Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Claro search im Browser und Rechner wird lahmgelegt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.11.2012, 06:07   #1
chrissid
 
Claro search im Browser und Rechner wird lahmgelegt - Standard

Claro search im Browser und Rechner wird lahmgelegt



Hallo zusammen,

auch ich habe mir den Claro Search eingefangen.

Claro Search erscheint in allen Browsern (Firefox, IE, Google Chrome).
Rechner ist nach ein paar Stunden komplett lahmgelegt. Alle offenen Programme reagieren nicht mehr.

Vielen Dank im Voraus für Eure Hilfe
Chrissi


otl.txt

Code:
ATTFilter
OTL logfile created on: 27.11.2012 21:39:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 57,77% Memory free
6,50 Gb Paging File | 4,98 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 382,59 Gb Free Space | 82,16% Space Free | Partition Type: NTFS
 
Computer Name: GGLBUERO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.27 21:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe
PRC - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe
PRC - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
PRC - [2012.09.20 13:21:06 | 015,700,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.19 06:55:38 | 001,422,936 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\WINWORD.EXE
PRC - [2012.06.11 14:58:48 | 001,223,680 | ---- | M] (Toggl) -- C:\Programme\Toggl\TogglDesktop\TogglDesktop.exe
PRC - [2012.03.26 16:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.03.07 20:36:13 | 000,349,488 | ---- | M] (Assistance & Resources for Computing, Inc.) -- C:\PurgeIE\PurgeIE_Service.exe
PRC - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.18 13:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2011.12.20 22:48:38 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2011.09.02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.18 12:44:43 | 001,415,632 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 04:17:42 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 04:17:38 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010.11.17 23:04:04 | 006,862,336 | ---- | M] (Global IP Telecommunications Ltd.) -- C:\Programme\NinjaLite\NinjaLite\NinjaLi.exe
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.10.19 23:11:52 | 000,616,712 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.03.30 15:00:56 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.14 09:29:03 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\eaf74b94f8d7de8b53ba3f0efbd0ccb5\System.Web.Services.ni.dll
MOD - [2012.11.14 09:29:01 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.14 09:28:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.14 09:28:23 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.14 09:28:06 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.14 09:28:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.14 09:28:02 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.14 09:27:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe
MOD - [2012.11.12 11:03:58 | 002,147,352 | ---- | M] () -- c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.10.09 10:26:20 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012.01.13 12:49:04 | 001,093,646 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avcodec-53.dll
MOD - [2012.01.13 12:49:04 | 000,184,846 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avformat-53.dll
MOD - [2012.01.13 12:49:04 | 000,117,262 | ---- | M] () -- C:\Programme\Toggl\TogglDesktop\avutil-51.dll
MOD - [2012.01.11 11:30:08 | 000,952,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Crm.SdkTypeProxy\4.0.0.0__31bf3856ad364e35\Microsoft.Crm.SdkTypeProxy.dll
MOD - [2012.01.11 11:30:07 | 000,169,832 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Crm.Sdk\4.0.0.0__31bf3856ad364e35\Microsoft.Crm.Sdk.dll
MOD - [2012.01.11 11:30:06 | 000,624,488 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Crm.Platform.Sdk\4.0.0.0__31bf3856ad364e35\Microsoft.Crm.Platform.Sdk.dll
MOD - [2012.01.11 11:30:05 | 000,943,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\Microsoft.Crm\4.0.0.0__31bf3856ad364e35\Microsoft.Crm.dll
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Programme\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.06.11 16:49:14 | 000,341,864 | ---- | M] () -- C:\Programme\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Outlook.CompactPrxy.XmlSerializers.dll
MOD - [2009.10.19 23:11:20 | 000,101,128 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\CrashRpt.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007.08.13 15:46:00 | 001,253,376 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbis.dll
MOD - [2007.08.13 15:46:00 | 001,032,192 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbisenc.dll
MOD - [2007.08.13 15:46:00 | 000,102,400 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\vorbisfile.dll
MOD - [2007.08.13 15:46:00 | 000,061,440 | ---- | M] () -- C:\Programme\NinjaLite\NinjaLite\ogg.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.13 21:42:18 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.13 21:41:56 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.11.12 11:05:14 | 002,402,840 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe -- (Browser Manager)
SRV - [2012.10.28 13:12:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 10:26:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 16:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.07 20:36:13 | 000,349,488 | ---- | M] (Assistance & Resources for Computing, Inc.) [Auto | Running] -- C:\PurgeIE\PurgeIE_Service.exe -- (PurgeIEservice)
