| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit WebcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.11.2012, 19:34
| #1 |
| |  GVU Trojaner mit Webcam Hallo zusammen, bei mir hat sich der GVU Trojaner eingenistet. Nach einer Chip.de Anleitung mit dem Kaspersky Unlocker besteht das Problem leider noch immer! Ich hab den OTL Scanner nach eurer Anleitung durchlaufen lassen, könnt ihr mir vielleicht weiterhelfen? Hier die OTL.txt Code:
ATTFilter OTL logfile created on: 27.11.2012 19:15:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\peterparker\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 65,83% Memory free 7,73 Gb Paging File | 6,55 Gb Available in Paging File | 84,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,97 Gb Total Space | 302,69 Gb Free Space | 66,82% Space Free | Partition Type: NTFS Computer Name: PETER-PC | User Name: peterparker | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\peterparker\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {32361cec-8645-4eea-a02e-406794b05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {32361cec-8645-4eea-a02e-406794b05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=6ec8d0310000000000007af1a1d92579 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE444DE444 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=4507575425824172&p2=^A9T^YYYYYY^YY^DE&q={searchTerms} IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQErR9dEn&i=26 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{D5D7DA65-FD84-4437-A917-1F39C2656688}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "NCH Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledAddons: 500ea40e66ec9%40500ea40e66f02.info:1.0 FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.85.90 FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.13.1.89 FF - prefs.js..extensions.enabledAddons: %7B32361cec-8645-4eea-a02e-406794b05835%7D:3.15.1.0 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:10.13.1.89 FF - prefs.js..extensions.enabledAddons: %7B988da70d-b78d-44a1-a9c7-ed11832a9e2e%7D:1.3 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10 FF - prefs.js..extensions.enabledAddons: %7Bc2db4fe6-8409-45ce-8010-189a7b5cce86%7D:3.15.1.0 FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21 FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B336D0C35-8A85-403a-B9D2-65C292C39087%7D:2.0.0.485 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.12 18:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.12 18:30:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 19:58:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\peterparker\AppData\Roaming\16001.009 [2012.11.09 14:55:08 | 000,000,000 | ---D | M] [2012.08.26 16:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Extensions [2012.11.22 19:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions [2012.10.07 14:50:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2012.08.21 15:26:27 | 000,000,000 | ---D | M] (SFT-Germany_ Community Toolbar) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{32361cec-8645-4eea-a02e-406794b05835} [2012.10.22 17:34:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.05.21 17:19:25 | 000,000,000 | ---D | M] (Search Results Toolbar) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{94366e2c-9923-431c-b0d6-747447dd0f2b} [2012.10.07 14:49:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.21 15:26:28 | 000,000,000 | ---D | M] (NCH Community Toolbar) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} [2012.03.13 18:41:39 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.07.24 16:34:05 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\500ea40e66ec9@500ea40e66f02.info [2012.10.08 11:21:30 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\crossriderapp2258@crossrider.com [2012.03.13 18:07:29 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\ffxtlbr@babylon.com [2012.07.24 16:33:35 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\ffxtlbr@incredibar.com [2012.08.27 08:57:52 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\toolbar@ask.com [2012.11.22 19:58:49 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\toolbar@web.de [2012.10.08 11:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\crossriderapp2258@crossrider.com\chrome\content\extensionCode [2012.01.14 20:45:34 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\DivXWebPlayer@divx.com.xpi [2012.03.11 11:16:13 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2011.09.18 17:38:45 | 000,087,923 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012.10.15 18:39:35 | 000,002,413 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\askcom.xml [2012.10.10 16:57:32 | 000,002,306 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\askcomsearch.xml [2012.10.22 17:35:10 | 000,001,028 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\dvdvideosofttb-customized-web-search.xml [2012.07.24 16:33:27 | 000,002,203 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\MyStart Search.xml [2011.09.18 17:42:35 | 000,001,565 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\web-search.xml [2012.02.16 18:09:18 | 000,002,057 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\youtube-videosuche.xml [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.09.12 18:30:14 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.11.09 14:55:08 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\PETERPARKER\APPDATA\ROAMING\16001.009 [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.21 17:19:30 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml [2012.03.13 16:49:21 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=36e086de-91de-47c4-8f4d-7b8c8db37abc&apn_ptnrs=%5EABT&apn_sauid=5477F0AF-2883-4681-83D5-F0B2F630C358&apn_dtid=%5EYYYYYY%5EYY%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\ CHR - Extension: Web Assistant = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.485_0\ CHR - Extension: DealPly = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: DownloadnSave = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcccpgeibhlebnekpbfcfagendjaeamn\1.0_0\ CHR - Extension: I Want This = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.90_0\crossrider CHR - Extension: I Want This = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.20.90_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (DownloadnSave Class) - {008BC998-00C2-85AB-98FB-A5C5BC4B450D} - C:\ProgramData\DownloadnSave\bhoclass.dll () O2 - BHO: (no name) - {11111111-1111-1111-1111-110011221158} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (softonic-Germany_ Toolbar) - {32361cec-8645-4eea-a02e-406794b05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-Germany_ Toolbar) - {32361cec-8645-4eea-a02e-406794b05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Search Results Toolbar) - {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll (Ask.com) O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (softonic-Germany_ Toolbar) - {32361CEC-8645-4EEA-A02E-406794B05835} - C:\Program Files (x86)\softonic-Germany_\prxtbsoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\prxtbNCH.