| |
| |||||||
Log-Analyse und Auswertung: Virus in acroff.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.06.2012, 10:34
| #1 |
| |  Virus in acroff.dll Hallo, seit gestern Abend hat Avira immer wieder die Meldung: Die Datei 'C:\Users\***\AppData\Roaming\12001.001\components\AcroFF.dll' enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Agent.Gaba.ohz' [adware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '567af278.qua' verschoben! Ich habe dann heute einen Durchlauf mit Malwarebytes gemacht, weil ich das hier im Forum gelesen hatte. ----------------------------------------- Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.09.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 kamzzzim :: ***-PC [Administrator] 10.06.2012 07:46:54 mbam-log-2012-06-10 (07-46-54).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 473920 Laufzeit: 3 Stunde(n), 14 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\kamzzzim\AppData\Roaming\BAcroIEHelpe.dll (Trojan.Banker) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\kamzzzim\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\kamzzzim\AppData\Roaming\BAcroIEHelpe.dll (Trojan.Banker) -> Löschen bei Neustart. C:\Users\kamzzzim\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\kamzzzim\Downloads\SoftonicDownloader_fuer_freemind.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\NirSoft\ProduKey\ProduKey.exe (PUP.PSWTool.ProductKey) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\kamzzzim\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. (Ende) Ich hoffe, ihr könnt mir helfe. Ich schreibe gerade meine Abschlussarbeit und brauche den Laptop dringend  Viele Grüße, Steffi Ich hab jetzt auch mal OTL heruntergeladen und da kam folgendes raus: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.06.2012 11:40:01 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\kamzzzim\Desktop\MALWARE Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 42,20% Memory free 3,92 Gb Paging File | 2,45 Gb Available in Paging File | 62,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 103,85 Gb Total Space | 8,44 Gb Free Space | 8,13% Space Free | Partition Type: NTFS Drive D: | 30,25 Gb Total Space | 9,20 Gb Free Space | 30,41% Space Free | Partition Type: NTFS Computer Name: KAMZZZIM-PC | User Name: kamzzzim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\kamzzzim\Desktop\MALWARE\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\Lenovo\VeriFace\PManage.exe (Lenovo) PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Programme\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc) PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\dcmsvc\dcmsvc.exe () PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9bfbf0613d3780e34d98333c7b381218\WindowsFormsIntegration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dab0ad2d0f5da372a4947d3a1c7c07a9\Microsoft.VisualBasic.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Lenovo\VeriFace\ChooseLang.dll () MOD - C:\Windows\System32\SimpleExt.dll () MOD - C:\Programme\dcmsvc\dcmsvc.exe () MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (dsNcService) -- C:\Programme\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (KMService) -- C:\Windows\System32\srvany.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Apache2.2) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited) SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited) SRV - (PS_MDP) -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited) SRV - (IGRS) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited) SRV - (ReadyComm.DirectRouter) -- C:\Programme\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WinRing0_1_2_0) -- D:\test\ECECECEC\WinRing0.sys File not found DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found DRV - (a96hoxjv) -- File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys () DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (TVicPort) -- C:\windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (IcRecUsb) -- C:\Windows\System32\drivers\IcRecUsb.sys (lecs Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\kamzzzim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "QIP Search" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.24 09:59:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.24 09:59:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.05.22 12:52:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.02 10:31:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.02 10:31:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.02 10:31:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.06.02 10:31:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\kamzzzim\AppData\Roaming\12001.001 [2012.06.09 21:11:20 | 000,000,000 | ---D | M] [2010.07.31 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Extensions [2010.07.31 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.06 12:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Firefox\Profiles\f5d4c73x.default\extensions [2010.10.13 15:50:43 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Firefox\Profiles\f5d4c73x.