SRV - [2012.01.19 12:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.09.22 17:18:58 | 043,028,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2011.09.22 17:18:58 | 000,097,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.09.22 17:17:26 | 000,370,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2011.09.22 17:17:26 | 000,255,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2011.06.18 13:28:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.23 04:08:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.03.20 19:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.09.22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.06.18 12:44:43 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.11.20 04:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 04:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 02:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2004.08.13 08:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://companyweb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 8C 54 CE 0B 4B CA 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_3&babsrc=SP_ss&mntrId=4aaaddfe000000000000002618183731
IE - HKCU\..\SearchScopes\{FBA214B9-5BF0-438A-BBD8-78C1EBB80D48}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Claro Search"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP_ss&mntrId=4aaaddfe000000000000002618183731"
FF - prefs.js..extensions.enabledAddons: beta@linkdiagnosis.com:2.3.6
FF - prefs.js..extensions.enabledAddons: check4change-owner@mozdev.org:1.9.3
FF - prefs.js..extensions.enabledAddons: morningCoffee@shaneliesegang:1.35
FF - prefs.js..extensions.enabledAddons: sitedelta@schierla.de:0.13.1
FF - prefs.js..extensions.enabledAddons: yslow@yahoo-inc.com:3.1.4
FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.6
FF - prefs.js..extensions.enabledAddons: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.5.5
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.10
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.41
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: firequery@binaryage.com:1.3
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.4
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.24
FF - prefs.js..extensions.enabledAddons: {58bd07eb-0ee0-4df0-8121-dc9b693373df}:2.5.911.18
FF - prefs.js..keyword.URL: "hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=KW_ss&mntrId=4aaaddfe000000000000002618183731&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2011.06.18 12:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.11.22 15:30:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.11.22 15:40:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.01.07 16:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.11.23 07:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions
[2012.11.21 08:16:39 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012.08.24 10:01:21 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012.08.01 11:20:43 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s1f9s1h5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.02.17 09:20:32 | 000,066,808 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\beta@linkdiagnosis.com.xpi
[2012.05.14 08:17:12 | 000,617,362 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\check4change-owner@mozdev.org.xpi
[2012.11.02 14:58:49 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\firebug@software.joehewitt.com.xpi
[2012.10.08 13:28:32 | 000,106,668 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\firequery@binaryage.com.xpi
[2012.01.10 16:56:12 | 000,107,019 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\morningCoffee@shaneliesegang.xpi
[2012.11.02 14:58:46 | 000,347,040 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\senseo@nicosteiner.de.xpi
[2012.05.14 08:14:06 | 000,074,258 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\sitedelta@schierla.de.xpi
[2012.11.19 23:00:55 | 000,510,620 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\toolbar@gmx.net.xpi
[2012.08.12 07:19:37 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\yslow@yahoo-inc.com.xpi
[2012.08.29 11:32:03 | 000,399,504 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi
[2012.07.30 20:03:35 | 000,447,304 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2012.09.10 19:24:22 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012.06.09 08:59:47 | 000,068,257 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2012.01.10 17:36:54 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012.11.19 23:00:59 | 000,000,911 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\11-suche.xml
[2012.11.19 23:00:59 | 000,002,273 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\englische-ergebnisse.xml
[2012.11.19 23:00:59 | 000,010,563 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\gmx-suche.xml
[2012.11.19 23:00:59 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\lastminute.xml
[2012.11.22 15:39:59 | 000,006,520 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\mngr.xml
[2012.11.19 23:00:59 | 000,005,545 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s1f9s1h5.default\searchplugins\webde-suche.xml
[2012.10.28 13:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.28 13:11:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.22 15:40:15 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.5.911.18\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{0B457CAA-602D-484A-8FE7-C1D894A011BA}
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{6AC85730-7D0F-4DE0-B3FA-21142DD85326}
