.wav [2011.07.14 12:05:57 | 000,275,098 | ---- | C] () -- C:\Users\***\CHRISTIAN.wav [2011.07.12 00:22:47 | 027,076,268 | ---- | C] () -- C:\Users\***\Stck vom Himmel Lied 1 Herbert Grnemeyer.wav [2011.07.05 01:13:45 | 002,825,452 | ---- | C] () -- C:\Users\***\CIMG0388.AVI.wav [2011.07.05 00:39:39 | 000,000,039 | ---- | C] () -- C:\Users\***\reverse.avs [2011.07.01 15:35:40 | 000,048,509 | ---- | C] () -- C:\Users\***\rauschen.mp3 [2011.06.30 20:48:11 | 000,641,593 | ---- | C] () -- C:\Users\***\asdasd.mp3 [2011.06.30 20:42:14 | 000,309,335 | ---- | C] () -- C:\Users\***\Paralyzer - Finger Eleven.mp3 [2011.06.30 20:28:16 | 000,084,991 | ---- | C] () -- C:\Users\***\16. Timbaland feat. OneRepublic - Apologize.mp3 [2011.06.21 18:06:22 | 000,000,136 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2011.06.05 15:50:23 | 000,019,977 | ---- | C] () -- C:\Users\***\Graphics Rules.sgr [2011.06.03 17:56:29 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.21 21:47:23 | 000,070,128 | ---- | C] () -- C:\Users\***\kombi1.anl [2011.05.21 21:47:23 | 000,007,662 | ---- | C] () -- C:\Users\***\kombi1.danl [2011.05.21 20:34:44 | 000,006,459 | ---- | C] () -- C:\Users\***\Anlage_A Kombination.danl [2011.05.21 20:34:43 | 000,059,624 | ---- | C] () -- C:\Users\***\Anlage_A Kombination.anl [2011.05.18 14:07:37 | 000,024,060 | ---- | C] () -- C:\Users\***\Anlage A.anl [2011.05.18 14:07:37 | 000,005,760 | ---- | C] () -- C:\Users\***\Anlage A.danl [2011.05.17 19:53:26 | 008,821,244 | ---- | C] () -- C:\Users\***\vEEEC.rar [2010.12.24 19:42:45 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.12.16 00:39:30 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2010.10.03 00:28:47 | 000,006,568 | ---- | C] () -- C:\Users\***\Band of Horses.xspf [2010.09.01 18:18:56 | 003,445,280 | ---- | C] () -- C:\Users\***\This Calling ulrich - All That Remains HD.mp3 [2010.07.05 16:50:49 | 000,019,490 | ---- | C] () -- C:\Users\***\Gemischt.xspf [2010.05.31 18:34:10 | 000,000,000 | ---- | C] () -- C:\Users\***\Content.html [2010.04.16 22:34:06 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.04 20:10:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.24 11:05:10 | 000,000,000 | ---D | M] -- C:\Users\Fam\AppData\Roaming\Stardock [2010.09.03 19:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7632ED400FA15302303AC4C1EEE699AA [2013.01.13 23:05:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2013.04.01 02:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2013.02.03 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2011.07.11 16:43:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Celemony Software GmbH [2011.04.30 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Clonk [2011.04.30 17:17:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Clonk Rage [2010.04.13 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crayon Physics Deluxe [2010.03.28 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.03.03 22:17:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dyiqam [2013.01.13 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2013.03.03 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Etygcy [2011.04.09 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Expu [2011.09.29 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader [2011.07.16 14:03:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fesowa [2010.05.23 17:42:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.12.22 16:22:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios [2013.02.03 18:54:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2013.01.28 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2013.03.21 02:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.02.08 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imaxel [2010.12.17 12:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imaxel_temp [2010.04.27 16:44:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.04.10 12:54:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lost Marble [2011.01.03 18:33:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Musicmatch [2011.04.07 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Netydi [2010.04.06 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.02.23 14:51:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.04.10 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy [2011.10.27 18:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2011.07.15 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Puugi [2010.05.18 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP [2012.06.10 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpringLobby [2012.06.10 17:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpringSettings [2012.02.12 16:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2010.05.31 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SWI-Prolog [2013.03.30 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teewars [2013.03.28 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2013.04.04 02:48:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2013.03.28 01:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay [2013.01.10 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay_hook_win64 [2013.02.03 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 1285 bytes -> C:\Users\***\AppData\Local\qtvpKciPO:SNLbkgSuiHqeXgoyVuZRDgtk4M1C @Alternate Data Stream - 1183 bytes -> C:\Users\***\AppData\Local\Temp:68ahpWn13rTHgcO8F0lEUK8 @Alternate Data Stream - 1038 bytes -> C:\Users\***\AppData\Local\AOUvI4BaJOvC:DuA1Vj1OHMBBtFDo4jYk50m < End of report > |
|
06.04.2013, 18:59
| #5 |
| /// TB-Ausbilder | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Hi, weiter: Schritt 1
Code:
ATTFilter :OTL
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092;
IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\SearchScopes\{C180AE0B-B636-4C50-A687-7600D857640F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1285 bytes -> C:\Users\***\AppData\Local\qtvpKciPO:SNLbkgSuiHqeXgoyVuZRDgtk4M1C
@Alternate Data Stream - 1183 bytes -> C:\Users\***\AppData\Local\Temp:68ahpWn13rTHgcO8F0lEUK8
@Alternate Data Stream - 1038 bytes -> C:\Users\***\AppData\Local\AOUvI4BaJOvC:DuA1Vj1OHMBBtFDo4jYk50m
[2011.07.15 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Puugi
[2013.03.03 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Etygcy
[2011.04.09 15:11:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Expu
[2011.07.16 14:03:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fesowa
[2011.04.07 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Netydi
[2010.09.03 19:57:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7632ED400FA15302303AC4C1EEE699AA
:commands
[emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers. Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
06.04.2013, 19:42
| #6 |
| | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH So, OTL-Fixlog: Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}\ not found.
Registry key HKEY_USERS\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C180AE0B-B636-4C50-A687-7600D857640F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C180AE0B-B636-4C50-A687-7600D857640F}\ not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\Users\***\AppData\Local\qtvpKciPO:SNLbkgSuiHqeXgoyVuZRDgtk4M1C deleted successfully.
ADS C:\Users\***\AppData\Local\Temp:68ahpWn13rTHgcO8F0lEUK8 deleted successfully.
ADS C:\Users\***\AppData\Local\AOUvI4BaJOvC:DuA1Vj1OHMBBtFDo4jYk50m deleted successfully.
C:\Users\***\AppData\Roaming\Puugi folder moved successfully.
C:\Users\***\AppData\Roaming\Etygcy folder moved successfully.
C:\Users\***\AppData\Roaming\Expu folder moved successfully.
C:\Users\***\AppData\Roaming\Fesowa folder moved successfully.
C:\Users\***\AppData\Roaming\Netydi folder moved successfully.
C:\Users\***\AppData\Roaming\7632ED400FA15302303AC4C1EEE699AA folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Fam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49721147 bytes
->Java cache emptied: 954062 bytes
->FireFox cache emptied: 114825956 bytes
->Flash cache emptied: 25677 bytes
User: Public
->Temp folder emptied: 0 bytes
User: ***
->Temp folder emptied: 1493 bytes
->Temporary Internet Files folder emptied: 23701055 bytes
->Java cache emptied: 46999717 bytes
->FireFox cache emptied: 73227172 bytes
->Flash cache emptied: 16934 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25540 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 560888 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 104618 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 296,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04062013_200933
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_***-PC$\1724 not found!