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2012.06.10 07:44:06 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Firefox\Profiles\f5d4c73x.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.10.01 17:52:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Firefox\Profiles\f5d4c73x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.20 09:32:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Firefox\Profiles\f5d4c73x.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.05.24 10:36:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Firefox\Profiles\f5d4c73x.default\extensions\engine@conduit.com [2011.03.15 11:34:22 | 000,000,000 | ---D | M] (Personas) -- C:\Users\kamzzzim\AppData\Roaming\mozilla\Firefox\Profiles\f5d4c73x.default\extensions\personas@christopher.beard [2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\kamzzzim\AppData\Roaming\Mozilla\Firefox\Profiles\f5d4c73x.default\searchplugins\conduit.xml [2010.07.31 19:59:25 | 000,002,059 | ---- | M] () -- C:\Users\kamzzzim\AppData\Roaming\Mozilla\Firefox\Profiles\f5d4c73x.default\searchplugins\daemon-search.xml [2010.10.13 15:51:13 | 000,002,062 | ---- | M] () -- C:\Users\kamzzzim\AppData\Roaming\Mozilla\Firefox\Profiles\f5d4c73x.default\searchplugins\qip-search.xml [2012.02.27 09:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.23 08:11:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.05.22 12:52:26 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.05.28 19:37:48 | 000,336,363 | ---- | M] () (No name found) -- C:\USERS\KAMZZZIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5D4C73X.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2012.01.14 17:44:17 | 000,118,971 | ---- | M] () (No name found) -- C:\USERS\KAMZZZIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5D4C73X.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI [2012.05.17 19:47:55 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\KAMZZZIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5D4C73X.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.05.03 19:27:49 | 000,051,397 | ---- | M] () (No name found) -- C:\USERS\KAMZZZIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5D4C73X.DEFAULT\EXTENSIONS\SPLITPANNEL@MAX.MAX.XPI [2012.05.03 07:59:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.27 09:22:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.27 09:22:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.27 09:22:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.27 09:22:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.27 09:22:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.27 09:22:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.05.15 13:04:59 | 000,002,255 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com.* O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 crl.verisign.net O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET.* O1 - Hosts: 127.0.0.1 ood.opsource.net O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net O1 - Hosts: 127.0.0.1 practivate.adobe O1 - Hosts: 127.0.0.1 practivate.adobe.* O1 - Hosts: 21 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\kamzzzim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [dcmsvc] C:\Programme\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - Startup: C:\Users\kamzzzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\kamzzzim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\kamzzzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\kamzzzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{863549D8-FB29-4948-8A9A-636FF469BEA0}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.08.21 16:41:26 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ] O33 - MountPoints2\{94b6d95a-9ccd-11df-bf86-002622dadbf5}\Shell - "" = AutoRun O33 - MountPoints2\{94b6d95a-9ccd-11df-bf86-002622dadbf5}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{94b6d95a-9ccd-11df-bf86-002622dadbf5}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{94b6d95a-9ccd-11df-bf86-002622dadbf5}\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.10 11:05:47 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\Desktop\MALWARE [2012.06.09 21:11:20 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\AppData\Roaming\12001.001 [2012.06.09 21:11:07 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\AppData\Roaming\xmldm [2012.06.09 21:11:05 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\AppData\Roaming\kock [2012.06.02 14:37:54 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\Desktop\2012-06-02 [2012.06.02 10:40:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.02 10:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.02 10:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.02 10:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.02 10:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.02 