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\BETA@LINKDIAGNOSIS.COM.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\CHECK4CHANGE-OWNER@MOZDEV.ORG.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\FIREQUERY@BINARYAGE.COM.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\MORNINGCOFFEE@SHANELIESEGANG.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\SITEDELTA@SCHIERLA.DE.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
File not found (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S1F9S1H5.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
[2012.10.28 13:12:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 07:30:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.22 15:39:59 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.10.03 21:47:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 07:30:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 07:30:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 07:30:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 07:30:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP_ss&mntrId=4aaaddfe000000000000002618183731
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.claro-search.com/?affID=117423&tt=4712_3&babsrc=HP_ss&mntrId=4aaaddfe000000000000002618183731
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSCRM] C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IBP]  File not found
O4 - HKCU..\Run: [NINJALI.EXE] C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe (Global IP Telecommunications Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk = C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TogglDesktop.lnk = C:\Programme\Toggl\TogglDesktop\TogglDesktop.exe (Toggl)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: crm ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sites ([]https in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Vertrauenswürdige Sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = serendata.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1331BC44-AB8C-4275-B7F3-B5B35058B171}: DhcpNameServer = 192.168.2.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 21:39:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.22 22:13:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012.11.22 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012.11.22 15:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.22 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.11.22 15:39:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Babylon
[2012.11.22 15:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.11.22 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2012.11.22 15:30:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Software
[2012.11.22 15:30:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\PDF Architect Files
[2012.11.22 15:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2012.11.22 15:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 21:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.27 21:37:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.27 21:35:22 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.27 21:27:15 | 000,480,125 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.27 21:26:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 21:13:21 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 21:13:21 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 21:12:29 | 000,766,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.27 21:12:29 | 000,720,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.27 21:12:29 | 000,174,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.27 21:12:29 | 000,147,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.27 21:07:35 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.27 21:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 21:05:42 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.27 17:57:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.27 12:47:38 | 000,001,310 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.11.26 22:49:25 | 000,002,046 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.11.22 15:31:30 | 000,000,963 | ---- | M] () -- C:\Users\***\Desktop\PDF Architect.lnk
[2012.11.14 09:26:19 | 000,408,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.08 18:00:08 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.27 21:37:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.27 21:35:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.27 21:27:10 | 000,480,125 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.22 15:31:30 | 000,000,963 | ---- | C] () -- C:\Users\***\Desktop\PDF Architect.lnk
[2012.07.30 20:02:13 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.07.27 09:09:52 | 000,060,864 | ---- | C] () -- C:\Users\***\g2mdlhlpx.exe
[2012.01.09 12:12:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat
[2012.01.09 12:12:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.09 12:09:24 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2012.01.07 16:24:25 | 000,000,816 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2012.01.07 16:11:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.06 23:03:03 | 000,022,012 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.12.06 19:49:28 | 000,048,488 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.18 12:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.18 10:45:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.18 17:24:00 | 000,003,246 | ---- | C] () -- C:\Users\***\.kdiff3rc
[2010.01.12 16:55:40 | 000,459,366 | ---- | C] () -- C:\Users\***\.spyglass.properties
 