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro) O4 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000..\Run: [Userinit] C:\Users\peterparker\AppData\Roaming\appConf32.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O4 - Startup: C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\peterparker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE61BBFF-0C83-4242-BD71-7BB94BCED92E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 18:45:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\peterparker\Desktop\OTL.exe [2012.11.27 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\Malwarebytes [2012.11.27 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 18:43:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.27 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.26 22:54:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.20 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Application Data [2012.11.20 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\Zarb [2012.11.16 01:04:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.16 01:04:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.16 00:55:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.16 00:55:50 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.16 00:55:50 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.16 00:55:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 19:59:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.15 19:59:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.15 19:59:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.15 19:59:11 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.15 19:59:11 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.15 19:59:11 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.15 19:59:11 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.15 19:59:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.15 19:59:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.15 19:58:53 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 19:58:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.09 14:55:08 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\16001.009 [2012.11.08 20:27:47 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\16001.008 [2012.11.08 20:26:24 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\xmldm [2012.11.08 20:26:23 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\kock [2012.11.05 19:26:32 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Desktop\Fotos Klasse [2012.11.02 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Desktop\Global Booty Shake Songs Nov Dez 2012 [8 C:\Users\peterparker\Documents\*.tmp files -> C:\Users\peterparker\Documents\*.tmp -> ] [2 C:\Users\peterparker\AppData\Roaming\*.tmp files -> C:\Users\peterparker\AppData\Roaming\*.tmp -> ] [10 C:\Users\peterparker\Desktop\*.tmp files -> C:\Users\peterparker\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.27 18:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\peterparker\Desktop\OTL.exe [2012.11.27 18:43:09 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 18:39:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.27 18:39:33 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.11.27 18:36:10 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.27 18:35:03 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.27 18:10:47 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 18:10:47 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 17:24:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.27 17:24:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.26 22:54:10 | 000,000,800 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.26 22:54:08 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.11.26 22:54:07 | 000,139,792 | ---- | M] () -- C:\Users\peterparker\wgsdgsdgdsgsd.exe [2012.11.26 19:21:14 | 000,421,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.25 19:36:09 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.25 19:36:09 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.25 19:36:09 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.25 19:36:09 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.25 19:36:09 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.22 19:58:40 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.11 14:21:16 | 000,000,051 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\blckdom.res [8 C:\Users\peterparker\Documents\*.tmp files -> C:\Users\peterparker\Documents\*.tmp -> ] [2 C:\Users\peterparker\AppData\Roaming\*.tmp files -> C:\Users\peterparker\AppData\Roaming\*.tmp -> ] [10 C:\Users\peterparker\Desktop\*.tmp files -> C:\Users\peterparker\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.27 18:43:09 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 22:54:10 | 000,000,800 | ---- | C] () -- C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.11.26 22:54:08 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.26 22:54:07 | 000,139,792 | ---- | C] () -- C:\Users\peterparker\wgsdgsdgdsgsd.exe [2012.11.26 21:36:59 | 008,626,176 | ---- | C] () -- C:\Users\peterparker\Desktop\Israel Kamakawiwoole - Somewhere over the rainbow - What a wonderful world.mp3 [2012.11.16 01:04:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 00:55:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.08 20:27:39 | 000,000,051 | ---- | C] () -- C:\Users\peterparker\AppData\Roaming\blckdom.res [2012.10.09 18:20:16 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012.10.09 18:20:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012.05.21 17:23:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.10.01 17:26:25 | 000,003,584 | ---- | C] () -- C:\Users\peterparker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.09 14:19:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.09 10:36:16 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.08 20:27:47 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\16001.008 [2012.11.09 14:55:08 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\16001.009 [2012.05.21 17:19:29 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Ask.com [2012.03.13 16:49:17 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Babylon [2011.08.12 21:25:37 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Canneverbe Limited [2012.10.09 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\DAEMON Tools Lite [2012.11.27 18:35:24 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Dropbox [2012.10.07 14:50:09 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\DVDVideoSoft [2012.10.07 14:49:42 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.20 11:13:46 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\elsterformular [2012.11.08 20:26:23 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\kock [2011.10.01 17:26:07 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\MusicNet [2012.08.26 16:34:40 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\NCH Swift Sound [2012.10.07 14:49:25 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\OpenCandy [2012.07.24 16:33:43 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\SendSpace [2012.03.24 09:49:33 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\SNS [2012.11.26 22:55:11 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\SoftGrid Client [2011.08.09 10:37:16 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\TP [2012.10.07 14:51:38 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\TuneUp Software [2012.11.13 21:01:43 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\xmldm [2012.11.20 19:19:52 | 000,000,000 | ---D | M] -- C:\Users\peterparker\AppData\Roaming\Zarb ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.11.2012 19:15:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\peterparker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 65,83% Memory free
