Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.08.2012, 17:53   #1
fillini
 
Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Standard

Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten



Hallo,

wenn ich bei mir mit Google Chrome im Internet was suche und denn einen Link anklicke lande ich Gewinn und Spieleseiten.
Das passiert nur bei Chrome. Im Internet Explorer geht das normal.
Unten rechts im Desktop habe ich die Meldung (Fahne mit roten Kreuz) das das "Dienst Sicherheitscenter aktivieren". Beim Versuch das einzuschalten kommt "Der Windows Sicherheitsdienst kann nicht gestartet werden."
Wenn ich das denn manuell in der Verwaltung starte geht das nach 15 sek. wieder aus. Ebenfalls der "Defender".
Der Pfad bzw. Name wurde durch "***" ersetzt !

Nachtrag: Defogger brachte keinerlei Meldung

Hier nun meine Dateien:

1. Malwarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [Administrator]

Schutz: Aktiviert

27.08.2012 16:13:51
mbam-log-2012-08-27 (16-13-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199225
Laufzeit: 4 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
2. OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.08.2012 17:14:46 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 54,44% Memory free
8,00 Gb Paging File | 5,89 Gb Available in Paging File | 73,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 50,20 Gb Free Space | 43,11% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 105,90 Gb Free Space | 31,64% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
PRC - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\libglesv2.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\libegl.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (uvnc_service) -- C:\Program Files\UltraVNC\winvnc.exe (UltraVNC)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Windows\SysWOW64\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SentinelProtectionServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SentinelKeysServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (TryAndDecideService) -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\C259.tmp (Sophos Plc)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (mv2) -- C:\Windows\SysNative\drivers\mv2.sys (UVNC BVBA)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{24FFE2BD-6067-4A24-8BB6-95BF72CD7430}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{5467A077-83FD-4593-95B0-8369F9A0EF52}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{69DFA6BC-54D1-40BC-8577-4D8BFF4E0D11}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE423
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{7A06B101-045B-4F6A-A503-29F9CA28E98D}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\SearchScopes\{B191C297-3134-46DC-8654-4238FD25D008}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: tbsortfolders@xulforum.org:1.0.1
FF - prefs.js..extensions.enabledItems: {8845E3B3-E8FB-40E2-95E9-EC40294818C4}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}:7.3.4.44
FF - prefs.js..extensions.enabledItems: {FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}:11.0.2.556
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.05.03 16:14:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.05.03 16:14:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.19 08:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.27 13:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.24 14:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.27 14:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.04.07 23:03:04 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2010.03.24 18:26:47 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
[2012.01.18 13:51:20 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011.09.26 09:09:54 | 000,074,045 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.XPI
[2012.07.19 08:13:09 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2010.11.18 08:53:43 | 000,000,000 | ---D | M] (German Dictionary) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG
[2011.06.28 22:08:17 | 000,000,000 | ---D | M] (Manually sort folders) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\TBSORTFOLDERS@XULFORUM.ORG
[2012.04.25 14:57:53 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\THUNDERBIRD\PROFILES\K8C1TUGH.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
[2012.08.26 19:32:36 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms},
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: SEOquake = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.7_0\
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: AT_AmericanApparel = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gejbaacdckokghddlhgapklpmlfklfga\3_0\
CHR - Extension: Voice Search = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhfkcobomkalfdlmkongnhnhahkmnaad\1.0.11_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-1190083139-4152234109-3363923291-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} hxxp://quickscan.bitdefender.com/qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.69 81.173.194.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DC1A99F-6CD3-422F-A327-3CD423EA0F7D}: DhcpNameServer = 62.13.169.92 62.13.169.93
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FF6B35F-1E87-4122-A33B-71760F279CBF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{924943FB-53EB-4BC5-9209-B640EBA11CAF}: DhcpNameServer = 81.173.194.69 81.173.194.77
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0fe4479a-8c4d-11e0-b08a-e0cb4e820c95}\Shell - "" = AutoRun
O33 - MountPoints2\{0fe4479a-8c4d-11e0-b08a-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c5e0e27-88b0-11df-a050-e0cb4e820c95}\Shell - "" = AutoRun
O33 - MountPoints2\{8c5e0e27-88b0-11df-a050-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e79d9956-3b28-11df-b230-e0cb4e820c95}\Shell - "" = AutoRun
O33 - MountPoints2\{e79d9956-3b28-11df-b230-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{e79d9959-3b28-11df-b230-e0cb4e820c95}\Shell - "" = AutoRun
O33 - MountPoints2\{e79d9959-3b28-11df-b230-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f2a0d0bf-61b0-11df-ae73-e0cb4e820c95}\Shell - "" = AutoRun
O33 - MountPoints2\{f2a0d0bf-61b0-11df-ae73-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f2a0d0c7-61b0-11df-ae73-e0cb4e820c95}\Shell - "" = AutoRun