10:31:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.05.22 17:38:53 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\Documents\Diplomarbeit [2012.05.22 17:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar [2012.05.22 15:30:47 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\AppData\Local\assembly [2012.05.22 12:53:32 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\AppData\Roaming\Swiss Academic Software [2012.05.22 12:53:32 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\Documents\Citavi 3 [2012.05.22 12:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3 [2012.05.22 12:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3 [2012.05.22 11:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2012.05.20 12:00:19 | 000,000,000 | ---D | C] -- C:\Users\kamzzzim\AppData\Roaming\Avira [2012.05.20 11:54:53 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012.05.20 11:54:53 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [2012.05.20 11:54:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys [2012.05.20 11:54:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012.05.20 11:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.20 11:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [1 C:\Users\kamzzzim\AppData\Roaming\*.tmp files -> C:\Users\kamzzzim\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.10 11:37:05 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.10 11:22:47 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 11:22:47 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 11:20:02 | 000,001,055 | ---- | M] () -- C:\Users\kamzzzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.06.10 11:16:44 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.10 11:14:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.06.10 11:14:04 | 1579,634,688 | -HS- | M] () -- C:\hiberfil.sys [2012.06.10 07:52:36 | 000,743,578 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.06.10 07:52:36 | 000,698,856 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.06.10 07:52:36 | 000,165,656 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.06.10 07:52:36 | 000,138,602 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.06.06 16:36:38 | 001,737,561 | ---- | M] () -- C:\Users\kamzzzim\Desktop\Tl0FP8bC_T8C.pdf [2012.06.03 08:38:48 | 000,001,314 | ---- | M] () -- C:\Users\kamzzzim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.06.02 10:39:19 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.02 10:31:36 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.15 13:04:59 | 000,002,255 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts [2012.05.15 10:59:36 | 002,262,833 | ---- | M] () -- C:\Users\kamzzzim\Desktop\qlnQdJgQ9uAC.pdf [1 C:\Users\kamzzzim\AppData\Roaming\*.tmp files -> C:\Users\kamzzzim\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.06 16:36:38 | 001,737,561 | ---- | C] () -- C:\Users\kamzzzim\Desktop\Tl0FP8bC_T8C.pdf [2012.06.02 10:39:19 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.02 10:31:36 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.05.15 10:59:36 | 002,262,833 | ---- | C] () -- C:\Users\kamzzzim\Desktop\qlnQdJgQ9uAC.pdf [2012.02.02 20:00:01 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.04.30 13:19:31 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml [2011.03.20 16:03:31 | 000,870,612 | ---- | C] () -- C:\windows\PlagiarismFinder 2.0 Uninstaller.exe [2011.01.30 16:24:03 | 000,008,192 | ---- | C] () -- C:\windows\System32\srvany.exe [2010.11.19 23:05:55 | 000,003,584 | ---- | C] () -- C:\Users\kamzzzim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.21 13:32:59 | 000,000,015 | ---- | C] () -- C:\windows\System32\Ve_pm.dll [2010.10.21 13:32:59 | 000,000,007 | ---- | C] () -- C:\windows\System32\Voicech.dll [2010.08.28 13:05:52 | 000,000,062 | ---- | C] () -- C:\windows\wininit.ini [2010.08.17 15:56:44 | 002,463,976 | ---- | C] () -- C:\windows\System32\NPSWF32.dll [2010.08.05 23:10:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.03 10:43:29 | 000,000,281 | ---- | C] () -- C:\windows\System32\CNCMFP11.INI < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.06.2012 11:40:01 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\kamzzzim\Desktop\MALWARE
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,96 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 42,20% Memory free
3,92 Gb Paging File | 2,45 Gb Available in Paging File | 62,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 103,85 Gb Total Space | 8,44 Gb Free Space | 8,13% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 9,20 Gb Free Space | 30,41% Space Free | Partition Type: NTFS
Computer Name: KAMZZZIM-PC | User Name: kamzzzim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
cUnknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12DA139A-09BD-4F44-96F0-002F436A5E00}" = lport=3390 | protocol=6 | dir=in | app=system |
