| |
| |||||||
Log-Analyse und Auswertung: Viren (EXP/CVE-2012-0507.BR; Trojan.Agent.Gen; HEUR/SystemFile.modified) nach Bundespolizei-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
01.07.2012, 20:10
| #1 |
 |  Viren (EXP/CVE-2012-0507.BR; Trojan.Agent.Gen; HEUR/SystemFile.modified) nach Bundespolizei-Trojaner Hallo allerseits, ich konnte auf meinem Laptop (Windows Vista) nach Befall mit dem Bundespolizei-Trojaner entsprechend einer Anleitung bei Chip (hxxp://www.chip.de/bildergalerie/WindowsUnlocker-Starkes-Tool-gegen-Bundespolizei-Virus-Co.-Galerie_54218633.html) per Kaspersky Windows Unlocker wieder entsperren. Seitdem lasse ich fast täglich vollständige Systemprüfungen abwechselnd mit Avira (Standard-Virenprogramm) und Malwarebytes durchführen. Dabei sind immer wieder neue Trojaner aufgetreten, von denen ich vermute, dass sie im Zusammenhang mit den Bundespolizei-Trojaner stehen. Im folgenden sind die Funde mal zusammengefasst: _______________________________ 27. Juni (Avira) - 09:31 EXP/CVE-2012-0507.BR in C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\ cache\6.0\57\669bdf9-4bdfc227 27. Juni (Malwarebytes) - 22:09 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ctfmon.exe (Trojan.Agent) -> Daten: C:\Windows\system32\rundll32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Daten: C:\Users\***\AppData\Roaming\WMPRWISE.EXE -> Erfolgreich gelöscht und in Quarantäne gestellt. 1. Juli (Avira - Schnelle Systemprüfung ) HEUR/Modified.SystemFile in C:\Windows\system32\ctfmon.exe _______________________________ Nach dem Entsperren des Rechners vom Bundespolizei-Trojaner war auf dem Desktop die Datei jork_0_typ_col.exe, die ich dann vom Desktop gelöscht habe. Danach gab es beim Startup dann eine Fehlermeldung, dass die Datei nicht gefunden werden kann. Über msconfig habe ich im Systemstart der Datei ctfmon deaktiviert. Merkwürdigerweise steht hier als Befehl c:\Windows\System32\rundll32.exe c:\users\***\AppData\Local\Temp\jork_0_typ.exe,FQ10 Als Ort für ctfmon ist angegeben: c:\users\***\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup (wo es also nicht hingehört, wenn die Datei überhaupt benötigt wird - da sind sich die Forenmeinungen im Internet nicht so einig). Ich hatte dann mal zusätzlich ctfmon-Remover laufen lassen: (hxxp://www.gerhard-schlager.at/de/projects/ctfmonremover/) Eben gerade habe ich nochmal gesucht - den ganze Verzeichnisbaum unterhalb AppData gibt's jetzt nicht mehr. Vielleicht liegt's an dem ctfmonremover. Nach dem Fund von EXP/CVE-2012-0507.BR hatte ich JAVA mal deinstalliert und wieder neu installiert. Da ich dann aber diese Trojanerfunde in einem alten Java-Verzeichnis hatte (ich habe mein Backup meines alten, kaputten Rechners komplett auf die Festplatte dieses Rechners rübergezogen, d.h. dort sind dann auch Systemdateien dabei), habe ich jetzt aus Sicherheitsgründen JAVA wieder deinstalliert (über Systemsteuerung - Programme installieren/deinstallieren). Mit Avira habe ich heute nach Neustart nochmals gescannt, wobei HEUR/Modified.SystemFile wieder da war, obwohl AVIRA den gestern ins Quarantäne-verzeichnis verschoben hat. Ich bin jetzt dabei zu überlegen, ob ich den Rechner komplett neu aufsetze, was ich aber gerne vemeiden würde. Gestern habe ich defogger und oldtimer laufen lassen. Gmer habe ich erst heute laufen lassen, d.h. dazwischen lief dann noch ein Scan mit Avira. Schon jetzt vielen Dank für Tipps, wie ich weitermachen soll. Smigel Hier sind die entsprechenden logfiles: defogger: _____________________________________________________________ defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:42 on 30/06/2012 (***) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- _____________________________________________________________ OTL logfile created on: 30.06.2012 00:48:20 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,08% Memory free 6,19 Gb Paging File | 5,02 Gb Available in Paging File | 81,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 326,55 Gb Free Space | 74,15% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,51 Gb Free Space | 49,32% Space Free | Partition Type: FAT32 Computer Name: ***S_LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.30 00:44:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.06.08 21:42:12 | 001,668,952 | ---- | M] (Trusteer Ltd.) -- C:\Programme\Trusteer\Rapport\bin\RapportService.exe PRC - [2012.06.08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2012.05.11 00:57:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.11 00:57:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.11 00:57:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 00:57:08 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.01.07 22:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.10.29 17:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe PRC - [2008.08.28 16:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007.12.03 11:06:36 | 000,427,288 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2012.05.28 23:25:41 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll MOD - [2012.02.01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Programme\Trusteer\Rapport\bin\js32.