File move failed. C:\Windows\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ib4 scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
v2013.04.06.05
Windows 7 Service Pack 1 x64 NTFS
9.0.8112.16421
*** :: ***-PC
06.04.2013 20:30:38
mbar-log-2013-04-06 (20-30-38).txt
30901
12 , 55
0
0
0
0
0
0
0
OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.04.2013 20:31:25 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,75% Memory free 8,00 Gb Paging File | 6,13 Gb Available in Paging File | 76,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 106,26 Gb Free Space | 22,81% Space Free | Partition Type: NTFS Drive D: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 1,89 Gb Total Space | 1,61 Gb Free Space | 85,34% Space Free | Partition Type: FAT Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.06 14:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.04.03 11:29:06 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.12.14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2012.11.30 19:43:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:26:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 21:26:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.02 21:57:41 | 000,218,624 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2005.04.06 17:53:06 | 003,502,080 | ---- | M] () -- c:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe PRC - [2005.04.06 17:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe PRC - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe ========== Modules (No Company Name) ========== MOD - [2013.04.03 11:29:06 | 003,143,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.06.14 14:27:10 | 000,907,496 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\atwtusb.exe -- (WTService) SRV:64bit: - [2010.02.03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.03 11:29:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.18 00:54:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 17:29:18 | 001,522,912 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.12.14 17:28:58 | 000,906,464 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.05.08 21:26:44 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 21:26:43 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.02 21:57:41 | 000,218,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.11.16 15:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.04.06 01:45:04 | 000,167,936 | ---- | M] (Brio) [Auto | Running] -- C:\Programme\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:26:44 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:26:44 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.02 17:03:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2012.03.02 17:03:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2012.03.02 17:03:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.02 21:57:42 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2011.09.02 21:57:42 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.09.02 21:57:42 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2011.09.02 21:57:42 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2011.08.19 11:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2011.08.19 11:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.11 21:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp) DRV:64bit: - [2010.03.28 18:43:40 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.12.23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.09.29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009.09.29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009.09.29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009.08.26 13:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\walvhid.sys -- (vhidmini) DRV:64bit: - [2009.07.30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.08 19:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\moufiltr.sys -- (moufiltr) DRV:64bit: - [2006.10.31 23:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.09.28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\PeerBlock\pbfilter.sys -- (pbfilter) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 1E EB 8F 0D CD CA 01 [binary data] IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google Deutschland - auf Deutsch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://soke.cwsurf.de/soke3/index.php" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.11 12:47:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.13 23:04:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 11:29:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.05 10:32:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.03 11:29:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.05 10:32:30 | 000,000,000 | ---D | M] [2010.03.26 20:03:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.06 18:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jhfh2meo.default\extensions [2011.05.07 12:38:08 | 000,149,985 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\extensions\radiobar@toolbar.xpi [2013.02.14 11:34:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.01 11:51:38 | 000,002,449 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\google-deutschland---auf-deutsch.xml [2010.07.24 22:02:42 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin-4.xml [2010.07.26 21:30:56 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jhfh2meo.default\searchplugins\icqplugin-5.xml [2013.04.03 11:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.04.03 11:29:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.03 11:29:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.12.07 00:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.02.27 08:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.27 08:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.27 08:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.27 08:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.27 08:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.27 08:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.06 18:31:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Version Cue CS2] c:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files (x86)\Fiddler2\Fiddler.exe (Eric Lawrence) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4212743489-4097622776-4119676861-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12A469C1-B4AA-462F-9298-F67784A55BEA}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{151A7B50-9181-48F1-9711-22D90FBC5B8A}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52C71FB7-4C02-4FA2-8B69-63E7C5F9189B}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A86DE19-2934-4AE8-9AFA-AEC4CB04EDFB}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEBCB2FD-E1F1-46D6-91C9-D9A33EBFFCDC}: NameServer = 194.24.128.100 81.3.216.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F15E8072-E4C0-4C88-9A06-404A6D735984}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.07 10:12:33 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.06 20:16:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar-1.01.0.1022 [2013.04.06 20:09:33 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.06 18:33:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.06 18:18:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.06 18:18:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.06 18:18:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.06 18:17:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.06 18:17:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.06 18:12:58 | 005,048,200 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.06 14:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.03 13:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2013.04.03 13:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grinding Gear Games [2013.04.03 11:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.30 13:08:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Teewars [2013.03.28 19:20:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Teeworlds [2013.03.28 01:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg [2013.03.22 11:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.21 11:06:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.21 11:05:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.18 20:26:18 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ESRS ========== Files - Modified Within 30 Days ========== [2013.04.06 20:19:44 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 20:19:44 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 20:17:34 | 001,527,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.06 20:17:34 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.06 20:17:34 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.06 20:17:34 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.06 20:17:34 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 20:15:54 | 012,894,739 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.04.06 20:12:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.06 20:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.06 20:11:55 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2013.04.06 19:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.06 19:51:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.06 18:31:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.06 18:13:05 | 005,048,200 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.04.06 18:07:28 | 000,613,083 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.06 17:12:55 | 1316,232,212 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.06 15:02:24 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.06 14:44:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.06 14:39:48 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.06 14:39:16 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.03 13:18:13 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.04.01 21:21:23 | 000,241,791 | ---- | M] () -- C:\Users\***\Sokeesel.jpg [2013.03.31 16:57:29 | 004,462,667 | ---- | M] () -- C:\Users\***\RIMG00871.jpg [2013.03.29 13:20:45 | 009,925,612 | ---- | M] () -- C:\Users\***\03 Waldspaziergang mit Gott.mp3 [2013.03.28 13:18:23 | 000,012,177 | ---- | M] () -- C:\Users\***\Documents\timetable.ods [2013.03.28 13:11:10 | 000,041,736 | ---- | M] () -- C:\Users\***\Documents\zeitplan.pdf [2013.03.21 15:13:25 | 000,474,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 22:17:06 | 000,963,214 | ---- | M] () -- C:\Users\***\Scannen0020.jpg [2013.03.18 21:30:27 | 001,356,414 | ---- | M] () -- C:\Users\***\Scannen0019.jpg ========== Files Created - No Company Name ========== [2013.04.06 20:15:39 | 012,894,739 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.04.06 18:18:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.06 