7,73 Gb Paging File | 6,55 Gb Available in Paging File | 84,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,97 Gb Total Space | 302,69 Gb Free Space | 66,82% Space Free | Partition Type: NTFS
Computer Name: PETER-PC | User Name: peterparker | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031B5623-9192-4C09-B58A-F52C2AB033D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{102F24E7-5E96-4721-83D2-2860497FA0F1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C6971DB-442E-48A1-BE47-43D01B1009F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{3A4459F9-D645-45F3-9CC3-3E80C96742DA}" = lport=139 | protocol=6 | dir=in | app=system |
"{421E7B0F-D75F-4897-99E9-5E817DE126B3}" = rport=445 | protocol=6 | dir=out | app=system |
"{5C4490F8-C027-4255-959E-D738B18ADFED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DC53364-9F48-4283-A397-E8C840AE06F1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F74A36C-AAAE-4B95-BBB9-67DFCCA5EC94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F9F936E-E5C7-4513-9CCF-FF49086C45FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{773DABBA-97BE-48A6-AF18-00F6A19E90AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E3868F6-73BD-4D4A-9B89-615BE47555CE}" = rport=137 | protocol=17 | dir=out | app=system |
"{8C119B1D-C490-471E-AF81-51EA3610F317}" = rport=139 | protocol=6 | dir=out | app=system |
"{8E37D3E8-9F3E-41A9-8FBD-0C2E4B667378}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94FD6ACC-4118-4A20-9F23-605D3EBA1FE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{961A3035-9BF8-413A-85E4-276AB962C8DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{A499CF87-9125-4338-8C8B-4116DE444BFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB962CE6-2FBB-40D4-A969-ADB97E0B7617}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BA12FAB2-DB0A-4B1B-AA9F-BC065A44285C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2BA394A-F116-4063-B316-EEE21DC36712}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9122019-1753-4C37-AA2D-9391FC49C41C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC7BFD0A-9E81-40B4-B1F0-9C90BB0AB8FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8492CF2-8C60-4721-BF2E-84A69262580C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB8B190F-7CB7-495B-A928-1C0ACA1E94C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFD26496-4124-4A9D-AE2A-7E8B3209428C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F63854E7-F6AC-4595-A119-96048E161474}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD4F26C6-4D56-4A5E-B8DF-852C2486C526}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017FCB76-615B-456F-A272-4A6FD8639163}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{064A405D-E2CB-4B83-A3C8-866808D1586B}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{07BC477C-460A-4B39-9724-AEEB43DD9188}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{08BBEA62-3E31-4E05-8DA2-CBD87A01DF92}" = protocol=6 | dir=in | app=c:\program files (x86)\searchresults1\dtuser.exe |
"{12EE5BBD-A234-4420-8BC1-54D8917F1F9D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{153AFCE3-9750-4CA0-BC97-116E7B5FC84C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{153FC112-6C8B-4C5D-A933-EC3159551093}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1AA08DF9-78CB-46A3-BBFD-E90A9F44E292}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2AF7BDA0-6CC2-4403-9571-32A666EFD55B}" = protocol=17 | dir=in | app=d:\fsetup.exe |
"{2B93A7E0-F768-4E66-BD6C-EFD53A79F04D}" = protocol=6 | dir=in | app=d:\fsetup.exe |
"{2E55EE1A-9FE4-4543-A6C5-8A40F88C90C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{33A0D823-6A02-4DBF-ADC4-2C9E1CB47823}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{363BA88A-0292-49F9-8A6B-8A193E4AD227}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{381B0351-E5F4-4410-9255-6946EC995B7D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{39C1F5FC-2D44-4A09-A616-CE051F9BB7DC}" = protocol=6 | dir=in | app=c:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe |
"{3B6FD5D0-3FB9-40E3-AE9A-549B7D307330}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3D50D7AD-2218-4CB1-B065-FA1DD6D86041}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3F1B69F3-A483-4347-A65D-218894DD1988}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{524A66FE-672F-484A-A809-996731D544A1}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{556E5ED3-B7DF-4225-A77C-2A7B8F93CFDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63398252-A1C6-4885-9F5D-4079AC7C0A29}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B6775BB-5FEC-41F4-AA92-F4810068BD3A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{708066BD-053B-40A3-8695-5B57467846D3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7373FC48-6C8F-436B-AC70-FF81B5FF525F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78E8CEF9-0F3E-4BCF-92A0-7AD51EBBEA0B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E8EE51D-D5FF-4675-85E9-6527C7160C30}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F0F7C20-80C7-457B-A289-99355755826C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{90A0C043-F6F0-4FBC-ABF2-64D9CE950CBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{92D35A92-B4D0-4570-9E1E-210D37F196B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E994C95-17DB-4590-9B75-590128C11955}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A1D03904-FFCA-45A6-9E04-FD4DBB44FD32}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A2765A49-054F-45A2-BD86-70B5EC069A43}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A49A6D15-252D-4834-9958-32115C9E94B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A891B1A1-8713-4C14-94F7-D7BBFB7BE939}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{AD026673-C2FD-422E-A9DD-87AC1A32AE94}" = protocol=6 | dir=in | app=d:\fsetup.exe |
"{AD25143C-4411-424C-B596-EB8554BA3AB9}" = protocol=17 | dir=in | app=c:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe |
"{B549A451-AA8E-477B-816C-2289A50EE869}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B700A413-E020-45A4-9578-CD814DC9A157}" = protocol=6 | dir=out | app=system |