"{191B2D38-7059-49A1-920E-F19D0D4B2233}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1C4B6F25-B29F-42DC-A90D-893E95482E70}" = rport=137 | protocol=17 | dir=out | app=system |
"{264DC980-C014-44CD-BC53-B3CA0FD0CBD3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{267CDFFA-0905-455C-A849-B16001FB77C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D523191-648E-4F79-BE5F-ED2580BA1CA1}" = lport=10244 | protocol=6 | dir=in | app=system |
"{313F3909-153A-4F86-9AFA-DB6838CDB9BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{33772ECA-1B6B-4ABC-AF63-BAA1AE063940}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3679BB22-B145-4E76-B8F7-1CB77AE25B40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{37D6C715-25B2-453D-A4DB-D32DE44434A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38FC65D7-6573-4602-90F7-4EF68CA04A18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{395E1636-0B35-4810-9C9D-254B58420412}" = rport=139 | protocol=6 | dir=out | app=system |
"{3BFC80D1-2591-4374-8312-5955FB2EA032}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4D1C1BC8-EB03-4422-B2F8-C913D1A87A5F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{50142396-252F-4B47-8633-C828DC7F1EB4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{53572FCF-8738-4989-B61D-ECEF2C76230F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{57C53385-70D9-451B-88FC-00E00825A3F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59416286-74E6-4FD1-A0BC-BE1BEF938855}" = lport=2869 | protocol=6 | dir=in | app=system |
"{594F145A-C6CD-43C3-B1B7-3FA0EAE9500C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D51E7B1-C435-4685-8613-445D342B13C5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{674B105F-CCF3-476E-A1EE-658A218EEDED}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67DC2420-4C5E-44A8-8A4F-8B7A02112D0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A30E428-29BD-4660-98D4-64417D61107E}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F0B91FB-B192-4C74-B26D-2E5434B43879}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{768CA4EB-B468-48CA-A169-0786647F4C01}" = lport=137 | protocol=17 | dir=in | app=system |
"{775AB1A3-F854-438F-9652-7918C1426780}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78675B00-AC31-40BD-AD25-E351900B14A2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EDE9C0B-A0EE-42D9-96C4-13EFD79A1303}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F776761-F794-41F6-8489-12BD4F6126AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82FAA790-883C-4CD4-B96F-EB656F9A8F56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85DF3E96-D7E3-4F3E-93B4-28F634F99BFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8B3EDBBC-038F-40EF-B0E7-E20360BE0EB1}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{91E15CA5-7F3A-41BF-A222-0C7885FBD68C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BD9FC3C-15A4-410B-BABE-AB9B355F52CB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9CE8B1C6-BC65-4721-8A9A-48BCC1A1632D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DAC3485-5DCB-4A9E-8C59-5B70A7D3B073}" = lport=10244 | protocol=6 | dir=in | app=system |
"{9F7FF834-5FD4-4BD8-9DE7-E49B35B33D11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A0C55EE1-057C-43A8-A807-4BEC53E29508}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A3F18DA2-25F4-4B3E-9B64-828056DC9689}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFCB095D-12A3-47A0-99AB-DA040856895C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B25A4B94-4327-4D0A-8376-C4643661849E}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6E72353-0260-4C36-821E-385B68517628}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B72C14C8-1323-4880-AB14-F58BA5A30571}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0A05871-881C-4A97-8614-24B223FAB097}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6AEA5D2-DA81-4C4E-A0EB-620D15DD70C6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C9AF28EB-0519-4F45-B341-B8891959AA66}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE775311-A851-4EDB-B3F5-BD58A5580EE6}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CFFC0FED-B614-481D-8A3C-4FAA94A64526}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D16ABA0E-EEE8-4901-ABF9-6B9F835B8E37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7CA5FFE-8B5C-4E0F-9660-C3179DA52FF8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE8DB3CB-201F-495A-95E1-C38521EF44BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{E2AABCA9-C840-4732-A722-CFA834EDB6B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2E1E8B6-008C-46E9-965E-85BE39A2AB2A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{E87889A5-D9C3-42EB-AA5F-A629624FFB34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0B74660-F60A-41E9-9575-B5A5CFF0535B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1007251-1DBC-42C9-8E93-E971E070720D}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01377743-32B3-4A2B-9C79-DA2E4D1074F6}" = protocol=17 | dir=in | app=c:\users\kamzzzim\appdata\roaming\dropbox\bin\dropbox.exe |