18:18:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.06 18:18:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.06 18:18:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.06 18:18:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.06 18:07:28 | 000,613,083 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.06 15:02:23 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.06 14:39:48 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.06 14:39:15 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.04.03 13:18:13 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.04.01 21:21:21 | 000,241,791 | ---- | C] () -- C:\Users\***\Sokeesel.jpg [2013.03.31 16:57:28 | 004,462,667 | ---- | C] () -- C:\Users\***\RIMG00871.jpg [2013.03.29 13:18:55 | 009,925,612 | ---- | C] () -- C:\Users\***\03 Waldspaziergang mit Gott.mp3 [2013.03.28 13:18:22 | 000,012,177 | ---- | C] () -- C:\Users\***\Documents\timetable.ods [2013.03.28 13:06:09 | 000,041,736 | ---- | C] () -- C:\Users\***\Documents\zeitplan.pdf [2013.03.18 22:17:05 | 000,963,214 | ---- | C] () -- C:\Users\***\Scannen0020.jpg [2013.03.18 21:30:27 | 001,356,414 | ---- | C] () -- C:\Users\***\Scannen0019.jpg [2013.03.07 01:28:39 | 000,579,988 | ---- | C] () -- C:\Users\***\Klimatologie.pdf [2013.03.05 20:13:31 | 001,567,875 | ---- | C] () -- C:\Users\***\nevaroningraveyardtheme.mp3 [2013.03.05 19:27:48 | 000,068,242 | ---- | C] () -- C:\Users\***\Snapshot_20130305.JPG [2013.03.05 18:31:23 | 001,567,875 | ---- | C] () -- C:\Users\***\nvgt.mp3 [2013.03.02 03:31:15 | 007,542,481 | ---- | C] () -- C:\Users\***\_MG_4632.jpg [2013.03.02 03:31:15 | 004,676,747 | ---- | C] () -- C:\Users\***\_MG_4450.jpg [2013.02.28 00:39:51 | 000,877,474 | ---- | C] () -- C:\Users\***\DieMaske.jpg [2013.02.27 00:25:41 | 000,942,680 | ---- | C] () -- C:\Users\***\Stadtöko.odt [2013.02.22 22:30:55 | 002,480,664 | ---- | C] () -- C:\Users\***\_MG_4198.jpg [2013.02.22 22:28:00 | 003,283,742 | ---- | C] () -- C:\Users\***\_MG_4210.jpg [2013.02.22 22:17:35 | 000,405,396 | ---- | C] () -- C:\Users\***\blabla.gif [2013.02.12 00:56:47 | 022,267,437 | ---- | C] () -- C:\Users\***\MVI_4257.MOV [2013.02.12 00:38:42 | 003,078,438 | ---- | C] () -- C:\Users\***\_MG_4263.jpg [2013.02.12 00:38:12 | 003,742,113 | ---- | C] () -- C:\Users\***\_MG_4201.jpg [2013.02.12 00:38:02 | 010,283,481 | ---- | C] () -- C:\Users\***\_MG_4199.jpg [2013.02.12 00:38:02 | 003,565,462 | ---- | C] () -- C:\Users\***\_MG_4194.jpg [2013.01.20 16:07:27 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2013.01.17 21:41:56 | 003,836,242 | ---- | C] () -- C:\Users\***\RIMG0106.JPG [2013.01.17 21:41:56 | 003,814,758 | ---- | C] () -- C:\Users\***\RIMG0100.JPG [2013.01.17 21:41:56 | 003,733,477 | ---- | C] () -- C:\Users\***\RIMG0101.JPG [2013.01.17 21:41:56 | 003,714,714 | ---- | C] () -- C:\Users\***\RIMG0099.JPG [2013.01.17 21:41:56 | 003,688,120 | ---- | C] () -- C:\Users\***\RIMG0103.JPG [2012.06.10 17:54:59 | 000,000,367 | ---- | C] () -- C:\Users\***\AppData\Local\springsettings.cfg [2012.03.01 15:01:10 | 000,001,282 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2012.01.23 15:47:13 | 000,306,220 | ---- | C] () -- C:\Users\***\Graf Karl.wav [2012.01.23 15:46:15 | 000,056,032 | ---- | C] () -- C:\Users\***\Graf Karl.mp3 [2012.01.19 16:45:19 | 000,042,380 | ---- | C] () -- C:\Users\***\dÄ.xspf [2012.01.02 23:41:29 | 000,009,932 | ---- | C] () -- C:\Users\***\playlist 1.xspf [2011.12.11 14:56:58 | 001,840,802 | ---- | C] () -- C:\Users\***\Unbekannter Song.mp3 [2011.12.10 16:12:26 | 000,750,848 | ---- | C] () -- C:\Users\***\01 - Rob van U. - Unbekannt.mp3 [2011.11.27 23:12:55 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2011.10.27 18:32:15 | 000,002,516 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2011.10.27 18:32:15 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\329B4E0743.sys [2011.08.29 00:47:59 | 001,039,045 | ---- | C] () -- C:\Users\***\ich hab's nicht kleiner.mp3 [2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.07.26 00:24:51 | 000,041,421 | ---- | C] () -- C:\Users\***\Coco.mp3 [2011.07.25 23:49:17 | 000,077,364 | ---- | C] () -- C:\Users\***\frech.mp3 [2011.07.25 23:38:31 | 000,005,475 | ---- | C] () -- C:\Users\***\Vogel.mp3 [2011.07.25 23:30:12 | 000,040,584 | ---- | C] () -- C:\Users\***\siebenmark.mp3 [2011.07.25 19:28:03 | 000,156,358 | ---- | C] () -- C:\Users\***\glanz2.mp3 [2011.07.25 19:05:22 | 000,156,356 | ---- | C] () -- C:\Users\***\glanz.mp3 [2011.07.25 11:13:29 | 000,027,625 | ---- | C] () -- C:\Users\***\Rudi.mp3 [2011.07.25 00:34:27 | 000,000,044 | ---- | C] () -- C:\Users\***\Rud.wav [2011.07.25 00:34:11 | 000,000,044 | ---- | C] () -- C:\Users\***\Rudi ist nicht zu verkaufen - Teil3 - YouTube.wav [2011.07.25 00:33:44 | 000,000,044 | ---- | C] () -- C:\Users\***\why.wav [2011.07.25 00:33:11 | 000,000,044 | ---- | C] () -- C:\Users\***\Wieso.wav [2011.07.24 22:52:19 | 000,311,832 | ---- | C] () -- C:\Users\***\soos.wav [2011.07.24 22:45:34 | 000,329,552 | ---- | C] () -- C:\Users\***\frechheit.wav [2011.07.24 22:31:18 | 000,576,356 | ---- | C] () -- C:\Users\***\Vogelfamilie.wav [2011.07.24 22:11:05 | 000,456,096 | ---- | C] () -- C:\Users\***\Absolut sicher.wav [2011.07.24 21:45:05 | 000,958,840 | ---- | C] () -- C:\Users\***\stille.wav [2011.07.24 21:36:59 | 000,194,840 | ---- | C] () -- C:\Users\***\Weil ich das so will.wav [2011.07.24 21:31:27 | 000,086,056 | ---- | C] () -- C:\Users\***\Wieso