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.21 16:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2008.08.28 16:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe MOD - [2008.02.02 23:08:12 | 001,722,368 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzArchive10.tgp MOD - [2007.03.12 23:34:20 | 000,162,304 | ---- | M] () -- C:\Windows\System32\ztvunrar36.dll MOD - [2006.05.14 13:03:54 | 000,655,360 | ---- | M] () -- C:\Programme\TUGZip\TzShell.dll MOD - [2005.02.17 23:15:22 | 000,077,824 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzImage10.tgp ========== Win32 Services (SafeList) ========== SRV - [2012.06.26 00:20:39 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2012.05.11 00:57:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.11 00:57:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.10.29 17:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007.12.03 11:06:36 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\trufos.sys -- (Trufos) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.06.08 21:42:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - [2012.06.08 21:42:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Programme\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2012.06.08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2012.05.28 23:25:41 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso) DRV - [2012.05.11 00:57:30 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.11 00:57:30 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 18:47:54 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.01.08 05:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.11.12 01:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.06.14 01:38:48 | 000,009,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\WinIo.sys -- (WINIO) DRV - [2009.05.07 18:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32) DRV - [2009.04.28 02:57:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2009.04.28 02:57:26 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2009.04.28 02:57:23 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2009.04.28 02:57:21 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2008.12.29 19:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.04.28 15:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1700389 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKCU\..\SearchScopes\{10EA37AA-AF5A-45DC-BE86-C6337D4058F2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BLT&o=15558&src=kw&q={searchTerms}&locale=&apn_ptnrs=HG&apn_dtid=YYYYYYYYDE&apn_uid=70B086F6-EE4A-442A-988E-24B012D8209B&apn_sauid=5CD92F19-CB1E-4609-895F-49B227A9D4FC& IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC_de IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1700389 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "IsoBuster Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.21 18:43:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.19 01:45:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2011.12.20 00:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.06.04 23:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lp5x7233.default\extensions [2010.04.28 00:55:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lp5x7233.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.18 01:43:40 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\lp5x7233.default\extensions\2020Player@2020Technologies.com [2011.11.17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lp5x7233.default\searchplugins\askcom.xml [2010.04.15 23:38:17 | 000,000,901 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lp5x7233.default\searchplugins\conduit.xml [2011.12.12 00:58:51 | 000,002,519 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\lp5x7233.default\searchplugins\Search_Results.xml [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.12 00:58:51 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=100&systemid=102&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx (Medion Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A42317-615A-44E7-9C55-EA9E3D1644BF}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC4BC413-FCFD-4CA8-BCD7-9CC0BEF094CD}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{73afc354-af36-11e0-8cc1-001f161802c0}\Shell - "" = AutoRun O33 - MountPoints2\{73afc354-af36-11e0-8cc1-001f161802c0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{75f054df-c33c-11de-add8-001f161802c0}\Shell - "" = AutoRun O33 - MountPoints2\{75f054df-c33c-11de-add8-001f161802c0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{d7fe99de-8f96-11e0-998d-001f161802c0}\Shell - "" = AutoRun O33 - MountPoints2\{d7fe99de-8f96-11e0-998d-001f161802c0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d7fe9a18-8f96-11e0-998d-001f161802c0}\Shell - "" = AutoRun O33 - MountPoints2\{d7fe9a18-8f96-11e0-998d-001f161802c0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ed4bd996-9ca3-11e0-b302-001f161802c0}\Shell - "" = AutoRun O33 - MountPoints2\{ed4bd996-9ca3-11e0-b302-001f161802c0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{fdd34182-9984-11e0-b6e1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fdd34182-9984-11e0-b6e1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.30 00:43:33 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.29 00:05:32 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.06.27 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.27 22:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.27 22:06:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.27 22:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.27 22:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.23 02:54:59 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.06.08 21:42:28 | 000,065,720 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2012.06.08 00:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\meinHausplaner [2012.06.08 00:30:23 | 000,000,000 | ---D | C] -- C:\MEINHAUSPLANER [2012.06.08 00:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BAUSET [2012.06.08 00:30:18 | 002,369,456 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.4.2.ocx [2012.06.08 00:30:18 | 001,370,032 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v13.4.2.ocx [2012.06.08 00:30:18 | 000,882,608 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.TaskPanel.v13.4.2.ocx [2012.06.08 00:30:17 | 001,369,264 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\System32\FPSPR70.ocx [2012.06.08 00:30:17 | 001,276,088 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v10.1.ocx [2012.06.08 00:30:17 | 000,598,016 | ---- | C] (Key Company) -- C:\Windows\System32\KeyTV3.ocx [2012.06.08 00:30:17 | 000,460,984 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v10.1.ocx [2012.06.08 00:30:17 | 000,338,104 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.TaskPanel.v10.1.ocx [2012.06.08 00:30:17 | 000,167,176 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\Windows\System32\ftps60.ocx [2012.06.08 00:30:16 | 000,595,968 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\Resizer.dll [2012.06.08 00:30:16 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL [2012.06.08 00:30:16 | 000,187,904 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizerPPG.ocx [2012.06.08 00:30:16 | 000,132,608 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizableControl.dll [2012.06.08 00:30:16 | 000,058,880 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizableControlPPG.ocx [2012.06.08 00:30:10 | 000,848,376 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbl6.ocx [2012.06.08 00:30:10 | 000,801,464 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbg6.ocx [2012.06.08 00:30:10 | 000,406,048 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll [2012.06.08 00:30:10 | 000,242,144 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\tdbgpp.dll [2012.06.08 00:30:10 | 000,106,984 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\xarraydb.ocx [2012.06.08 00:30:05 | 000,851,420 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crystl32.ocx [2012.06.08 00:30:05 | 000,270,336 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2sodbc.dll [2012.06.08 00:30:05 | 000,147,456 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\p2smon.dll [2012.06.08 00:30:05 | 000,094,208 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2sevt.dll [2012.06.08 00:30:05 | 000,094,208 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll [2012.06.08 00:30:05 | 000,061,440 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll [2012.06.08 00:30:05 | 000,053,248 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll [2012.06.08 00:30:05 | 000,036,864 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\p3smnde.dll [2012.06.08 00:30:05 | 000,036,864 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3sodde.dll [2012.06.08 00:30:05 | 000,036,864 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3sevde.dll [2012.06.08 00:30:05 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3rdode.dll [2012.06.08 