"{BD1861DC-F867-4B1D-90EC-CDC74DE85B72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C575CDD5-0E28-477A-9E98-EBE700223BC4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C7CCEAF5-E74D-4E72-9257-D2E102CA3AF7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D2000CDD-3A1C-4A94-97F5-40E1C9AAC285}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2D6AAF9-3FFB-49EA-BEDC-283FFC54C189}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6D56DE7-192F-42F8-AF6F-A1981BD07E49}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E3EAA9FA-9A51-4298-8776-B4584A714C80}" = protocol=17 | dir=in | app=c:\program files (x86)\searchresults1\dtuser.exe |
"{E630AFE9-9A55-4700-94EF-1253AE42A643}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{F32F1180-D9EB-40F5-AF81-A774EE38E10F}" = protocol=17 | dir=in | app=d:\fsetup.exe |
"{F38FD9CD-F6CD-414C-8CBD-1B9EFBA1415F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8D7243D-16DC-4D7E-95F4-1E4B408192BF}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{F9519774-1538-4B55-B0A3-4E0B0BF3FD4C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F9E5000C-A27D-4EE7-8272-8FA5DAC9DDD1}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{FD4D65A3-61CA-477B-A35A-10BCC77DF794}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{DCBE6D44-9CAB-490E-962F-665A40C92ED7}C:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{BBDA8669-E9EE-4EF1-8745-AE5B8B2A9D07}C:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\peterparker\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8B79B3A9-6E49-5FFB-2017-A822BBDC4992}" = ATI Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B0B97CF2-5032-A645-7FFC-BD1E39FC4E3F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WNLT" = Web Optimizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A414EA-0E5F-CD08-61EF-E155F31DFF76}" = Catalyst Control Center Graphics Previews Vista
"{08938019-97FA-1C7A-19E0-0C8D56ED7CB2}" = CCC Help Hungarian
"{0A4D717B-E6E8-11FA-E7D2-385EBB1A4A85}" = CCC Help Japanese
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{13BA5548-1065-4DBE-B115-681AFB77263B}" = CCC Help Swedish
"{16890D7F-1C77-733B-D8E4-F5D4315A5F93}" = Catalyst Control Center Localization All
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CBDB473-E303-EFAE-88D1-6F741ACD5B31}" = CCC Help Czech
"{1D8912B0-343C-EB1F-28EE-B672D444C192}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C59BF0E-66A5-681E-60FE-8D18CE6319A1}" = CCC Help German
"{2C9D4FCA-3E7F-9368-6955-EA6D65F7DC78}" = CCC Help English
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3788B9B7-C15F-4C64-D52B-3DD1BA494B7A}" = CCC Help Korean
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D200EB9-44FC-432F-1E35-C20AB5FDCD77}" = CCC Help Thai
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44D52071-5077-2839-1AE6-863563AEA269}" = CCC Help Russian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCBC4D0-1D88-462D-809E-506F34EA11C0}" = Catalyst Control Center - Branding
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}" = winLAME 2010 beta 1
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83299633-1261-47A3-84F3-6F02B4B8CDB1}" = Video Web Camera
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87976D85-DBF6-F263-39B6-500ACB658CE0}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBB29A1-C71D-DD1D-66B1-352AAAB13FC6}" = CCC Help Danish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F4D1D9E-5542-B572-81A7-9DCB0AEED1BE}" = CCC Help French
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3EF3FAD-6ABA-1551-AD3B-D09361C5EEC9}" = CCC Help Polish
"{A73FBC00-44F8-0ECF-76FB-14CF62120B55}" = ccc-core-static
"{A8B0DBDE-8119-48B0-8088-D12DA01C36BA}" = DownloadnSave
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AACEAAE9-9CC3-5715-4539-EB13CA3C67BA}" = CCC Help Spanish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{B2463AD3-1334-A30E-A523-D38E8E7B09A2}" = CCC Help Dutch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BA2AD7F2-55AE-87B5-00DD-9B0C6F087FD0}" = Catalyst Control Center Graphics Light
"{BC940CD7-FC71-83C5-2001-CF6FD07BA3D1}" = CCC Help Chinese Traditional
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BF847A60-119D-6888-B2DA-EC62F1B66BBB}" = CCC Help Chinese Standard
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C97396A9-44BC-C856-0B92-93A6A417D6A8}" = Catalyst Control Center Graphics Full New
"{CA10114E-3941-E8ED-70A3-17CAA2226AFC}" = CCC Help Turkish
"{CAB89605-7C12-8082-32DF-B419C696BD12}" = Catalyst Control Center Core Implementation
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{d4a2749b-0ad6-40dd-be89-415eda819c9b}" = Nero 9 Essentials
"{D98C2191-0AE0-4087-9153-018A4810DF45}" = CCC Help Norwegian
"{DF7D3C5E-87FC-6AE6-D986-35E0F05FEFD9}" = CCC Help Italian
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EBA8538C-F0B1-A089-D555-44DBF3A47C9F}" = CCC Help Finnish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22E305E-BD02-5CC1-92D0-BD7170CDFE45}" = CCC Help Portuguese
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD4B3108-0915-31E1-5A7C-AC5B3C33846C}" = CCC Help Greek
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"conduitEngine" = Conduit Engine
"DealPly" = DealPly
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"ElsterFormular" = ElsterFormular
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"iMesh" = iMesh
"incredibar" = Incredibar Toolbar on IE
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Prism" = Prism Video File Converter
"searchresults1" = Search Results Toolbar
"softonic-Germany_ Toolbar" = softonic-Germany_ Toolbar
"Switch" = Switch Sound File Converter
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 1.1.11
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079024" = FATE - The Traitor Soul
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"FoxTab Media Player" = FoxTab Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.10.2012 21:05:15 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3105
Error - 02.10.2012 21:05:15 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3105
Error - 02.10.2012 21:05:16 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.10.2012 21:05:16 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4119
Error - 02.10.2012 21:05:16 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4119
Error - 02.10.2012 21:05:17 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.10.2012 21:05:17 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5211
Error - 02.10.2012 21:05:17 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5211
Error - 02.10.2012 21:05:18 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 02.10.2012 21:05:18 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6225
Error - 02.10.2012 21:05:18 | Computer Name = peter-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6225
[ Media Center Events ]
Error - 08.08.2011 14:03:35 | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 20:03:35 - Fehler beim Herstellen der Internetverbindung. 20:03:35
- Serververbindung konnte nicht hergestellt werden..