denn.wav [2011.07.17 01:12:14 | 000,016,374 | ---- | C] () -- C:\Users\***\CIMG0668.AVI.avi [2011.07.14 22:12:22 | 005,904,522 | ---- | C] () -- C:\Users\***\02 - La Sedia Vuota.wav [2011.07.14 12:05:57 | 000,275,098 | ---- | C] () -- C:\Users\***\CHRISTIAN.wav [2011.07.12 00:22:47 | 027,076,268 | ---- | C] () -- C:\Users\***\Stck vom Himmel Lied 1 Herbert Grnemeyer.wav [2011.07.05 01:13:45 | 002,825,452 | ---- | C] () -- C:\Users\***\CIMG0388.AVI.wav [2011.07.05 00:39:39 | 000,000,039 | ---- | C] () -- C:\Users\***\reverse.avs [2011.07.01 15:35:40 | 000,048,509 | ---- | C] () -- C:\Users\***\rauschen.mp3 [2011.06.30 20:48:11 | 000,641,593 | ---- | C] () -- C:\Users\***\asdasd.mp3 [2011.06.30 20:42:14 | 000,309,335 | ---- | C] () -- C:\Users\***\Paralyzer - Finger Eleven.mp3 [2011.06.30 20:28:16 | 000,084,991 | ---- | C] () -- C:\Users\***\16. Timbaland feat. OneRepublic - Apologize.mp3 [2011.06.21 18:06:22 | 000,000,136 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2011.06.05 15:50:23 | 000,019,977 | ---- | C] () -- C:\Users\***\Graphics Rules.sgr [2011.06.03 17:56:29 | 000,000,528 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.21 21:47:23 | 000,070,128 | ---- | C] () -- C:\Users\***\kombi1.anl [2011.05.21 21:47:23 | 000,007,662 | ---- | C] () -- C:\Users\***\kombi1.danl [2011.05.21 20:34:44 | 000,006,459 | ---- | C] () -- C:\Users\***\Anlage_A Kombination.danl [2011.05.21 20:34:43 | 000,059,624 | ---- | C] () -- C:\Users\***\Anlage_A Kombination.anl [2011.05.18 14:07:37 | 000,024,060 | ---- | C] () -- C:\Users\***\Anlage A.anl [2011.05.18 14:07:37 | 000,005,760 | ---- | C] () -- C:\Users\***\Anlage A.danl [2011.05.17 19:53:26 | 008,821,244 | ---- | C] () -- C:\Users\***\vEEEC.rar [2010.12.24 19:42:45 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.12.16 00:39:30 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2010.10.03 00:28:47 | 000,006,568 | ---- | C] () -- C:\Users\***\Band of Horses.xspf [2010.09.01 18:18:56 | 003,445,280 | ---- | C] () -- C:\Users\***\This Calling ulrich - All That Remains HD.mp3 [2010.07.05 16:50:49 | 000,019,490 | ---- | C] () -- C:\Users\***\Gemischt.xspf [2010.05.31 18:34:10 | 000,000,000 | ---- | C] () -- C:\Users\***\Content.html [2010.04.16 22:34:06 | 000,004,608 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.04 20:10:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.24 11:05:10 | 000,000,000 | ---D | M] -- C:\Users\Fam\AppData\Roaming\Stardock [2013.01.13 23:05:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2013.04.01 02:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2013.02.03 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2011.07.11 16:43:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Celemony Software GmbH [2011.04.30 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Clonk [2011.04.30 17:17:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Clonk Rage [2010.04.13 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crayon Physics Deluxe [2010.03.28 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.03.03 22:17:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dyiqam [2013.01.13 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2011.09.29 21:53:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Feedreader [2010.05.23 17:42:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.12.22 16:22:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios [2013.02.03 18:54:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000 [2013.01.28 23:15:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2013.03.21 02:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.02.08 11:34:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imaxel [2010.12.17 12:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Imaxel_temp [2010.04.27 16:44:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.04.10 12:54:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lost Marble [2011.01.03 18:33:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Musicmatch [2010.04.06 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.02.23 14:51:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.04.10 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy [2011.10.27 18:37:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.05.18 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP [2012.06.10 17:58:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpringLobby [2012.06.10 17:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpringSettings [2012.02.12 16:43:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock [2010.05.31 17:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SWI-Prolog [2013.03.30 13:08:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teewars [2013.03.28 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds [2013.04.04 02:48:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2013.03.28 01:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay [2013.01.10 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay_hook_win64 [2013.02.03 20:03:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > |
|
06.04.2013, 19:45
| #7 |
| /// TB-Ausbilder | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Sieht das Log von MBAR wirklich so merkwürdig aus? Dort steht normalerweise auch noch ein bisschen Text und nicht nur Zahlen drin.  Aber interpretiere ich all die Nullen richtig, dass es beim Scan keine Funde gab?