00:30:05 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3ddode.dll [2012.06.08 00:30:05 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3tdode.dll [2012.06.08 00:30:05 | 000,000,000 | ---D | C] -- C:\Windows\Crystal [2012.06.08 00:30:04 | 000,745,472 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crpe32_res_de.dll [2012.06.08 00:30:04 | 000,544,768 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\exlate32.dll [2012.06.08 00:30:04 | 000,507,904 | ---- | C] (Seagate Software) -- C:\Windows\System32\crviewer.dll [2012.06.08 00:30:04 | 000,023,040 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bbnd.dll [2012.06.08 00:30:04 | 000,004,096 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3dbdde.dll [2012.06.08 00:30:03 | 005,337,088 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crpe32.dll [2012.06.08 00:30:03 | 000,618,496 | ---- | C] (Seagate Software) -- C:\Windows\System32\crpaig80.dll [2012.06.08 00:30:02 | 005,550,080 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\craxdrt.dll [2012.06.08 00:30:02 | 000,442,368 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\cpeaut32.dll [2012.06.08 00:30:02 | 000,040,960 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\cdo32.dll [2012.06.08 00:29:57 | 000,035,328 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\DBGrdDE.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.30 01:01:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.30 00:44:09 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.06.30 00:43:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.30 00:42:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.30 00:31:09 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.06.30 00:14:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.30 00:14:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 00:14:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 00:13:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.30 00:13:48 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2012.06.29 20:37:23 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\Windows\System32\ctfmon.exe [2012.06.29 07:12:29 | 000,639,260 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.29 07:12:29 | 000,604,814 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.29 07:12:29 | 000,131,268 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.29 07:12:29 | 000,108,146 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.28 10:13:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.06.27 22:06:39 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.27 18:37:26 | 000,000,849 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.06.24 03:02:00 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\File Helper.job [2012.06.23 00:51:23 | 000,008,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2012.06.14 16:30:30 | 000,413,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.12 23:14:26 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.06.08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys [2012.06.08 00:45:30 | 000,000,089 | ---- | M] () -- C:\Windows\System32\MSBII.dll [2012.06.08 00:45:29 | 000,001,627 | ---- | M] () -- C:\Users\Public\Desktop\MEIN HAUSPLANER.LNK [2012.06.08 00:31:53 | 000,000,104 | ---- | M] () -- C:\Windows\GAMMASETUP15.INF [2012.06.08 00:31:53 | 000,000,104 | ---- | M] () -- C:\Windows\GAMMASETUP.INF [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.30 00:42:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.30 00:31:09 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.06.27 22:06:39 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.23 08:15:01 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys [2012.06.08 00:45:30 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll [2012.06.08 00:45:29 | 000,001,627 | ---- | C] () -- C:\Users\Public\Desktop\MEIN HAUSPLANER.LNK [2012.06.08 00:31:53 | 000,000,104 | ---- | C] () -- C:\Windows\GAMMASETUP15.INF [2012.06.08 00:31:53 | 000,000,104 | ---- | C] () -- C:\Windows\GAMMASETUP.INF [2012.06.08 00:30:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NumX.ocx [2012.06.08 00:30:17 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll [2012.06.08 00:30:00 | 000,005,807 | ---- | C] () -- C:\Windows\System32\MSCALDEU.TLB [2012.06.08 00:29:58 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2012.06.08 00:29:56 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll [2011.04.09 10:21:17 | 000,174,592 | ---- | C] () -- C:\Windows\System32\LEXPPS.EXE [2011.04.09 10:19:51 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxaxih.exe [2011.04.09 10:19:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE [2011.04.09 10:19:49 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll [2011.01.17 01:11:26 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2011.01.17 01:11:26 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll [2010.06.04 19:27:27 | 000,000,102 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2009.10.08 18:57:36 | 000,005,181 | ---- | C] () -- C:\Users\***\webex.ini [2009.10.08 18:57:35 | 000,036,590 | ---- | C] () -- C:\Users\***\gpcnt_TSP.php [2009.10.08 18:57:35 | 000,028,672 | ---- | C] () -- C:\Users\***\atwbxdet.dll [2009.09.04 08:33:12 | 000,008,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.05.02 13:26:49 | 000,098,816 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.29 01:02:54 | 009,994,240 | ---- | C] () -- C:\Users\***\OUTLOOK.msp [2009.03.02 15:15:39 | 000,081,332 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.03.02 15:15:37 | 000,081,332 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2010.12.11 17:44:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2009.07.02 00:00:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BullGuard [2009.05.21 19:53:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DevPHP [2012.05.22 18:50:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ecdi [2011.05.17 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2011.12.08 21:27:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2011.07.28 22:41:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2011.07.28 19:13:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box [2010.08.29 18:40:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\goober [2012.03.03 01:06:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LiveCAD3 [2012.06.08 16:27:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miut [2008.11.26 13:13:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.05.22 18:50:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opray [2009.06.07 22:25:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF reDirect [2010.03.20 13:56:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trusteer [2009.10.08 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WebEx [2009.09.01 00:09:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2012.06.24 03:02:00 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\File Helper.job [2012.06.29 20:38:31 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > ________________________________________________________________ Extra: OTL Extras logfile created on: 30.06.2012 00:48:20 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,08% Memory free 6,19 Gb Paging File | 5,02 Gb Available in Paging File | 81,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 326,55 Gb Free Space | 74,15% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,51 Gb Free Space | 49,32% Space Free | Partition Type: FAT32 Computer Name: ***S_LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E959C93-8C23-473E-B764-0E6A0521C568}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2BCF65AE-EFA8-4E8C-B809-4A133DF959B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{36ECE0E0-6257-4AEB-8424-735C6A915FC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{52BFDAA0-02D3-4F74-81FB-12190CBBAD2B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5588D3F2-CCA8-4BDB-8A06-4012AD76DA82}" = rport=137 | protocol=17 | dir=out | app=system | "{78EADD69-0E7F-48C7-9A51-4EE2A4430159}" = lport=2869 | protocol=6 | dir=in | app=system | "{8A3AEFCA-AEF3-4784-83B4-999974D0E39A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8EBB99F4-6936-4D94-BF4E-24896C55BA11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{94019071-2BAB-4A82-9573-E0AAD0705EC2}" = rport=445 | protocol=6 | dir=out | app=system | "{A564B61F-492E-4114-ABBD-25131B9652F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{ADDB92DA-836A-46B4-B60A-F87E081C304B}" = rport=138 | protocol=17 | dir=out | app=system | "{B320CAC0-ED31-4AE1-BC94-E5C1AF2F3962}" = lport=139 | protocol=6 | dir=in | app=system | "{B5473801-3DF8-4B8B-9E8D-78C8793E0CCF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C27159DC-8342-4185-A7B6-052EF5A1FEBD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CB2113FD-D85D-434F-B666-DF35B0BAD703}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{CD467844-DE4F-4C05-8110-14E322C7B5A8}" = lport=138 | protocol=17 | dir=in | app=system | "{CE8AE46F-47DB-48D1-839D-4DB954C6215F}" = lport=445 | protocol=6 | dir=in | app=system | "{D8AD4DDD-5F7B-40CD-A701-670DF34894BE}" = lport=137 | protocol=17 | dir=in | app=system | "{EC268EDE-69F6-4461-AC8F-6E89987398F9}" = rport=139 | protocol=6 | dir=out | app=system | "{F16F3A3B-68A9-400A-A252-C65B09F4113A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EDC5841-F9EA-4FEF-95C4-718E4EF0D9E3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{0EDD53EB-9A2E-4EE8-A046-7D1082709197}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0FEF4989-76E9-4FDA-841C-B651EA3B8943}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{16721DA4-3470-4733-9E10-0A9FB0BB24C8}" = dir=in | app=c:\program files\itunes\itunes.exe | "{27E22D2E-C3AC-46A3-BE48-8FE3FC5FC853}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe | "{28C15D13-16F3-4324-8BC7-745B8F1F13A7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{311C98D5-AF7E-4FBA-8CBA-A163D4409698}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4947667B-9375-47D3-91B7-6DA8A4347C89}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe | "{4FD3110A-746C-49F8-B499-404F755F022E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5E6D0C49-70E8-4417-84AC-74AD1D18F721}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{7BEA5E3B-D430-4EFA-B871-5F4175A5C471}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8C94410A-A3F7-4381-ACD2-E96710A3D3DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B8276A8F-8B82-4686-B463-A4F63BE94BAF}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | "{BED6E731-3BE4-4957-8041-72C3EB96F619}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C0A34679-1FCF-491A-8377-5480DC4CBFF3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C1F2CD5C-C0B6-4A5B-B854-B77B69454B1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DB872373-8577-4F9D-AFC4-6F74DEB8096B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{DF76492B-1230-4A00-9966-2A00D3AF9E44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E90CA9EF-4B04-4D7E-94C8-F1F2DA5D5AD7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EE5F334C-3215-4B8A-89A2-ABFE252EEA46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{005CEEBE-2505-4C2A-9CFA-9B5E7E4AB6DE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{129562D3-2277-4DEE-B1DB-078CBDF31C74}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{193B5A40-EA15-448D-9578-18B5A06DF969}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{208AAC81-6B67-4BB7-B8F6-3EB333FF7ED8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{3966235D-0F68-41BC-950B-4D27A5DA5D6A}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe | "TCP Query User{5B8D8D46-EC3A-4312-9468-F2E7CB67A36C}C:\users\***\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{7B577BCF-F7BE-4629-9FF9-A5F587DD851F}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{CAA8C943-FD9C-4592-9D80-BCBA4D3C0A81}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{D33F37AA-7136-4784-B5A8-AE3E0FB4A8F6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{DA6F0C09-1D32-46D9-8C3C-057964661871}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E0F325BA-6333-46E5-9633-F752CEFEAA70}C:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\apache.exe | "TCP Query User{E6D98952-A55A-4B0F-AC16-B8186BD043D6}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | "TCP Query User{F616D39B-B6D4-4768-993B-E8C89A1C18F2}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{120EC832-09C0-4F15-8263-2CAAE620392C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{1E6EBE28-8D8E-440E-96C3-2C7988D3919F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{21B8DBFA-028F-49CC-855A-E6D409542CDF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{29379F8C-8A98-4D00-B5D5-DDC0CCD03538}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4226F6E1-782F-43F3-8155-582596C9AAC5}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{5FC58256-C227-4D57-956D-B55D415DDC93}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{72AB1AC8-C822-4DEF-998B-63D3B4AB9C28}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | "UDP Query User{77FD6FE5-F1DE-4CB8-8825-C378D441FEEB}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{86CB113B-C7E9-448C-BFAE-65B6E43C1A0D}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe | "UDP Query User{B4C25377-DA44-4412-AB0F-3DD8C15F92F3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{BF317462-32AE-45BD-9453-130517056DD0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{CB774BA1-7347-46DD-AAAB-04F9E4A06006}C:\users\***\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{EFC343E2-295C-4B35-98A7-A36026E78EA4}C:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\apache.