Error - 09.08.2011 03:19:34 | Computer Name = peter-PC | Source = MCUpdate | ID = 0
Description = 09:19:33 - Fehler beim Herstellen der Internetverbindung. 09:19:33
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 27.11.2012 14:15:59 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:17:15 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:17:15 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:17:15 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:18:05 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:18:05 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:18:05 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:21:55 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:21:55 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 27.11.2012 14:21:55 | Computer Name = peter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Grüße, Peter! |
|
28.11.2012, 10:52
| #2 | |
| /// TB-Ausbilder   | GVU Trojaner mit Webcam Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Zitat:
 Du hast sehr viel Adware auf deinem Rechner, inklusive die Ask Toolbar, die für den WebSchutz von Avira benötigt wird. Es würde die Bereinigung sehr vereinfachen, wenn ich diese auch mitlöschen dürfte. Ich kann dir Avira sowieso nicht mehr empfehlen (eben wegen dieser Toolbar). Wenn du möchtest, kann ich dir ein anderes AV Programm empfehlen. Was hälst du davon? Schritt 1 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 2 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Bitte poste mit deiner nächsten Antwort
Geändert von M-K-D-B (28.11.2012 um 11:02 Uhr) |
|
28.11.2012, 16:54
| #3 |
| | GVU Trojaner mit Webcam Hallo Matthias,
__________________vielen vielen Dank dass du dich meiner annimmst! Die Toolbar und Avira kann ich wenn du möchtest im Ablauf sehr gerne löschen, was gibt es denn für Alternativen? Defogger meldet nach einer Sekunde folgendes: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:43 on 28/11/2012 (peterparker)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
aswMBR das hier: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-28 16:45:07
-----------------------------
16:45:07.403 OS Version: Windows x64 6.1.7601 Service Pack 1
16:45:07.403 Number of processors: 2 586 0x2505
16:45:07.403 ComputerName: PETER-PC UserName:
16:45:08.425 Initialize success
16:45:26.885 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:45:26.885 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
16:45:26.901 Disk 0 MBR read successfully
16:45:26.901 Disk 0 MBR scan
16:45:26.901 Disk 0 Windows VISTA default MBR code
16:45:26.917 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
16:45:26.932 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
16:45:26.963 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463838 MB offset 26830848
16:45:26.989 Disk 0 scanning C:\Windows\system32\drivers
16:45:35.164 Service scanning
16:46:11.238 Modules scanning
16:46:11.238 Disk 0 trace - called modules:
16:46:11.288 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:46:11.288 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a72410]
16:46:11.288 3 CLASSPNP.SYS[fffff88001bc043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048f9050]
16:46:11.298 Scan finished successfully
16:46:58.300 Disk 0 MBR has been saved successfully to "C:\Users\peterparker\Desktop\MBR.dat"
16:46:58.300 The log file has been saved successfully to "C:\Users\peterparker\Desktop\aswMBR.txt"
Peter! |
|
28.11.2012, 19:28
| #4 | |
| /// TB-Ausbilder | GVU Trojaner mit Webcam Servus, Zitat:
Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall TuneUp Utilities 2013. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 4 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
29.11.2012, 18:09
| #5 |
| | GVU Trojaner mit Webcam Guten Abend Matthias! Schritt 1: Im Softwarecenter lassen sich die Tune Up Utilities leider nicht entfernen, ich werde gefragt ob ich das Programm (und seine nützlichen Schutzfunktionen!) wirklich entfernen möchte, mit bestätigung auf JA schliesst sich lediglich der Dialog, aber deinstalliert wurde nichts.. Schritt 2 AdwCleaner sagt folgendes: Log zu groß! Habs angehängt! Schritt 3 JRT gibt das hier aus: Log zu groß! Habs angehängt! Schritt 4 Combofix moniert dass bei mir noch Avira läuft, das habe ich dann schnell deinstalliert, danach kam leider der Hinweis dass es noch immer läuft. Eine Möglichkeit abzubrechen gab es bei Combofox jedoch nicht, nur die Option OK die ich dann betätigt habe. Hier das LOG, soll ich versuchen Avira loszuwerden und noch mal Combofix starten? Log zu groß! Habs angehängt! Gruß, Peter! |
|
29.11.2012, 19:15
| #6 |
| /// TB-Ausbilder | GVU Trojaner mit Webcam Servus, lass mal Avira gut sein. So geht es weiter: Schritt 1 Combofix-Skript
Schritt 2
Code:
ATTFilter c:\users\peterparker\AppData\Roaming\*.