========== ZeroAccess Check ==========
 
[2010.03.17 14:37:37 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\2216887-Dateien\L.gif
[2010.03.17 14:34:31 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\3999788-Dateien\L.gif
[2010.03.17 14:23:50 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\5994862-Dateien\L.gif
[2010.03.17 14:21:35 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\7359601-Dateien\L.gif
[2010.03.17 14:29:03 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\938668-Dateien\L.gif
[2010.03.17 14:23:01 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\9723607-Dateien\L.gif
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.22 15:39:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.01.10 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2012.04.12 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBP
[2012.01.10 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.26 09:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySEOSolution_DB_Dir
[2012.01.07 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.01.07 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.11.22 15:31:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Software
[2012.11.23 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.03.07 20:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PurgeIE
[2012.01.07 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2012.01.07 18:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.07 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Small Business Server
 
========== Purity Check ==========
 
 

< End of report >
012.11.22 15:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2012.11.22 15:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Architect
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 21:39:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.27 21:37:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.27 21:35:22 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.27 21:27:15 | 000,480,125 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.27 21:26:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 21:13:21 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 21:13:21 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 21:12:29 | 000,766,376 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.27 21:12:29 | 000,720,358 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.27 21:12:29 | 000,174,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.27 21:12:29 | 000,147,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.27 21:07:35 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.27 21:05:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 21:05:42 | 2616,545,280 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.27 17:57:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.27 12:47:38 | 000,001,310 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.11.26 22:49:25 | 000,002,046 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2012.11.22 15:31:30 | 000,000,963 | ---- | M] () -- C:\Users\***\Desktop\PDF Architect.lnk
[2012.11.14 09:26:19 | 000,408,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.08 18:00:08 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.27 21:37:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.27 21:35:22 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.27 21:27:10 | 000,480,125 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2012.11.22 15:31:30 | 000,000,963 | ---- | C] () -- C:\Users\***\Desktop\PDF Architect.lnk
[2012.07.30 20:02:13 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.07.27 09:09:52 | 000,060,864 | ---- | C] () -- C:\Users\***\g2mdlhlpx.exe
[2012.01.09 12:12:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08c.dat
[2012.01.09 12:12:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.09 12:09:24 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2012.01.07 16:24:25 | 000,000,816 | RHS- | C] () -- C:\Users\***\ntuser.pol
[2012.01.07 16:11:44 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.06 23:03:03 | 000,022,012 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.12.06 19:49:28 | 000,048,488 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.18 12:56:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.18 10:45:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.18 17:24:00 | 000,003,246 | ---- | C] () -- C:\Users\***\.kdiff3rc
[2010.01.12 16:55:40 | 000,459,366 | ---- | C] () -- C:\Users\***\.spyglass.properties
 
========== ZeroAccess Check ==========
 
[2010.03.17 14:37:37 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\2216887-Dateien\L.gif
[2010.03.17 14:34:31 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\3999788-Dateien\L.gif
[2010.03.17 14:23:50 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\5994862-Dateien\L.gif
[2010.03.17 14:21:35 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\7359601-Dateien\L.gif
[2010.03.17 14:29:03 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\938668-Dateien\L.gif
[2010.03.17 14:23:01 | 000,001,024 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1624048245-291931411-889609081-1148\$RFHDX36\Marketing\BilderFuerPraesentation\9723607-Dateien\L.gif
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.22 15:39:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.01.10 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FireShot
[2012.04.12 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBP
[2012.01.10 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.26 09:00:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySEOSolution_DB_Dir
[2012.01.07 18:28:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.01.07 16:41:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.11.22 15:31:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Software
[2012.11.23 07:56:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.03.07 20:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PurgeIE
[2012.01.07 16:25:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2012.01.07 18:09:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.01.07 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Small Business Server
 
========== Purity Check ==========
 
 

< End of report >
         
extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 27.11.2012 21:39:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 57,77% Memory free
6,50 Gb Paging File | 4,98 Gb Available in Paging File | 76,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 382,59 Gb Free Space | 82,16% Space Free | Partition Type: NTFS
 