O33 - MountPoints2\{f2a0d0c7-61b0-11df-ae73-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fceddd9c-b97a-11df-bfc6-e0cb4e820c95}\Shell - "" = AutoRun
O33 - MountPoints2\{fceddd9c-b97a-11df-bfc6-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fceddda7-b97a-11df-bfc6-e0cb4e820c95}\Shell - "" = AutoRun
O33 - MountPoints2\{fceddda7-b97a-11df-bfc6-e0cb4e820c95}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.27 15:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.27 15:09:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.27 15:09:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.26 22:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.26 19:51:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.26 19:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.26 19:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownloadManager
[2012.08.26 19:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.08.26 19:32:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2012.08.26 19:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.08.26 10:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.08.26 08:00:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2012.08.26 00:38:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.08.25 22:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.25 22:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.08.25 15:58:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GlarySoft
[2012.08.25 15:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.08.25 15:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012.08.23 10:36:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\GIZ-Akustik
[2012.08.21 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\WNA Aschaffenburg
[2012.08.18 19:16:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.18 19:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.18 19:15:31 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.18 19:15:31 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.16 07:17:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.16 07:17:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.16 07:17:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.16 07:17:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.16 07:17:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.16 07:17:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.16 07:17:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.16 07:17:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.16 07:17:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.16 07:17:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.16 07:17:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.16 07:17:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.16 07:17:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.16 07:13:00 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.16 07:12:55 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.16 07:12:55 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.16 07:12:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.16 07:12:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.16 07:12:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.16 07:12:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.16 07:12:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.15 17:11:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Mopa Assmann
[2012.08.15 10:54:44 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neur. Reha Jaulousie
[2012.08.14 14:03:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7BC2A712-4574-4F2A-922B-13134C1C5807}
[2012.08.13 13:09:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\BA Güterverkehr
[2012.08.11 09:15:08 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Feuerwache
[2012.08.09 18:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2012.08.09 17:24:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neur. Reha
[2012.07.31 11:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.31 11:37:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.07.31 11:37:42 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2012.07.31 11:37:41 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.07.31 11:37:41 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.07.31 11:37:41 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012.07.31 11:37:41 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.27 17:06:42 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 17:06:42 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.27 17:03:39 | 001,521,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.27 17:03:39 | 000,662,748 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.27 17:03:39 | 000,623,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.27 17:03:39 | 000,133,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.27 17:03:39 | 000,109,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.27 16:58:19 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.08.27 16:58:05 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.27 16:57:56 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.08.27 16:57:54 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\Rqomy.job
[2012.08.27 16:57:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.27 16:57:39 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.27 16:49:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.27 16:46:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1190083139-4152234109-3363923291-1001UA.job
[2012.08.27 15:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.27 15:26:54 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.27 15:09:55 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.27 14:45:36 | 000,034,267 | ---- | M] () -- C:\Users\***\Desktop\rohde ab.pdf
[2012.08.27 07:46:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1190083139-4152234109-3363923291-1001Core.job
[2012.08.26 22:35:05 | 000,002,482 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.08.26 22:35:05 | 000,002,047 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.08.26 22:05:36 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.26 19:32:56 | 000,000,317 | ---- | M] () -- C:\user.js
[2012.08.26 08:44:18 | 000,849,747 | ---- | M] () -- C:\Users\***\AppData\Local\census.cache
[2012.08.26 08:38:03 | 000,127,426 | ---- | M] () -- C:\Users\***\AppData\Local\ars.cache