Bitte poste mit deiner nächsten Antwort
|
|
29.11.2012, 20:05
| #7 |
| | GVU Trojaner mit Webcam Hallo! Hier ist das ComboFix Log: Code:
ATTFilter ComboFix 12-11-29.02 - peterparker 29.11.2012 19:39:15.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3956.3195 [GMT 1:00]
ausgeführt von:: c:\users\peterparker\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\peterparker\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\peterparker\AppData\Roaming\16001.008
c:\users\peterparker\AppData\Roaming\16001.008\chrome.manifest
c:\users\peterparker\AppData\Roaming\16001.008\components\AcroFF.txt
c:\users\peterparker\AppData\Roaming\16001.008\install.rdf
c:\users\peterparker\AppData\Roaming\16001.009
c:\users\peterparker\AppData\Roaming\16001.009\chrome.manifest
c:\users\peterparker\AppData\Roaming\16001.009\components\AcroFF.txt
c:\users\peterparker\AppData\Roaming\16001.009\install.rdf
c:\users\peterparker\AppData\Roaming\kock
c:\users\peterparker\AppData\Roaming\xmldm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000002.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000003.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000004.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000005.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000006.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000008.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000009.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000010.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000011.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000012.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000013.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000014.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000015.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000016.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000017.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000018.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000019.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000020.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000021.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000022.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000023.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000024.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000025.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000026.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000027.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000028.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000029.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000030.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000031.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000032.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000033.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000034.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000035.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000036.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000037.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000038.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000039.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000040.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000041.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000042.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000043.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000044.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000045.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000046.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000047.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000048.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000049.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000050.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000051.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000052.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000053.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000054.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000055.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000056.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000057.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000058.frm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000059.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000060.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000061.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000062.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000063.key
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000064.pst
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000065.htm
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000066.eml
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000067.eml
c:\users\peterparker\AppData\Roaming\xmldm\3748_FF_0000000068.eml
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000069.eml
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000070.eml
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000071.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000072.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000073.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000074.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000075.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000076.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000077.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000078.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000079.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000080.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000081.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000082.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000083.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000084.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000085.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000086.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000087.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000088.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000089.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000090.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000091.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000092.frm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000093.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000094.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000095.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000096.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000097.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000098.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000099.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000100.htm
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000101.key
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000102.pst
c:\users\peterparker\AppData\Roaming\xmldm\5012_FF_0000000103.htm
c:\users\peterparker\AppData\Roaming\xmldm\firefox.exe_UAs7.dat
c:\users\peterparker\AppData\Roaming\Zarb
c:\users\peterparker\AppData\Roaming\Zarb\Verben_d.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_ds.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_e.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_f.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_i.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_l.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_n.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_p.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_pt.doc
c:\users\peterparker\AppData\Roaming\Zarb\Verben_s.doc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-28 bis 2012-11-29 ))))))))))))))))))))))))))))))
.
.
2012-11-29 18:47 . 2012-11-29 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 16:32 . 2012-11-29 16:32 -------- d-----w- c:\windows\ERUNT
2012-11-29 16:32 . 2012-11-29 16:32 -------- d-----w- C:\JRT
2012-11-27 17:43 . 2012-11-27 17:43 -------- d-----w- c:\users\peterparker\AppData\Roaming\Malwarebytes
2012-11-27 17:43 . 2012-11-27 17:43 -------- d-----w- c:\programdata\Malwarebytes
2012-11-27 17:43 . 2012-11-27 17:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-27 17:43 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-27 14:13 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EBB0D8D-BD54-4043-8AE7-3F1B74E454A3}\mpengine.dll
2012-11-16 00:04 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-11-16 00:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 00:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 00:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 23:55 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 23:55 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 23:55 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 23:55 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 23:55 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 23:55 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 23:55 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 18:58 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 18:58 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 23:56 . 2011-08-11 11:16 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 16:58 . 2012-10-16 16:59 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 16:58 . 2012-10-10 15:50 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 16:58 . 2012-10-10 15:50 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-10-16 15:19 . 2012-05-10 19:29 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 15:19 . 2011-08-12 20:05 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:19 . 2012-10-09 17:20 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2012-10-09 17:19 . 2012-10-09 17:20 151552 ----a-w- c:\windows\KMService.exe
2012-09-19 09:29 . 2012-10-07 13:52 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-19 09:29 . 2012-10-07 13:51 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-09-19 09:29 . 2012-10-07 13:51 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-14 19:19 . 2012-10-10 17:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 17:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 13:26 . 2012-09-12 17:30 1259888 ----a-w- c:\windows\system32\dmwu.exe
2012-09-13 13:25 . 2012-09-12 17:30 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{008BC998-00C2-85AB-98FB-A5C5BC4B450D}]
c:\programdata\DownloadnSave\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]
c:\program files (x86)\DealPly\DealPlyIE.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files (x86)\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-07 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Starter"="c:\program files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe" [2012-02-14 79728]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536]
.
c:\users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\peterparker\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-14 27595032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-04-23 867360]
R2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 15:19]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 15:47]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-09 15:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
c:\program files\Web Assistant\Extension64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\peterparker\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-10-22 325120]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-04-23 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\peterparker\AppData\Roaming\Mozilla\Firefox\Profiles\x8n2m0fo.default\
FF - ExtSQL: 2012-10-10 16:38; toolbar@web.de; c:\users\peterparker\AppData\Roaming\Mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\toolbar@web.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-!{F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-29 19:49:47
ComboFix-quarantined-files.txt 2012-11-29 18:49
ComboFix2.txt 2012-11-29 16:54
.
Vor Suchlauf: 13 Verzeichnis(se), 325.386.891.264 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 325.308.006.400 Bytes frei
.