Computer Name: GGLBUERO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 512
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|LSM=TRUE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|Edge=FALSE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|
"WMI-ASYNC-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
"WMI-WINMGMT-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|Edge=FALSE|
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F7A7A2-79AB-4C42-9D91-278BCC070CFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0E1C3B34-9E81-4B9C-B82F-8D24CE999E25}" = rport=5060 | protocol=17 | dir=out | name=sip 5060 udp | 
"{2A7ECA4B-0729-49E6-85E1-1AFFE24E799F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{35045904-3FD9-45D7-A7E4-7445974FB127}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4393F2E0-E34D-4559-AE79-4634D70E73C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4DB0116C-D406-4983-BAC2-D93410BE6D42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{580BBF0F-68DE-47CF-B47B-96744C0086BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{63B70545-DB77-4DAE-9AC2-116C34A66CC7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6C888103-7E3A-4A05-9A8D-AF972A2748E5}" = rport=3478 | protocol=17 | dir=out | name=stun sip 3478 udp | 
"{79791763-DE05-478E-9940-2EA918B87D98}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7A2AD3C1-77ED-447D-9ABD-79A46F4DFA15}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{7FA4EC9A-5BD5-41C8-895E-03882DCAEA3C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{93ECDAAF-AC3B-4046-81A6-9739CFB86120}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A58DFD6F-1D13-49C1-BF20-653201315809}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{A7EE3138-693A-40CC-8AF2-3451AB585EA7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BA4797F9-716B-47D1-9CCC-251730BC2DAB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C173F0C7-C909-4E13-AC06-0C185ABB5F07}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C41135E8-D5F6-4707-BEEB-9607C20A88F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CCBC9CF2-BF68-47CF-9666-C4DBFC4A19A2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D4E3A660-C312-416E-A6AC-223AAFCD43C8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DE4516BE-1050-4DDA-9937-EC285012F561}" = rport=5061 | protocol=17 | dir=out | name=sip 5061 udp | 
"{E8D2F365-C931-42D6-9497-4C854CB1C62B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC15239E-6D2B-4671-9DD1-2160CB3DC961}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC6C5EFF-C380-4D63-BBA5-3697AB2FE5C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEEFCCF3-99D2-48C9-A5FF-99BD5942447B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FF5FABDB-49E3-4002-97B8-4ED83BD9D21F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A25BE3-5501-4EA0-9317-2B870C29DA3C}" = dir=out | app=%programfiles%\ninjalite\ninjalite\ninjali.exe | 
"{0E49247A-A6BB-46EE-9E48-E60AE80997BF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0F7CC0BB-0CD3-4611-9A5E-DA3CAA55DC14}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{21B3BCCF-D089-40B6-8B73-E707DCAA88C3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{23E42F74-CCA2-458E-A52A-C6B346F114AE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{25449E73-C436-485F-BF3B-CD9E47DC9BD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{27117D09-3490-449A-A5CC-87993D669B41}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{362E9F05-6805-483A-8D88-7CE8EBF3AF78}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{36F62FB8-2279-4BEF-9EFE-4750EEF57A23}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{47077531-D55C-4655-BD54-4FCD9298B9BB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4E8C8F97-3DB1-4B4C-9794-185C5377C07B}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{5E89480D-B6D4-48AF-AC3A-BEBA4FD15670}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{71630626-56F0-4661-B1D1-68BF9D5D1742}" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\xproxy.exe | 
"{7D8E502A-A6CB-4BD1-81AA-95214E418CEA}" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe | 
"{80EFE898-DBDC-4AB3-A928-25692AF936F7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{84B50EF5-4D79-4F01-8F06-D4A705D4251E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8CD6308B-E6AD-4C0D-8280-77FD2AA5FC92}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{96C26CA4-A9CA-499C-ACA8-DCC6C4A9EED4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9F73C3D1-3B94-492D-B1A6-677425EAC99C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{9FD7E7EC-227B-4AA9-8E3A-B9FB9D0E39DD}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{B215F44D-BA5D-45C0-BBDA-09F8A9CD1A62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{CA32A48E-D9E5-4D41-A0A0-44D337144730}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D36CB300-E99A-4C19-8758-A40DF0352424}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D911EA4F-845A-494C-BCEA-207BC6C23D35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D9149000-BD26-436B-A597-A433A5D3612B}" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe | 