[2012.08.26 08:06:03 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.08.26 00:33:34 | 000,122,997 | ---- | M] () -- C:\Users\***\Desktop\bookmarks_26.08.12.html
[2012.08.25 15:52:47 | 000,001,032 | ---- | M] () -- C:\Users\***\Desktop\Glary Utilities.lnk
[2012.08.25 14:28:27 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\migwizo.dll
[2012.08.24 07:38:20 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.24 07:38:20 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.23 12:00:07 | 000,000,586 | ---- | M] () -- C:\Windows\tasks\pCon.update DataClient (***).job
[2012.08.18 19:15:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.18 19:15:14 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.17 10:21:40 | 000,113,101 | ---- | M] () -- C:\Users\***\Desktop\spa-de.mo.mo
[2012.08.16 07:27:31 | 000,449,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 14:04:27 | 009,826,504 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.08.14 14:03:20 | 000,001,262 | ---- | M] () -- C:\Users\Public\Desktop\pCon.planner 6 ME.lnk
[2012.08.08 17:44:12 | 000,028,802 | ---- | M] () -- C:\Users\***\Desktop\prior.pdf
[2012.07.30 14:16:48 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012.07.30 14:16:16 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[4 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.27 15:26:54 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.27 15:09:55 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.27 14:45:36 | 000,034,267 | ---- | C] () -- C:\Users\***\Desktop\rohde ab.pdf
[2012.08.26 22:03:49 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.26 19:33:51 | 000,002,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.08.26 19:33:51 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.08.26 19:33:51 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.08.26 19:32:54 | 000,000,317 | ---- | C] () -- C:\user.js
[2012.08.26 08:44:18 | 000,849,747 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache
[2012.08.26 08:38:03 | 000,127,426 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache
[2012.08.26 08:06:03 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2012.08.26 00:33:34 | 000,122,997 | ---- | C] () -- C:\Users\***\Desktop\bookmarks_26.08.12.html
[2012.08.25 15:52:53 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.08.25 15:52:47 | 000,001,032 | ---- | C] () -- C:\Users\***\Desktop\Glary Utilities.lnk
[2012.08.25 14:28:27 | 000,118,784 | RHS- | C] () -- C:\Windows\SysWow64\migwizo.dll
[2012.08.25 14:28:27 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\Rqomy.job
[2012.08.17 10:23:23 | 000,113,101 | ---- | C] () -- C:\Users\***\Desktop\spa-de.mo.mo
[2012.08.14 14:03:20 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\pCon.planner 6 ME.lnk
[2012.08.08 17:44:11 | 000,028,802 | ---- | C] () -- C:\Users\***\Desktop\prior.pdf
[2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.04.04 12:41:49 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.18 13:52:13 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.08.18 17:06:09 | 000,037,045 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.03.05 05:08:31 | 000,000,422 | ---- | C] () -- C:\Windows\SysWow64\MSST42.DLL
[2011.01.24 09:50:13 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010.11.14 13:18:45 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.02 22:35:03 | 000,007,625 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.03.31 09:00:49 | 000,013,030 | ---- | C] () -- C:\Users\***\AppData\Local\PDOXUSRS.NET
[2010.01.11 14:36:44 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2010.03.26 08:43:38 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2011.05.09 17:20:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2011.01.19 14:55:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCOMP Software
[2010.03.26 08:40:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Asus WebStorage
[2010.03.31 08:32:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2012.08.26 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.07.26 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.05.06 14:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.03.05 05:39:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DocFetcher
[2010.03.25 10:04:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EasternGraphics
[2012.08.27 13:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2012.08.25 22:14:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Monitor for Google
[2010.03.25 15:43:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole
[2011.01.19 14:55:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.08.25 16:00:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GlarySoft
[2010.11.18 15:46:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.04.26 17:18:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2011.11.06 10:44:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySEOSolution_DB_Dir
[2012.03.20 11:48:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2012.03.20 11:48:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2012.07.22 23:09:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2010.05.24 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.07.31 11:37:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2010.03.24 17:35:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\POV-Ray
[2012.08.26 08:04:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2012.08.09 18:15:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.10.29 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spamihilator
[2011.08.12 09:55:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.07.04 22:47:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.03.24 14:16:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.03.29 19:30:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2010.09.30 21:33:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Webocton - Scriptly
[2011.10.20 09:25:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2012.08.27 16:58:19 | 000,000,326 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.08.23 12:00:07 | 000,000,586 | ---- | M] () -- C:\Windows\Tasks\pCon.update DataClient (***).job
[2012.08.27 16:57:54 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\Rqomy.job
[2011.02.15 07:00:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(8).TXT
[2012.07.31 06:18:47 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B88E99C8