"{07FBEB55-9157-47E7-9728-6FFE8D592CA2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0852D8B4-2438-450E-9751-2FBF7B85C33B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{08B2CDFF-5AE1-48A0-8D0D-AFFC1A6F616D}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{18C41ED4-42BD-4367-9EA5-33F52FC05D9C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{19D84061-304A-41DC-97B3-391FE1747CCE}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{1ABC21C9-9EF3-4B21-9712-E8267492EFFF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{1F7C0DB3-7CF7-476E-B607-9B5C361FFE40}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{20C499D1-CA82-47CF-96E6-D7F093892AA8}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{21673F8B-19C3-427A-83E4-A6203460336E}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{22D40CC7-C0A1-4A79-8B11-62AD4A6DEE03}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{2794008B-C911-4170-9878-63EE832ACFE9}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe |
"{32807D89-774C-4860-8B0C-710F8FCFCB4B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3487BB54-EA35-4C4B-8C70-BD7B411F8B80}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{348B4A3A-B9E8-477E-B5D0-6DBFC8E9751B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{358310BA-0FA4-49B7-9835-1AE3C2E42316}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A2C82AA-8364-4FFE-9E93-987E9B4A6DEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A7F0EAF-74E7-4D83-8F09-F07E1240278E}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3EC243D5-8751-4CC2-B5E8-C0AE50977B3B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4595BF28-5716-4321-A120-65D11F911A97}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4AAE0A72-4565-4773-8587-D1F64567EDDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4CBE6C37-4300-4E15-97F2-CBDEA1DE0102}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe |
"{4D5EBC78-5532-4434-A60D-C9BB24ADAE9D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4ED47A7A-4E11-4BB4-8931-E4E9EBC7DD64}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{50F1780F-EBB6-44B9-870D-702A64BFE7F1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55323222-F939-460D-9BCC-AB26691ACA34}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5BB6E85E-7935-4093-8FB4-027F0D55610B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5BC7DFD4-C34F-4CB3-9836-77A2983371CD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5E6F46A4-2AEA-4392-B54D-81CB6E450F95}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5F9EC6B1-791B-4438-B857-7468874CCB7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65AECE5F-ECA9-412D-93F3-78A0F73ADC62}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{66C97165-C38A-42B8-AB69-B4237C1BBCDE}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{6745380D-E36F-4A04-96F7-9498423B5505}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{685863E9-8FB0-4942-BFD6-ACDEEB305A5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{716D1C29-7017-4CC3-8448-84D5D0BAC078}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{73840FB7-D457-4114-932F-C4B2200EDB2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76404BAC-2A35-45E5-B58C-01FB6FBF0785}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A4E23DF-8498-4D1A-BF7B-CD021C2C3932}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe |
"{7B8D44BB-16E2-4E1C-9F8D-A4F508A9569A}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe |
"{8083E98A-AA95-4E01-933F-FD70BAA49AED}" = dir=in | app=c:\windows\system32\igrssvcs.exe |
"{8B1844E2-B695-41EA-8F9D-DCEB8CDFDD88}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{92A14004-2194-485E-95BB-8B11140FE5D1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{9F50F72F-2640-4F6E-A080-2062FBFD6605}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9FA8C125-62F3-461F-B37D-55072E81E498}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A0346BEB-6478-4D72-8D87-AE4C3DD017F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A421DCE8-7054-46C0-A152-883FC136F734}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A729B01B-C330-49CA-A375-525DF333ECDD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A7A6C2B7-303C-46A1-BE40-69EC6CF75377}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{A7F362DB-9B14-4C4D-BD2E-C2F66A2B1BBD}" = dir=out | app=c:\windows\system32\igrssvcs.exe |
"{AFA65463-2918-4F83-8204-F61D9767F9D0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{B340A1F2-D164-47F6-9FD5-19CC22760255}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5094990-53A9-44D2-A503-951AE9E9FD7E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B96A16BE-546F-4D5F-91EF-3F584BFCA85E}" = protocol=6 | dir=in | app=c:\users\kamzzzim\appdata\roaming\dropbox\bin\dropbox.exe |
"{BD623717-1F23-4199-AB36-C2FD70DBEBD4}" = protocol=6 | dir=out | app=system |