"{EB1A8FDE-58D2-4FEF-8E02-E5FB1626B925}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EC53FB39-619F-49BF-96DF-7FED84307672}" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\xproxy.exe | 
"{ED934062-55DD-465E-AE61-7BB2BA981AF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EFBF6C14-0210-4158-8671-368638C5EEE5}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{F313242A-7A0B-48BD-AAA7-0CBCA94A41E0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{FE973084-6DBB-46A5-9CF9-74508C35555C}" = dir=out | app=%programfiles%\ninjalite\ninjalite\xproxy.exe | 
"TCP Query User{082B2363-B05C-472A-B9EB-EE0B237011C0}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{24B784E1-1BE6-4C88-93AE-3074EF90E0E3}C:\program files\ninjalite\ninjalite\ninjali.exe" = protocol=6 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe | 
"TCP Query User{3026416A-2573-473F-B3FA-18A03EB3CB77}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | 
"TCP Query User{72C9E958-6F61-45D4-9119-5B2E7478E275}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{04104410-7CF5-4BF5-9F82-8D8C52A48B11}C:\program files\ninjalite\ninjalite\ninjali.exe" = protocol=17 | dir=in | app=c:\program files\ninjalite\ninjalite\ninjali.exe | 
"UDP Query User{0DD3AB43-FBE9-4714-99B2-09941B5A34AE}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{4562545F-2A36-451B-BC8F-CF476DCA808B}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe | 
"UDP Query User{CF200E27-BC3E-4B5D-B694-DFD342A75348}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00626135-E60A-4550-9503-4F50C6C9B8BB}" = Google AdWords Editor
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite DCP-395CN
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{171D8D76-3F05-455A-A8AF-C561C2679905}" = Open XML SDK 2.0 for Microsoft Office
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E8FFAB1-88FA-4A8C-B611-08C2C9DD69F3}_is1" = NinjaLite 3.5.0.5
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75C26E7B-0416-427A-9C43-8F374C316973}" = NodeXL Excel Template
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{8073D8BC-7651-4ADF-9219-F67DB3C49103}" = TestDriven.Net 3.0 Personal
"{827990C7-4D30-3627-A2D1-5FFA09198BB2}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{83298573-A6B6-42AB-A234-FE91CA2859C0}" = Microsoft SQL Server 2008 Native Client
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}" = Microsoft SQL Server 2008 Setup Support Files 
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BA2B90-AF72-35CF-BFDC-E06531811B20}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9DB75EBF-DC06-4574-8FF1-3955C6673B21}" = Microsoft Application Error Reporting
"{A484263A-C779-4BF2-86CD-3E62D717F5AE}" = PDF Architect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}" = Minianwendung "Desktoplinks" für Windows Small Business Server 2008
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{DEB1CE7F-5821-4E1C-ADED-744F52052E4A}" = Open XML SDK 2.0 Productivity Tool for Microsoft Office
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E0FBC979-7FA5-40A4-B14F-E301958D1135}" = TogglDesktop
"{EB32EEAE-974F-34A3-80ED-704D509078D2}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FEE45451-2724-45B5-98DE-0E3B659194DD}" = Microsoft Dynamics CRM 4.0 für Microsoft Office Outlook
"7-Zip" = 7-Zip 9.22beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BTE_14_674328" = Business - Sprachkurs English
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Fiddler2" = Fiddler2
"Google Chrome" = Google Chrome
"IBP11_is1" = IBP 11.7.9
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 11.60.1185" = Opera 11.60
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Picasa 3" = Picasa 3
"PurgeIE_is1" = PurgeIE - 8.05
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WebSpider2" = Xaldon WebSpider2
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.45-3
"xampp" = XAMPP 1.7.7
"Xenu's Link Sleuth" = Xenu's Link Sleuth
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2434262337.localhost" = BacklinkTool
"37edc5e48a7387a6" = BacklinkTool
"FF6936D70060EBAD87660736B2F5E0260107A02E" = Smrf.NodeXL.ExcelTemplate
"GoToMeeting" = GoToMeeting 5.3.0.978
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.09.2012 01:58:02 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/14 07:58:02.736]: [00001056]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5  
 