< End of report >
         
--- --- ---

[/CODE]

OTL Extras
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.08.2012 17:14:46 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 54,44% Memory free
8,00 Gb Paging File | 5,89 Gb Available in Paging File | 73,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 50,20 Gb Free Space | 43,11% Space Free | Partition Type: NTFS
Drive D: | 334,67 Gb Total Space | 105,90 Gb Free Space | 31,64% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- Reg Error: Key error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0434CF8F-98EA-4B5F-BA00-CAB296F6E28A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0803F13E-B482-47FF-A422-169450A97438}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0B3CEA1A-C757-4DDF-B96D-E9413C564F70}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12AA3EF7-9107-47E8-9A1A-0858C62D21CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15519F8F-7C03-4EF6-8DF3-6F46C69E29EA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{158464C9-EA1F-4F63-9A21-621F333CD83E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{1F6BC554-A35E-46E6-8FC4-3425ECFBF954}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2AF6A072-1BB0-40C7-B354-E577BB39A527}" = lport=138 | protocol=17 | dir=in | app=system | 
"{35019E6E-AC5D-4ABC-B724-F541DA4914AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3D9AD91B-D8C1-48AC-8CD2-79303F9758D8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3FF6D1DC-955F-4307-8388-962F05C76C88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{442CD261-F4F7-4EAB-8261-77FC65F1C3F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4861FC1B-2FCC-47E8-A619-70B2A3502D59}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{54FB92B3-72F2-4569-AF52-6179949A481E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{69C8AD40-FE33-4794-A750-4C6260D8AF03}" = lport=137 | protocol=17 | dir=in | app=system | 
"{69E855DD-9AA9-4ED1-99BA-141E17C7ED8C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{724FB0FD-AAB3-482D-A2BF-ED3E50F99494}" = lport=445 | protocol=6 | dir=in | app=system | 
"{767297C8-FBD3-4459-85A1-CC31FA2BC75B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7E3F0B24-555A-4239-9B8B-43F78EE656C7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80BB3CA9-3750-471D-936E-34996D7A400A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8DDDC27B-2989-48CC-A711-76BD510EB36C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8DE7B81E-1E83-4C2E-BFF3-C1C144D4ED88}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ACC27F39-CBAE-4B3D-9FCE-953B78CF1ECA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C4A6A3F1-7B68-4C2B-BA84-2779746DD004}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DFFEA006-C43E-4F51-B9C5-0BF7C50C6386}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E0602666-7404-495F-8359-20D4CBFE8CFA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E2D9ECC3-F532-44BE-B873-C813CDE12A87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E968DCD5-DEE6-4925-884C-9A2D314C0513}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F15BA9FB-EA14-4D6E-91BD-90FD66ED019C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1649EC6-81B6-4375-A357-349CE35B8DB1}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04047D4A-B8A0-4DED-9EBD-64688E4A55AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{167799E2-0FCD-468B-AB8A-A0F26A12F303}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{1D4D21D5-8CAD-4A0F-AB8E-A0D1F4354197}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{207ABF3C-AB77-4875-91D8-67DC1B11AD54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B1E0571-2441-433B-B16B-5182349C2F51}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{2E334CD5-59EF-4BEC-8BDE-AA5E6862C5CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{356ABFC8-A87E-4C96-A462-56B5AC897520}" = protocol=17 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"{3856AD38-0B93-46B4-A03D-AF1872FFC54B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{468E0C86-BE07-4BD3-9F21-AAD85C30BD4C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4825AE6B-0F92-4668-9A03-291FBD08E8F2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | 