- - End Of File - - F0FD05636D16952A61A37135F6B9C937
Code:
ATTFilter OTL logfile created on: 29.11.2012 19:52:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\peterparker\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 3,01 Gb Available Physical Memory | 77,95% Memory free 7,73 Gb Paging File | 7,09 Gb Available in Paging File | 91,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,97 Gb Total Space | 303,05 Gb Free Space | 66,90% Space Free | Partition Type: NTFS Drive E: | 1,76 Gb Total Space | 1,63 Gb Free Space | 92,64% Space Free | Partition Type: FAT32 Computer Name: PETER-PC | User Name: peterparker | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\peterparker\Desktop\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Group) SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (GameConsoleService) -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (AdobeActiveFileMonitor8.0) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm85&r=27360811q3b6l0450z1k5f4781d585 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE444DE444 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=4507575425824172&p2=^A9T^YYYYYY^YY^DE&q={searchTerms} IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\SearchScopes\{D5D7DA65-FD84-4437-A917-1F39C2656688}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: 500ea40e66ec9%40500ea40e66f02.info:1.0 FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7B988da70d-b78d-44a1-a9c7-ed11832a9e2e%7D:1.3 FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21 FF - prefs.js..extensions.enabledAddons: %7B33044118-6597-4D2F-ABEA-7974BB185379%7D:1.0 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.22 19:58:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\peterparker\AppData\Roaming\16001.009 [2012.08.26 16:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Extensions [2012.11.29 17:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions [2012.07.24 16:34:05 | 000,000,000 | ---D | M] (DownloadnSave) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\500ea40e66ec9@500ea40e66f02.info [2012.11.29 17:41:36 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Users\peterparker\AppData\Roaming\mozilla\Firefox\Profiles\x8n2m0fo.default\extensions\toolbar@web.de [2012.01.14 20:45:34 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\DivXWebPlayer@divx.com.xpi [2012.03.11 11:16:13 | 000,015,162 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2011.09.18 17:38:45 | 000,087,923 | ---- | M] () (No name found) -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2012.10.22 17:35:10 | 000,001,028 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\dvdvideosofttb-customized-web-search.xml [2012.02.16 18:09:18 | 000,002,057 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\mozilla\firefox\profiles\x8n2m0fo.default\searchplugins\youtube-videosuche.xml [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2012.11.22 19:58:33 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de File not found (No name found) -- C:\USERS\PETERPARKER\APPDATA\ROAMING\16001.009 [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Avira Toolbar = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.4.24169_0\ CHR - Extension: DownloadnSave = C:\Users\peterparker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcccpgeibhlebnekpbfcfagendjaeamn\1.0_0\ O1 HOSTS File: ([2012.11.29 19:47:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll File not found O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DownloadnSave Class) - {008BC998-00C2-85AB-98FB-A5C5BC4B450D} - C:\ProgramData\DownloadnSave\bhoclass.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\peterparker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\peterparker\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\peterparker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1212226170-1191435375-1816845172-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE61BBFF-0C83-4242-BD71-7BB94BCED92E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.29 19:47:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.29 19:32:32 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\peterparker\Desktop\ComboFix.exe [2012.11.29 17:42:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.29 17:42:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.29 17:42:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.29 17:38:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.29 17:38:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.29 17:32:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012.11.29 17:32:14 | 000,000,000 | ---D | C] -- C:\JRT [2012.11.28 16:43:47 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\peterparker\Desktop\aswMBR.exe [2012.11.27 18:45:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\peterparker\Desktop\OTL.exe [2012.11.27 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\peterparker\AppData\Roaming\Malwarebytes [2012.11.27 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 18:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 18:43:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.27 18:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.20 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Application Data [2012.11.16 01:04:23 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.16 01:04:23 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.16 00:55:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.16 00:55:50 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.16 00:55:50 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.16 00:55:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.15 19:59:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.15 19:59:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.15 19:59:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.15 19:59:11 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.15 19:59:11 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.15 19:59:11 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.15 19:59:11 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.15 19:59:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.15 19:59:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.15 19:58:53 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.15 19:58:53 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.05 19:26:32 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Desktop\Fotos Klasse [2012.11.02 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\peterparker\Desktop\Global Booty Shake Songs Nov Dez 2012 [10 C:\Users\peterparker\Desktop\*.tmp files -> C:\Users\peterparker\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.29 19:47:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.29 19:32:57 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\peterparker\Desktop\ComboFix.exe [2012.11.29 19:27:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.29 19:27:23 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys [2012.11.29 17:16:28 | 000,911,990 | ---- | M] () -- C:\Users\peterparker\Desktop\JRT.exe [2012.11.29 17:16:00 | 000,480,125 | ---- | M] () -- C:\Users\peterparker\Desktop\adwcleaner.exe [2012.11.28 17:20:58 