Error - 14.09.2012 14:35:50 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/14 20:35:50.566]: [00001056]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5  
 
Error - 15.09.2012 03:06:43 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/15 09:06:43.813]: [00001056]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5  
 
Error - 15.09.2012 03:06:44 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/15 09:06:44.814]: [00001056]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5  
 
Error - 15.09.2012 03:45:12 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
 Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.09.2012 13:49:03 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/15 19:49:03.592]: [00001056]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5  
 
Error - 16.09.2012 21:54:24 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/17 03:54:24.748]: [00001056]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5  
 
Error - 16.09.2012 21:54:25 | Computer Name = GGLBuero.serendata.local | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/09/17 03:54:25.754]: [00001056]: CUsbScnDev: DeviceIoControl()
 failed. ErrorCode = 5  
 
Error - 18.09.2012 09:48:27 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
 Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.09.2012 02:28:19 | Computer Name = GGLBuero.serendata.local | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Microsoft
 Visual Studio 10.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 14.07.2012 02:48:24 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 14.07.2012 02:48:24 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2012 01:37:43 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 16.07.2012 01:37:43 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 16.07.2012 01:37:44 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 16.07.2012 01:37:44 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.07.2012 01:35:47 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 17.07.2012 01:35:47 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 17.07.2012 01:35:48 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 17.07.2012 01:35:48 | Computer Name = GGLBuero.serendata.local | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
gmer.txt

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-28 06:48:23
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD501LJ rev.CR100-10
Running: 9vhcvzpp.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\pwddqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                      82A78A49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                        82AB24D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                      section is writeable [0x91C1E000, 0x2D5378, 0xE8000020]
.text           user32.dll!DialogBoxParamW                                                                                                    76293B9B 5 Bytes  [E9, 20, 07, A3, FF] {JMP 0xffffffffffa30725}

---- User code sections - GMER 1.0.15 ----

.text           c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[300] USER32.dll!DialogBoxParamW              76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Windows\system32\wininit.exe[460] USER32.dll!DialogBoxParamW                                                               76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Windows\system32\services.exe[508] USER32.dll!DialogBoxParamW                                                              76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Windows\system32\lsass.exe[524] USER32.dll!DialogBoxParamW                                                                 76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           ...                                                                                                                           
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtCreateFile + 6                                         77DA55CE 4 Bytes  [28, 00, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtCreateFile + B                                         77DA55D3 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtMapViewOfSection + 6                                   77DA5C2E 1 Byte  [28]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtMapViewOfSection + 6                                   77DA5C2E 4 Bytes  [28, 03, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtMapViewOfSection + B                                   77DA5C33 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenFile + 6                                           77DA5CDE 4 Bytes  [68, 00, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenFile + B                                           77DA5CE3 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcess + 6                                        77DA5D8E 4 Bytes  [A8, 01, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcess + B                                        77DA5D93 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcessToken + 6                                   77DA5D9E 4 Bytes  CALL 76DA64A4 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcessToken + B                                   77DA5DA3 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcessTokenEx + 6                                 77DA5DAE 4 Bytes  [A8, 02, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenProcessTokenEx + B                                 77DA5DB3 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThread + 6                                         77DA5E0E 4 Bytes  [68, 01, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThread + B                                         77DA5E13 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThreadToken + 6                                    77DA5E1E 4 Bytes  [68, 02, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThreadToken + B                                    77DA5E23 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThreadTokenEx + 6                                  77DA5E2E 4 Bytes  CALL 76DA6535 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtOpenThreadTokenEx + B                                  77DA5E33 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtQueryAttributesFile + 6                                77DA5F3E 4 Bytes  [A8, 00, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtQueryAttributesFile + B                                77DA5F43 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtQueryFullAttributesFile + 6                            77DA5FEE 4 Bytes  CALL 76DA66F3 C:\Windows\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation)
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtQueryFullAttributesFile + B                            77DA5FF3 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtSetInformationFile + 6                                 77DA663E 4 Bytes  [28, 01, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtSetInformationFile + B                                 77DA6643 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtSetInformationThread + 6                               77DA669E 4 Bytes  [28, 02, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtSetInformationThread + B                               77DA66A3 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtUnmapViewOfSection + 6                                 77DA69BE 1 Byte  [68]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtUnmapViewOfSection + 6                                 77DA69BE 4 Bytes  [68, 03, 07, 00]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] ntdll.dll!NtUnmapViewOfSection + B                                 77DA69C3 1 Byte  [E2]
.text           C:\Program Files\Toggl\TogglDesktop\TogglDesktop.exe[1700] USER32.dll!DialogBoxParamW                                         76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1808] USER32.dll!DialogBoxParamW                                       76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.exe[1832] USER32.dll!DialogBoxParamW    76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Windows\system32\svchost.exe[1900] USER32.dll!DialogBoxParamW                                                              76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1928] USER32.dll!DialogBoxParamW                                76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           ...                                                                                                                           
.text           C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe[4068] USER32.dll!SetScrollRange                                              76278EC5 8 Bytes  JMP 003B00D9 
.text           C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe[4068] USER32.dll!SetScrollInfo                                               762848DA 8 Bytes  JMP 003B0000 
.text           C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe[4068] USER32.dll!DialogBoxParamW                                             76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Program Files\NinjaLite\NinjaLite\NinjaLi.exe[4068] USER32.dll!SetScrollPos                                                762A04BE 8 Bytes  JMP 003B01CA 
.text           C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4704] USER32.dll!DialogBoxParamW  76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Windows\system32\svchost.exe[5080] USER32.dll!DialogBoxParamW                                                              76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Users\***\Desktop\9vhcvzpp.exe[5580] USER32.dll!DialogBoxParamW                                              76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll
.text           C:\Program Files\TrueCrypt\TrueCrypt.exe[5624] USER32.dll!DialogBoxParamW                                                     76293B9B 5 Bytes  JMP 75CC42C0 c:\progra~2\browse~1\25911~1.18\{c16c1~1\mngr.dll