"{4EA2D8E9-5621-47ED-98E5-208E9FD26490}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{4F0C7BA2-A894-40FD-B0D4-1F1B5660A08B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{4FB74AF8-70DB-45C5-8597-4DF0785C05A6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | 
"{560AD9AE-C248-4E32-96C3-C4C3AB3F0809}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{737ED53D-8CBE-4EAB-9038-FE2327FAB91A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{73DA5FAA-A50E-4238-B25C-1F3D985D6A72}" = protocol=6 | dir=out | app=system | 
"{7A937F06-9052-449F-BC2F-E64F116525C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{81640FC1-AA18-4F3C-A719-44E128BE8630}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{8290272F-BC8D-457A-AF6E-F6CB360E1AE9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{82CEB741-7AEF-4A5F-A876-98272484E243}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{91B9BE51-A9CF-45A5-9EF7-A58252B2F243}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{96AEE296-3680-4023-862C-40E2CD5F1EAC}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{A3C22C94-1FFD-40DC-9034-2B41EF82444D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A6B751EB-9594-4041-900D-B5C31A206D8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AD4E6509-7773-407E-933D-3BE849AE3029}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BAA30B4A-2C93-45F5-BC01-22B961BD0552}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe | 
"{BC3903B3-8513-4CC9-8290-D2087DB7BC77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE2EC4BC-A703-4BB5-9994-C7143C5FA07F}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{BF28BCC5-ECFB-4E03-9B72-198D041AF5FA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C0330EB4-D3F6-471B-957B-85EC7CC1A669}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6F1B3E8-EDC7-4377-A089-E3B702145F9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CD4FDBE9-731A-456A-96B3-A3E502C75E28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{CD898B26-4C6B-4B0F-A3EC-C373DAA16940}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CED83883-FC4F-4619-A733-E876CECE633F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{D82D8E0C-27EE-4927-9737-F23C9A074F3C}" = protocol=6 | dir=in | app=c:\program files\ultravnc\winvnc.exe | 
"{E28DC715-C11E-4041-8CAE-3B2BAFDC64BC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{E5941391-47D4-46BD-91F8-E566B04534F8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe | 
"{E6F1ED33-B211-45A1-B7E7-53B40CECCE83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3EAC1EC-3AC9-4576-BC28-B7D6CB8DA464}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F6A0D173-251C-43E3-B1CE-4EE82EF4FEF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8D6BFF5-4DAB-44DC-919E-535FE26BFCCF}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{FA8108ED-D72B-4937-B681-9D4FB95ED09A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC286918-AE38-4154-B013-45C44384E058}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe | 
"{FD3AFF56-4602-4D26-B849-5F99750C2805}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe | 