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4360A1A8-34EE-453D-9F17-B0E1102D22A2}" = SRC-Fragebögen "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4E5D8DB3-B289-401D-8458-DF0125189210}" = WebEx Recording Editor "{56A6A4AA-20F8-42AA-AF3A-5684EC2E36CD}" = DSC-Tutor "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57DC8980-73DA-481E-AFD4-5E2D44B7F1AD}" = StuffIt Expander 2009 "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3 "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8F07134F-94B8-4AC0-94D9-32F4D9E5A464}" = WebEx Recorder and Player "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}" = MediaFACE II "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver "{E9E46EF1-BFBE-4575-B901-77C3580097B1}" = WebEx Document Suite "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}" = Meeting Manager for Internet Explorer "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Angebote ALDI SÜD" = Angebote ALDI SÜD Bildschirmschoner "Architecture_3D_3-Premium_Demo_is1" = 3D Home Design by Livecad (free version) "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "Badaboom" = Badaboom 1.1.1.194 "CCleaner" = CCleaner "DevPHP" = Dev-PHP (remove only) "DivX Setup" = DivX-Setup "EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall "EPSON BX305 Series" = Druckerdeinstallation für EPSON BX305 Series "EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch "FileZilla Client" = FileZilla Client 3.3.5.1 "FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3 "IrfanView" = IrfanView (remove only) "jZip" = jZip "LAME for Audacity_is1" = LAME v3.98.3 for Audacity "Lexmark Supplies Monitor" = Lexmark Supplies Monitor "Lexmark Z25-Z35" = Lexmark Z25-Z35 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "meinHausplaner" = meinHausplaner "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "o.tel.o" = o.tel.o "PDF reDirect" = PDF reDirect (remove only) "pdfsam" = pdfsam "Picasa 3" = Picasa 3 "Pinball" = 3D Pinball from Plus! for Windows 95 "Rapport_msi" = Rapport "RealPlayer 12.0" = RealPlayer "SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only) "Stellarium_is1" = Stellarium 0.8.2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TaxCalc 2009" = TaxCalc 2009 "TaxCalc 2011" = TaxCalc 2011 "TUGZip_is1" = TUGZip 3.5 "WinLiveSuite_Wave3" = Windows Live Essentials "xampp" = XAMPP 1.7.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.05.2011 03:54:02 | Computer Name = ***s_Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 08.05.2011 03:54:02 | Computer Name = ***s_Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 08.05.2011 03:54:02 | Computer Name = ***s_Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 08.05.2011 03:54:02 | Computer Name = ***s_Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 08.05.2011 03:54:02 | Computer Name = ***s_Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 08.05.2011 03:54:04 | Computer Name = ***s_Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 08.05.2011 03:54:04 | Computer Name = ***s_Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 09.05.2011 13:38:23 | Computer Name = ***s_Laptop | Source = WinMgmt | ID = 10 Description = Error - 09.05.2011 13:46:47 | Computer Name = ***s_Laptop | Source = Windows Search Service | ID = 3013 Description = Error - 10.05.2011 13:51:22 | Computer Name = ***s_Laptop | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 29.06.2012 14:17:03 | Computer Name = ***s_Laptop | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 29.06.2012 14:17:03 | Computer Name = ***s_Laptop | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 29.06.2012 14:17:03 | Computer Name = ***s_Laptop | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 29.06.2012 14:17:03 | Computer Name = ***s_Laptop | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 29.06.2012 14:17:03 | Computer Name = ***s_Laptop | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 29.06.2012 14:17:03 | Computer Name = ***s_Laptop | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 29.06.2012 14:17:03 | Computer Name = ***s_Laptop | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 29.06.2012 14:17:03 | Computer Name = ***s_Laptop | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden. Error - 29.06.2012 14:17:37 | Computer Name = ***s_Laptop | Source = volsnap | ID = 393230 Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers auf Volume "C:" abgebrochen. Error - 29.06.2012 18:15:39 | Computer Name = ***s_Laptop | Source = Service Control Manager | ID = 7000 Description = < End of report > gmer.txt ist zu lang - siehe Anhang |
| Themen zu Viren (EXP/CVE-2012-0507.BR; Trojan.Agent.Gen; HEUR/SystemFile.modified) nach Bundespolizei-Trojaner |
| 32 bit, antivir, audacity, avira, bho, bonjour, bundespolizei-trojaner, codejock software, ctfmon.exe, desktop, document, downloader, ebay, error, excel, exp/cve-2012-0507, festplatte, firefox, flash player, google earth, helper, heur/modified.systemfile, home, iexplore.exe, install.exe, kaspersky, microsoft office word, office 2007, plug-in, programm, realtek, run|ctfmon.exe, searchscopes, security, senden, software, svchost.exe, trojan.agent.ge, trojan.agent.gen, usb 2.0, verzeichnisbaum, viren, vista, windows, windows unlocker |
Baum-Darstellung