"{C13D4F46-16D9-445F-88CC-813ECEFF6640}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{C1E26F36-4D83-4880-A236-466C6B093063}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C38846D8-099A-4B7C-9E18-038DF702F44C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA871876-A880-442A-AF38-764FE0DB24A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D28C0B91-6A5D-4E82-9A60-023B65795471}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D54A2EF2-A2BF-4771-B8A3-19F779129F76}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{DD08CFC3-1C52-4E96-9F5D-EB25762C9860}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DD7557F7-3031-420C-BCC2-18960D879A98}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DEC819CF-1449-4C15-BDCC-95D531D8D82D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF1C52ED-EDC5-4CA1-A245-B40D1E0D0FBB}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe |
"{E2FE14AD-D11B-4EAC-9C7E-9FE72D42252F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E9BFDEA1-D8BD-4F9D-A5DF-CC32891FFBF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{EFBD1D73-6479-42F2-90AD-ACE428C36338}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F3FBEC50-D731-48CD-AF0C-B78174190E3D}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe |
"{F6F83076-0C4F-4886-8065-AB7323B13EC7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{30CE5A69-1231-47A9-9C0A-3FAA43CB3C03}C:\program files\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files\qip infium\infium.exe |
"TCP Query User{45BDE0AA-3681-420F-A540-D878CB951D0D}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{53F5AE65-E7DC-461F-AFFC-9F7B8E3DDE94}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"TCP Query User{6B6B3D13-496E-40F4-801E-C83A7037D86D}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"TCP Query User{9A5E5BDF-362C-4D80-92F9-6029C42BAAD4}C:\program files\f4\f4\f4.exe" = protocol=6 | dir=in | app=c:\program files\f4\f4\f4.exe |
"TCP Query User{C04E8334-7752-43D6-BF58-7888754F95D2}C:\users\kamzzzim\desktop\my mobile\mymobiler\mexplorer.exe" = protocol=6 | dir=in | app=c:\users\kamzzzim\desktop\my mobile\mymobiler\mexplorer.exe |
"TCP Query User{E20C23FE-06DE-4760-9C68-50C5876D85F5}C:\users\kamzzzim\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\kamzzzim\desktop\my mobile\mymobiler\mymobiler.exe |
"TCP Query User{E47B2F28-E229-4DA6-8CC0-D315903FDBB6}C:\users\kamzzzim\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kamzzzim\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0178D04A-DAB2-41EC-9204-56FC4F90EE17}C:\users\kamzzzim\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kamzzzim\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{078843E0-EEBF-428C-AB66-B6C47CC22DF9}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{36FD41E0-2E5E-4671-897D-26A28B40DFAB}C:\users\kamzzzim\desktop\my mobile\mymobiler\mexplorer.exe" = protocol=17 | dir=in | app=c:\users\kamzzzim\desktop\my mobile\mymobiler\mexplorer.exe |
"UDP Query User{4397CDAC-5414-4F63-9F48-440041F2AAE7}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe |
"UDP Query User{9C6785FC-F5E1-4649-9DDC-EB36BD739208}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe |
"UDP Query User{A5DB4412-DE5D-4B3C-9076-E2F8D3A93C6F}C:\program files\f4\f4\f4.exe" = protocol=17 | dir=in | app=c:\program files\f4\f4\f4.exe |
"UDP Query User{C59B5F96-591B-4C41-B172-D6AAF68E2561}C:\users\kamzzzim\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\kamzzzim\desktop\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{F6279A5C-4E2E-4DF3-9C79-5DE49E4F2EF4}C:\program files\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files\qip infium\infium.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0143CF89-5CF2-4F2D-80D5-BFAE64E1BA00}" = MITs Wizard 3.0 for Device
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF-Treiber
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 2.1
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E5BC664-72A6-45BB-9D80-6479DEBF8902}" = Topaz Denoise
"{3A20E282-7FA1-4498-823B-79D7F2C49312}" = PDF Composer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44CE6902-84EA-11D6-887E-00609721D519}" = Voice Editing
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1
"{50B631C6-6E91-4D7B-A4E0-81E7FA8D5B3D}" = SAPI5_Common
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5542B6FC-191D-4D38-A4AF-BED6451A038B}" = Google Drive
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C1ABF5E0-C3C9-4AE6-B4F2-4CB8F5E6A27C}" = Topaz Simplify
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52BEBC0-4A0C-42FB-B7EC-FAD0A14DD64E}" = RealSpeak_Solo_Common_for_Panasonic
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6411A0B-EA6A-4cf7-8A31-94A2C187D662}" = Canon MF3110-Serie
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bokeh" = Alien Skin Bokeh
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"CUEcards 2000" = CUEcards 2000
"dcmsvc_is1" = dcmsvc 1.0
"DivX Setup.divx.com" = DivX-Setup
"EasyCapture4.0" = EasyCapture
"FileZilla Client" = FileZilla Client 3.3.5.1
"FinePrint" = FinePrint
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper Network Connect 7.1.8" = Juniper Networks Network Connect 7.1.8