"{FD583676-F73C-4E89-8936-B442F68F65C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FE057991-57EE-4C96-8EA8-51450D490CAA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"TCP Query User{0D722883-577B-4CB9-9384-1427564C145F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{2BFAB8BA-EC9C-491F-B161-1691848DE194}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{63103E8E-E66D-44DB-9712-EDCD8BAE1E07}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{6A7B85A4-C04D-4F2D-B2C5-93A4FB771AA9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{0E190D16-B6DC-4A58-85DD-08A1A34FE911}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{8D8884F6-2DCC-46C0-A3CC-8FD0C2254E9D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{976546B2-086C-49D0-98E1-10E5E6C27E83}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{9E2DBFBC-B33C-4915-930A-5E19C2F3BDD8}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"sp6" = Logitech SetPoint 6.20
"Ultravnc2_is1" = UltraVNC 1.0.8.2
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{177148D6-71EB-4CD7-AADC-DCCA82800484}" = pCon.update DataClient 1.6.1 Patch 1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43DD5E98-BC5E-4A4C-B2D0-4107A643AE68}" = pCon.configurator Version 5.7 Patch 2
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home
"{63957E05-BE20-4246-8E0A-2FC52FBC21B6}" = pCon.update Migration 1.4.3
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C6D541F-0B95-471E-B058-489620E682AF}" = pCon.planner Version 5.7 Patch 2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{9AD14C90-4368-4774-811B-DD40A977B242}" = pCon.basket 1.8
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A237B036-EC82-468C-B7A6-982CC615A31D}" = pCon.basket Plugin ReportManager 2.8.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E566AA73-C47D-4535-9E6B-E5EF1BBA11D0}" = pCon.planner 6.4 ME
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED1B69CE-EB7B-429C-AF45-FD01918CEF79}_is1" = 3d office Version 5.4 SP6a
"{EDEF5AA2-C07D-4536-BA39-1A16A999C735}" = EGR-LicenseClient 1.1.6
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASUS_Screensaver" = ASUS_Screensaver
"BacklinkChecker" = BacklinkChecker 0.1.14.0 
"CamStudio" = CamStudio
"DirSync" = DirSync  2.93
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exifer_is1" = Exifer
"FBDBServer_2_0_is1" = Firebird 2.0.0
"FormatFactory" = FormatFactory 2.60
"FotoBeschriften" = FotoBeschriften 4.1.1 
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"Glary Utilities_is1" = Glary Utilities 2.48.0.1568
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Linktausch pro_is1" = Linktausch pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MozBackup" = MozBackup 1.4.10
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Paper 2 DXF 2" = Paper 2 DXF 2
"pCon.planner 6.4 ME" = pCon.planner 6.4 ME
"Picasa 3" = Picasa 3
"TeamViewer 7" = TeamViewer 7
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1190083139-4152234109-3363923291-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"FoxTab PDF Converter" = FoxTab PDF Converter
"FoxTab PDF Creator" = FoxTab PDF Creator
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.08.2012 07:01:29 | Computer Name = ***-Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 24.08.2012 07:22:54 | Computer Name = ***-Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 25.08.2012 00:09:27 | Computer Name = ***-Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 25.08.2012 05:19:02 | Computer Name = ***-Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 25.08.2012 16:16:32 | Computer Name = ***-Laptop | Source = System Restore | ID = 8210
Description = 
 