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000049                                                                                             halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         

Alt 28.11.2012, 14:34   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Claro search im Browser und Rechner wird lahmgelegt - Standard

Claro search im Browser und Rechner wird lahmgelegt



Hallo und

Code:
ATTFilter
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = se***ta.local
         
Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:
3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.
__________________

__________________

Antwort

Themen zu Claro search im Browser und Rechner wird lahmgelegt
32 bit, 7-zip, adobe, backlink, bho, browser, browser manager, claro search trojaner, converter, defender, error, explorer, fehler, firefox, flash player, format, gmx.net, google, install.exe, intranet, launch, logfile, mozilla, ntdll.dll, object, opera, recycle.bin, registry, rundll, scan, security, senden, server, services.exe, software, visual studio, windows



Ähnliche Themen: Claro search im Browser und Rechner wird lahmgelegt


  1. Claro search
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (4)
  2. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (9)
  3. (2x) Claro Search eingefangen
    Mülltonne - 27.12.2012 (1)
  4. Claro Search eingefangen.
    Log-Analyse und Auswertung - 27.12.2012 (1)
  5. Claro Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (3)
  6. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (17)
  7. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (23)
  8. Claro Search eingefangen
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (3)
  9. Claro Search eingfangen :(
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (23)
  10. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (15)
  11. Claro-Search als Startseite
    Log-Analyse und Auswertung - 22.11.2012 (11)
  12. Claro Search Virus
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (28)
  13. Claro-Search
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (11)
  14. Claro Search im Firefox
    Log-Analyse und Auswertung - 16.11.2012 (10)
  15. Claro Search
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (23)
  16. Claro Search
    Log-Analyse und Auswertung - 12.11.2012 (27)
  17. virus auf dem pc search.chatzum.com bei Mozilla Firefox und search.claro.com bei IE
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (1)

Zum Thema Claro search im Browser und Rechner wird lahmgelegt - Hallo zusammen, auch ich habe mir den Claro Search eingefangen. Claro Search erscheint in allen Browsern (Firefox, IE, Google Chrome). Rechner ist nach ein paar Stunden komplett lahmgelegt. Alle offenen - Claro search im Browser und Rechner wird lahmgelegt...
Archiv
Du betrachtest: Claro search im Browser und Rechner wird lahmgelegt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.