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Miranda IM" = Miranda IM 0.9.6
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NirSoft ProduKey" = NirSoft ProduKey
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC-Doctor for Windows" = PC-Doctor für Windows
"PlagiarismFinder 2.0" = PlagiarismFinder 2.0
"TeamViewer 5" = TeamViewer 5
"TVicPort 4.1 Free Personal Edition" = TVicPort 4.1 Free Personal Edition
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"QIP 2010" = QIP 2010 10.9.29.4196
"QIP Infium" = QIP Infium 3.0.9042
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.06.2012 15:23:46 | Computer Name = kamzzzim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4758
Error - 09.06.2012 15:23:47 | Computer Name = kamzzzim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.06.2012 15:23:47 | Computer Name = kamzzzim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6302
Error - 09.06.2012 15:23:47 | Computer Name = kamzzzim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6302
Error - 09.06.2012 15:23:49 | Computer Name = kamzzzim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.06.2012 15:23:49 | Computer Name = kamzzzim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7691
Error - 09.06.2012 15:23:49 | Computer Name = kamzzzim-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7691
Error - 10.06.2012 01:45:49 | Computer Name = kamzzzim-PC | Source = System Restore | ID = 8210
Description =
Error - 10.06.2012 04:52:48 | Computer Name = kamzzzim-PC | Source = VSS | ID = 12310
Description =
Error - 10.06.2012 04:52:48 | Computer Name = kamzzzim-PC | Source = VSS | ID = 12298
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 10.06.2012 03:20:44 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 10.06.2012 03:20:44 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
(0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 10.06.2012 03:20:44 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321
Invoked
Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 10.06.2012 03:20:44 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283
Invoked
Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 10.06.2012 03:20:44 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 10.06.2012 03:20:44 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
Error - 10.06.2012 05:14:23 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 10.06.2012 05:14:23 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 10.06.2012 05:14:23 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 10.06.2012 05:14:23 | Computer Name = kamzzzim-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
[ Media Center Events ]
Error - 02.02.2012 14:18:33 | Computer Name = kamzzzim-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =
Error - 02.02.2012 14:18:33 | Computer Name = kamzzzim-PC | Source = Microsoft-Windows-Media Center Extender | ID = 700
Description =
Error - 02.02.2012 14:20:31 | Computer Name = kamzzzim-PC | Source = Microsoft-Windows-Media Center Extender | ID = 701
Description =
Error - 11.03.2012 13:23:01 | Computer Name = kamzzzim-PC | Source = MCUpdate | ID = 0
Description = 18:23:01 - Fehler beim Herstellen der Internetverbindung. 18:23:01
- Serververbindung konnte nicht hergestellt werden..
Error - 11.03.2012 13:23:14 | Computer Name = kamzzzim-PC | Source = MCUpdate | ID = 0
Description = 18:23:06 - Fehler beim Herstellen der Internetverbindung. 18:23:06
- Serververbindung konnte nicht hergestellt werden..
Error - 12.04.2012 02:22:01 | Computer Name = kamzzzim-PC | Source = MCUpdate | ID = 0
Description = 08:19:48 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
Error - 16.05.2012 03:52:20 | Computer Name = kamzzzim-PC | Source = MCUpdate | ID = 0
Description = 09:52:20 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 10.06.2012 01:38:37 | Computer Name = kamzzzim-PC | Source = MCUpdate | ID = 0
Description = 07:38:23 - Fehler beim Herstellen der Internetverbindung. 07:38:23
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 10.06.2012 01:34:54 | Computer Name = kamzzzim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IC Recorder Driver" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1058
Error - 10.06.2012 01:37:51 | Computer Name = kamzzzim-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 10.06.2012 01:37:51 | Computer Name = kamzzzim-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 10.06.2012 01:39:44 | Computer Name = kamzzzim-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 10.06.2012 01:45:05 | Computer Name = kamzzzim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IC Recorder Driver" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1058
Error - 10.06.2012 01:46:21 | Computer Name = kamzzzim-PC | Source = DCOM | ID = 10005
Description =
Error - 10.06.2012 01:46:21 | Computer Name = kamzzzim-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Mobile-basierte Geräteverbindungen erreicht.