Error - 25.08.2012 16:29:37 | Computer Name = ***-Laptop | Source = System Restore | ID = 8210
Description = 
 
Error - 26.08.2012 02:03:08 | Computer Name = ***-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fed2526  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0xe48  Startzeit der fehlerhaften Anwendung: 0x01cd834ea1ea50a0
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: b4c6eb00-ef43-11e1-85fb-e0cb4e820c95
 
Error - 26.08.2012 02:05:26 | Computer Name = ***-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
 Zeitstempel: 0x4fed2526  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x1048  Startzeit der fehlerhaften Anwendung: 0x01cd83509ff688e8
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 070f18b0-ef44-11e1-85fb-e0cb4e820c95
 
Error - 26.08.2012 03:40:58 | Computer Name = ***-Laptop | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.59.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a20    Startzeit: 
01cd835b2aa10270    Endzeit: 15    Anwendungspfad: C:\Users\***\Downloads\OTL.exe    Berichts-ID:
 55867491-ef51-11e1-85fb-e0cb4e820c95  
 
Error - 27.08.2012 07:31:22 | Computer Name = ***-Laptop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ7.exe, Version: 14.0.0.162, Zeitstempel:
 0x4626b2f4  Name des fehlerhaften Moduls: MoveIt.dll_unloaded, Version: 0.0.0.0, 
Zeitstempel: 0x4f2a7b96  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6f4aceee  ID des fehlerhaften
 Prozesses: 0x83c  Startzeit der fehlerhaften Anwendung: 0x01cd84475e212782  Pfad der
 fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\{49EE5D43-3AF7-434C-B598-C470D1E14604}\ICQ7.exe
Pfad
 des fehlerhaften Moduls: MoveIt.dll  Berichtskennung: b9f9c1c2-f03a-11e1-8182-e0cb4e820c95
 
[ OSession Events ]
Error - 14.12.2010 03:01:19 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2010 01:45:10 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.02.2011 05:43:53 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.03.2011 06:38:39 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2011 10:21:28 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 05.05.2011 10:23:08 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.05.2011 10:14:37 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.05.2011 09:42:54 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.07.2011 12:42:58 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.12.2011 05:26:41 | Computer Name = ***-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.08.2012 04:10:14 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 26.08.2012 05:04:17 | Computer Name = ***-Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\C259.tmp
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 26.08.2012 05:04:17 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 26.08.2012 05:21:07 | Computer Name = ***-Laptop | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\C259.tmp
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 26.08.2012 05:21:07 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MEMSWEEP2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 26.08.2012 16:34:13 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?26.?08.?2012 um 22:32:41 unerwartet heruntergefahren.
 
Error - 27.08.2012 01:34:00 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2012 um 01:11:20 unerwartet heruntergefahren.
 
Error - 27.08.2012 07:36:05 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2012 um 13:34:50 unerwartet heruntergefahren.
 
Error - 27.08.2012 10:09:11 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2012 um 16:07:59 unerwartet heruntergefahren.
 
Error - 27.08.2012 10:57:46 | Computer Name = ***-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?08.?2012 um 16:55:02 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---


[/CODE]

Falls noch Infos fehlen bitte melden.
Wäre toll wenn mir einer helfen könnte.

LG

Geändert von fillini (27.08.2012 um 18:08 Uhr) Grund: Hinweis auf Defogger

Alt 27.08.2012, 19:46   #2
markusg
/// Malware-holic
 
Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Standard

Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.08.25 14:28:27 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\migwizo.dll
[2012.08.25 14:28:27 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\Rqomy.job

 :Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

downloade get info:
File-Upload.net - GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.
__________________

__________________

Alt 27.08.2012, 21:01   #3
markusg
/// Malware-holic
 
Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Standard

Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten



danke fürs hochladen, jetzt noch den inhalt der getinfo.txt posten
__________________
__________________

Alt 27.08.2012, 21:15   #4
markusg
/// Malware-holic
 
Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Standard

Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten



nachfragen bitte hier im forum stellen
versuche mal das angehangene getinfo.rar archiv, entpacken, getinfo.exe wie oben beschrieben ausführen und log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.08.2012, 21:21   #5
fillini
 
Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Standard

Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten



OK..so schein es geklappt zu haben:

Code:
ATTFilter
System volume information:	 dwHighDateTime = 0x1ca9252,dwLowDateTime = 0x5eec6260
System32:			 dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0xe05dba60
         


Alt 27.08.2012, 21:34   #6
markusg
/// Malware-holic
 
Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Standard

Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten



sehr gut
lade 7zip
7-Zip
instalieren, neustarten
gehe auf start, ausführen, tippe
regedit.exe
enter
klappe auf der linken seite alles zu
dann auf datei, exportieren.
suche einen ordner, den du leicht wiederfindest (zb desktop) und vergib einen namen, den du leicht findest.
regedit schließen
dann rechtsklick auf die neue datei, 7zip menü aufklappen, zu einem archiv hinzufügen wählen.
einstellungen:
format, 7z
kompressionsstärke, ultra.
verfahren: lzma2
wörterbuchgröße: 64 mb
wortgröße:
273
größe solider blöcke: solide
klicke ok.
lade das neue 7z archiv bei:
File-Upload.net - Ihr kostenloser File Hoster!
hoch, sende mir den download link als private nachicht.
__________________
--> Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten

Alt 27.08.2012, 22:07   #7
markusg
/// Malware-holic
 
Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Standard

Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten



danke fürs hochladen
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.08.2012, 09:13   #8
fillini
 
Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Standard

Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten



Hallo Markusg (und das ganze Trojanerboerdteam),

ich wollte mich auf diesem Wegen ganz ganz herzlich bei Dir bedanken.
Ich hätte nicht gedacht, das man meinen Laptop nochmal "retten kann". Dank Eurer Hilfe und deinen verständlichen Anweisungen ist es DIR gelungen, das mein Laptop wieder richtung funktioniert (ist glaube ich ganz gut so, das ich quasi garnix verstanden habe was mein Laptop so mit deinen Anweisungen so gemacht hat :-))

Kann diesen Service nur weiter empfehlen und sagen macht bitte weiter so.

Vielen vielen Dank
Fillini

Antwort

Themen zu Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten
avp.exe, bho, browser, converter, desktop, error, excel, firefox, flash player, gfnexsrv.exe, google, google earth, helper, home, homepage, iexplore.exe, install.exe, kaspersky, lightning, logfile, mozilla, office 2007, origin, popup, realtek, registry, security, server, sicherheitscenter aktivieren, sketchup, software, svchost.exe, tarma, tastatur, usb 2.0, windows, yontoo



Ähnliche Themen: Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten


  1. Zone Alarm Antivirus wird ausgeschaltet und lässt sich nicht einschalten/ Online Games und Webseiten mit Passwort lassen sich nicht besuchen
    Log-Analyse und Auswertung - 14.11.2014 (26)
  2. Zone Alarm Antivirus wird ausgeschaltet und lässt sich nicht einschalten/ Online Games und Webseiten mit Passwort lassen sich nicht besuchen
    Plagegeister aller Art und deren Bekämpfung - 05.10.2014 (4)
  3. Netzwerkerkennung lässt sich nicht einschalten
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (32)
  4. FIREWALL lässt sich nicht einschalten
    Antiviren-, Firewall- und andere Schutzprogramme - 07.09.2013 (4)
  5. Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 31.07.2013 (20)
  6. Google Redirect Virus und Windows Sicherheitscenter deaktiviert und lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 10.03.2013 (16)
  7. Umleitung von Google-Suchergebnissen, Windows-Sicherheitscenter lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (23)
  8. Windows-Sicherheitscenter lässt sich nicht aktivieren/Fehlweiterleitungen bei Google
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (22)
  9. Redirect bei Google-Suchergebnissen und kein Einschalten von Windows-Sicherheitscenter möglich
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (1)
  10. Firewall lässt sich nicht einschalten / keinerlei Netzwerkzugriff
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  11. Windows Firewall lässt sich nicht einschalten Fehlercode 0X80070424
    Plagegeister aller Art und deren Bekämpfung - 14.05.2012 (12)
  12. Windows Firewall lässt sich nicht einschalten
    Plagegeister aller Art und deren Bekämpfung - 08.05.2012 (10)
  13. Windows-Sicherheitscenter (Vista) ist ausgeschaltet und lässt sich nicht einschalten
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (9)
  14. google redirect , windows-sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 05.01.2012 (2)
  15. PC lässt sich nicht mehr einschalten!
    Netzwerk und Hardware - 29.08.2011 (21)
  16. Google Seite entführt auf
    Plagegeister aller Art und deren Bekämpfung - 15.01.2005 (5)
  17. IE & Netscape entführt / HijackThis lässt sich nicht downloaden
    Log-Analyse und Auswertung - 28.06.2004 (7)

Zum Thema Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten - Hallo, wenn ich bei mir mit Google Chrome im Internet was suche und denn einen Link anklicke lande ich Gewinn und Spieleseiten. Das passiert nur bei Chrome. Im Internet Explorer - Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten...
Archiv
Du betrachtest: Google Chrom entführt die Seite, Sicherheitscenter lässt sich nicht einschalten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.