__________________ cheers, Leo |
|
06.04.2013, 20:03
| #8 |
| | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Ja, das Log mit Datum und Zeit im Dateinamen gibt nicht mehr her. Ansonsten befindet sich im mbar-Ordner noch ein system-log.txt. Und ja, der Scan hat keine Funde gezeigt und es hieß, dass keine CleanUp notwendig sei |
|
06.04.2013, 20:05
| #9 | |
| /// TB-Ausbilder | TR/ATRAPS.GEN2 sowie TR/Sirefef.AHZitat:
 Dann weiter. Wie läuft die Kiste jetzt? Schritt 1
Schritt 2 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 3 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
07.04.2013, 08:40
| #10 |
| | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Log von Anti-Malware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4052
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
06.04.2013 21:09:54
mbam-log-2013-04-06 (21-09-54).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 138184
Laufzeit: 3 Minute(n), 11 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-18\$f8df9bb1569cb3b588c9848a3f2cd3ee\n.vir Win64/Sirefef.AR trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.W trojan
Code:
ATTFilter
Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 16
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Firefox (20.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Mobile Partner OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
07.04.2013, 11:56
| #11 | |
| /// TB-Ausbilder | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Hi, ESET hat nur noch Funde aus der Quarantäne angezeigt. Aber MBAM hast du mit einer uralten Version gescannt: Zitat:
Schritt 1
Schritt 2
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
07.04.2013, 12:36
| #12 |
| | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Hallo, hier das neue Log nach Aktualisierung, hoffe die Version stimmt nun: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.07.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Robert :: ROBERT-PC [Administrator] 07.04.2013 13:23:54 mbam-log-2013-04-07 (13-23-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 253737 Laufzeit: 4 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Viele Grüße! |
|
07.04.2013, 12:52
| #13 |
| /// TB-Ausbilder | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Hi, sehr gut, jetzt passt alles. Bleibt nur noch das Aufräumen übrig: Cleanup Zum Schluss werden wir jetzt noch unsere Tools wegräumen, verseuchte Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
|
07.04.2013, 13:13
| #14 |
| | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Super, keine Fragen mehr! Habe die Cleanup-Schritte abgearbeitet, ging auch alles ohne Probleme. Vielen, vielen Dank für die meiner Meinung nach sehr schnelle und gute Hilfe Ich denke ich werde auch bald eine kleine Spende für das Board entrichten, damit hier weiterhin so gut geholfen werden kann. Und hoffe natürlich ebenfalls, dass ich in nächster Zukunft auf die Hilfe hier verzichten kann! Danke nochmal |
|
07.04.2013, 13:17
| #15 |
| /// TB-Ausbilder | TR/ATRAPS.GEN2 sowie TR/Sirefef.AH Danke für die Rückmeldung. Und im Namen des Teams danke ich vielmals für die Spende! Freut mich, dass wir helfen konnten.  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu TR/ATRAPS.GEN2 sowie TR/Sirefef.AH |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe reader xi, anime, anlage, autorun, bildschirm, conduitsearch, conduitsearch entfernen, converter, entfernen, flash player, install.exe, microsoft-6zu4-adapter, plug-in, problem, recycle.bin, registry, required, security, sketchup, super, teamspeak, tr/atraps.gen2, tr/sirefef.ah, tunnel, visual studio, win32/sirefef.ez, win64/sirefef.ar, win64/sirefef.w, windows |
Textbox.