Error - 10.06.2012 01:46:21 | Computer Name = kamzzzim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Mobile-basierte Geräteverbindungen" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 10.06.2012 05:12:49 | Computer Name = kamzzzim-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 10.06.2012 05:14:18 | Computer Name = kamzzzim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IC Recorder Driver" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1058
< End of report >
Geändert von pfee (10.06.2012 um 11:07 Uhr) |
|
11.06.2012, 07:14
| #2 | |||||||
| /// Helfer-Team    | Virus in acroff.dll Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert: Code:
ATTFilter Conduit Engine
DVDVideoSoftTB Toolbar
Winload Toolbar
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL
DRV - (a96hoxjv) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\kamzzzim\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2010.10.13 15:51:13 | 000,002,062 | ---- | M] () -- C:\Users\kamzzzim\AppData\Roaming\Mozilla\Firefox\Profiles\f5d4c73x.default\searchplugins\qip-search.xml
[2012.02.27 09:22:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.27 09:22:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.27 09:22:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.27 09:22:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.27 09:22:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.21 16:41:26 | 000,000,000 | ---D | M] - D:\Auto -- [ NTFS ]
O33 - MountPoints2\{94b6d95a-9ccd-11df-bf86-002622dadbf5}\Shell - "" = AutoRun
O33 - MountPoints2\{94b6d95a-9ccd-11df-bf86-002622dadbf5}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{94b6d95a-9ccd-11df-bf86-002622dadbf5}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{94b6d95a-9ccd-11df-bf86-002622dadbf5}\Shell\install\command - "" = F:\SETUP.EXE
[2012.06.10 11:37:05 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.10 11:16:44 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
:Files
C:\Users\kamzzzim\AppData\Roaming\12001.001
C:\Users\kamzzzim\AppData\Roaming\xmldm
C:\Users\kamzzzim\AppData\Roaming\kock
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Dir bekannt?: Zitat:
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
5. erneut einen Scan mit OTL:
6. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 7. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
Zitat:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
12.06.2012, 08:30
| #3 |
| | Virus in acroff.dll Hallo Kira,vielen dank für deine Antwort!
__________________Ich habe mich entschieden, den PC neu zu installieren. Allerdings habe ich dazu keine DVD bekommen. Wie kann ich da am besten vorgehen? Viele liebe Grüße! |
|
12.06.2012, 16:30
| #4 |
| /// Helfer-Team | Virus in acroff.dll bevor irgendetwas gelöscht bzw die Festplatte formatiert wird: Kontrolliere deine eigene Dateien (wie Dokumente, Musik, Bilder etc), ob der Trojaner sie nicht eventuell verschlüsselt hat?! wenn ja: ► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ)? Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht..
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
13.06.2012, 17:47
| #5 |
| | Virus in acroff.dll Die Daten waren nicht verschlüsselt. Mein Mitbewohner hat sich meinen Laptop mal angeschaut, die Daten gesichert und dann mit ubuntu den mbr überschrieben. er wollte mir dann windows 7 vom stick aus installiieren, allerdings wird der ncht gestartet, ssagt er. Jetzt hat er mir den PC wiedergegeben und gesagt er wüsste jetzt auch nciht weiter Kann ich jetzt sselber noch irgndwas machen? Oder muss ich den in professionelle Hände geben? Liebe Grüße |
|
13.06.2012, 19:32
| #6 |
| /// Helfer-Team | Virus in acroff.dll Du mußt dein System neu aufsetzen! Hast Du Win7-CD? wenn nicht: Von welchem Hersteller ist dein PC / Notebook? Mit Hilfe eine auf der Platte liegende Recovery (versteckte Partition auf der Platte) kannst "per Hand" das System in den Auslieferungszustand zurück versetzen. Musst nur eine belibige Taste drücken. Das erreichst über ALT + F? (hat jeder Hersteller die Tastaturangabe anders geregelt) - wie Du aus dem Handbuch der Herstellers entnehmen kannst, oder der technischer Support wenden. Ausserdem ist es möglich sich eine Recovery CD zu erstellen, die Dir hilft das System später neu aufzusetzen, oder zu Reparieren. -
__________________ --> Virus in acroff.dll |
|
13.06.2012, 19:47
| #7 |
| | Virus in acroff.dll ich habe einen lenovo g550 und leider keine recovery cd. thomas (mein mitbewohner) hat gesagt, er hätte die komplett gelöscht und wollte mit einem stick (auf dem windows 7 ist) neu installieren und immer wenn ich den pc jetzt anmache kommt bootmgr missing. da wusste er auch nicht weiter |
|
13.06.2012, 23:17
| #8 |
| /// Helfer-Team | Virus in acroff.dll Dann hast Du den Key der am PC geklebt? ► Tipps
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
.
Linear-Darstellung