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.28 17:20:58 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.28 17:20:58 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.28 17:20:58 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.28 17:20:58 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.28 16:46:58 | 000,000,512 | ---- | M] () -- C:\Users\peterparker\Desktop\MBR.dat [2012.11.28 16:44:22 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\peterparker\Desktop\aswMBR.exe [2012.11.28 16:42:49 | 000,000,000 | ---- | M] () -- C:\Users\peterparker\defogger_reenable [2012.11.28 16:42:12 | 000,050,477 | ---- | M] () -- C:\Users\peterparker\Desktop\Defogger.exe [2012.11.27 18:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\peterparker\Desktop\OTL.exe [2012.11.27 18:43:09 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 18:35:03 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.27 18:10:47 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 18:10:47 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 17:24:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.27 17:24:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.26 19:21:14 | 000,421,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.22 19:58:40 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.11 14:21:16 | 000,000,051 | ---- | M] () -- C:\Users\peterparker\AppData\Roaming\blckdom.res [10 C:\Users\peterparker\Desktop\*.tmp files -> C:\Users\peterparker\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.29 17:42:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.29 17:42:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.29 17:42:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.29 17:42:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.29 17:42:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.29 17:16:22 | 000,911,990 | ---- | C] () -- C:\Users\peterparker\Desktop\JRT.exe [2012.11.29 17:16:00 | 000,480,125 | ---- | C] () -- C:\Users\peterparker\Desktop\adwcleaner.exe [2012.11.28 16:46:58 | 000,000,512 | ---- | C] () -- C:\Users\peterparker\Desktop\MBR.dat [2012.11.28 16:42:49 | 000,000,000 | ---- | C] () -- C:\Users\peterparker\defogger_reenable [2012.11.27 19:26:06 | 000,050,477 | ---- | C] () -- C:\Users\peterparker\Desktop\Defogger.exe [2012.11.27 18:43:09 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 21:36:59 | 008,626,176 | ---- | C] () -- C:\Users\peterparker\Desktop\Israel Kamakawiwoole - Somewhere over the rainbow - What a wonderful world.mp3 [2012.11.16 01:04:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 00:55:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.08 20:27:39 | 000,000,051 | ---- | C] () -- C:\Users\peterparker\AppData\Roaming\blckdom.res [2012.10.09 18:20:16 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012.10.09 18:20:16 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012.05.21 17:23:45 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.10.01 17:26:25 | 000,003,584 | ---- | C] () -- C:\Users\peterparker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.09 14:19:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.08.09 10:36:16 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < c:\users\peterparker\AppData\Roaming\*. > [2011.08.16 12:42:11 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Adobe [2012.10.30 16:36:09 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Apple Computer [2011.08.08 18:47:08 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\ATI [2011.08.12 21:25:37 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Canneverbe Limited [2012.10.09 17:38:18 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\DAEMON Tools Lite [2012.11.27 18:35:24 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Dropbox [2012.08.20 11:13:46 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\elsterformular [2011.08.08 19:04:43 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Google [2011.08.08 18:45:57 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Identities [2011.08.08 18:46:26 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Macromedia [2012.11.27 18:43:19 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Malwarebytes [2010.05.07 07:57:13 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Media Center Programs [2012.06.05 22:43:40 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Media Player Classic [2012.10.11 16:19:43 | 000,000,000 | --SD | M] -- c:\users\peterparker\AppData\Roaming\Microsoft [2012.08.26 16:30:06 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Mozilla [2011.10.01 17:26:07 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\MusicNet [2011.08.18 13:18:31 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\NCH Software [2012.08.26 16:34:40 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\NCH Swift Sound [2012.08.31 10:45:22 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Nero [2012.07.24 16:33:43 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\SendSpace [2012.08.26 16:29:32 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\Skype [2012.03.24 09:49:33 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\SNS [2012.11.26 22:55:11 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\SoftGrid Client [2011.08.09 10:37:16 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\TP [2012.10.07 14:51:38 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\TuneUp Software [2012.02.17 17:12:55 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\vlc [2011.08.09 17:58:20 | 000,000,000 | ---D | M] -- c:\users\peterparker\AppData\Roaming\WinRAR < End of report > |
|
29.11.2012, 20:24
| #8 | |
| /// TB-Ausbilder | GVU Trojaner mit Webcam Servus, Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier. Wiederhole die selben Schritte mit folgenden Dateien. Code:
ATTFilter c:\windows\system32\srvany.exe
c:\windows\SysWow64\srvany.exe
|
|
29.11.2012, 21:31
| #9 |
| | GVU Trojaner mit Webcam Also das kommt bei bei c:\windows\system32\srvany.exe: https://www.virustotal.com/file/abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1/analysis/1354220717/ Das bei c:\windows\SysWow64\srvany.exe: https://www.virustotal.com/file/abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1/analysis/1354220896/ Und bei der KMService.exe: https://www.virustotal.com/file/b075602cf6bcb3284c44a640daffa49cc5aa8f469a20e4b242f2dde85fcb4dbe/analysis/1354220441/ |
|
30.11.2012, 09:34
| #10 | |
| /// TB-Ausbilder | GVU Trojaner mit Webcam Servus, Aus deinem Logfile: Zitat:
Dateien, wie crack.exe, keygen.exe oder patch.exe sind zu 99,9% gefährliche Schädlinge, mit denen man nicht Spaßen sollte. Außerdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zum Neu aufsetzten. Damit ist das Thema beendet. |
|
| Themen zu GVU Trojaner mit Webcam |
| avira, avira searchfree toolbar, bho, bonjour, chip.de, converter, dealply, driver genius, error, excel, fehler, firefox, flash player, home, incredibar toolbar, install.exe, intranet, kaspersky, launch, logfile, microsoft office starter 2010, mozilla, mp3, object, optimizer pro, packard bell, plug-in, problem, realtek, registry, scan, search results toolbar, security, senden, software, svchost.exe, trojaner, windows |
WARNUNG an die MITLESER: 
Textbox.
Linear-Darstellung
