Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.Blabbers

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.12.2012, 11:25   #1
Monk71
 
PUP.Blabbers - Standard

PUP.Blabbers



Hallo zusammen,

ich habe seit kurzem das Problem, das sich im Firefox immer eine Werbeseite öffnet, wenn ich ein offene Seite an klicke, oder eine neu Seite über meine Favoriten öffne.

Ich habe mir Malwarebytes Anti-Malware runter geladen und einen Vollständigen scan durgeführt. Die Log datei habe ich angehängt.

Ich hoffe Ihr könnt mir Helfen
Angehängte Dateien
Dateityp: txt mbam-log-2012-12-11 (12-10-22).txt (31,9 KB, 208x aufgerufen)

Alt 11.12.2012, 12:22   #2
Monk71
 
PUP.Blabbers - Standard

PUP.Blabbers



Zitat:
Zitat von Monk71 Beitrag anzeigen
Hallo zusammen,

ich habe seit kurzem das Problem, das sich im Firefox immer eine Werbeseite öffnet, wenn ich ein offene Seite an klicke, oder eine neu Seite über meine Favoriten öffne.

Ich habe mir Malwarebytes Anti-Malware runter geladen und einen Vollständigen scan durgeführt. Die Log datei habe ich angehängt.

Ich hoffe Ihr könnt mir Helfen
Ich habe zu Sicherheit auch einmal AdwCleaner laufen lassen.
Hier das Ergebnis:

# AdwCleaner v2.100 - Datei am 11/12/2012 um 13:17:02 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : hecklau - HECKLAUJ02
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\hecklau\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Datei Gefunden : C:\Users\hecklau\AppData\Roaming\Mozilla\Firefox\Profiles\g33a8ykm.default\searchplugins\Plusnetwork.xml
Ordner Gefunden : C:\Program Files (x86)\BrowserCompanion
Ordner Gefunden : C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb
Ordner Gefunden : C:\Users\hecklau\AppData\Roaming\BrowserCompanion
Ordner Gefunden : C:\Users\hecklau\AppData\Roaming\Mozilla\Firefox\Profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com
Ordner Gefunden : C:\Users\Install\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gefunden : HKLM\Software\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gefunden : HKU\S-1-5-21-1601906125-279381933-2032345518-14107\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v12.0 (de)

Profilname : default
Datei : C:\Users\hecklau\AppData\Roaming\Mozilla\Firefox\Profiles\g33a8ykm.default\prefs.js

Gefunden : user_pref("browser.search.selectedEngine", "Plus! Network");
Gefunden : user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");

Profilname : default
Datei : C:\Users\Install\AppData\Roaming\Mozilla\Firefox\Profiles\ufx5vgiy.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3039 octets] - [11/12/2012 13:17:02]

########## EOF - C:\AdwCleaner[R1].txt - [3099 octets] ##########
__________________


Alt 11.12.2012, 16:01   #3
t'john
/// Helfer-Team
 
PUP.Blabbers - Standard

PUP.Blabbers





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.



Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

1. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

[/INDENT]
__________________
__________________

Alt 12.12.2012, 10:35   #4
Monk71
 
PUP.Blabbers - Standard

PUP.Blabbers



Vielen Dank für die schnelle Antwort :-)

Ich habe Deine Schritte befolgt und hier sind die Ergebnisse

Malwarebytes Anti-Rootkit log 1:
Zitat:
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
hecklau :: HECKLAUJ02 [administrator]

11.12.2012 17:59:00
mbar-log-2012-12-11 (17-59-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31271
Time elapsed: 31 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 6
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\BASE64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\CHROME|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\PROTOCOLS\HANDLER\PROX|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files (x86)\BrowserCompanion (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Delete on reboot.

Files Detected: 105
C:\Users\hecklau\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\logo.ico (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\updater.ini (PUP.Blabbers) -> Delete on reboot.
C:\Program Files (x86)\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\0984d4fababb5d92394dc5b39b700075_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\150b7566b7871fb6e0ef44753d0c6dc3_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\1bb25568f8455e74906142466f792c87_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\231785d024a11371bfc94ffff0a4b741_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\253712f62fa354f36c490a3f42ba9bfc_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\286965653b415f505622ea74d2bd3bbe_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a6d4447986c4e442d92ed00b149c14f3_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a95092a9bd34f5cfc98f78ca74502f36_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\aa36bceec49c832079e270icmc219ats (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\b3688636ecfdc491aea728939c15f43e_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\b5080fd498f4580cd85cbf8ff41766c5_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\62cce7d26ab5636bceb113b988d56c59_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\6496a43cad388e4b78f1ecce8fcffc27_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\6d091eb0bf44b762a039ee138e6b165c_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\6d4100dc97e9abad47303e5e0d38b2b6_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\6f8b3140943075f95ae0c74c1a13b752_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\897979c67bed116efad1a04f5f229ecd_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\8fd0e5f2c42f56c41599ca329ef70350_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e9e14a99847657c53e1cc29cc55ab7af_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\eeab68dd74d26245087956fb3caf6937_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\9c2afdb0a6d9bf59b300144154b58c67_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\9c86b973456448ae01f1cbc0d6cf607a_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a227f4517bd7937e697182f46906a6b4_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\d5747e13728fd7df356bc13545143ea6_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\d6418e300158fb16d8396d122d4b423b_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\d965aead622233a60676ef2349956f38_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\ddedfe6ede02f148caf19a2dec7f877d_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\2e0dda2d2281da01c330dc3e12b45a9d_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\38207d71d9cc86fb6daebc118ce6286c_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\4713e82e27fb9719d76577d1585acb00_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\477f5134e73f0099219c494cb23f6657_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e3cd5b2c64ca319aadec7c28c6c6feba_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e6c109bf52ef89fe99f9a9379617ab0e_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e7395ccc0c22b2cca7bf3e0c7db4d8a6_DE (PUP.Blabbers) -> Delete on reboot.
C:\Users\hecklau\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Delete on reboot.

(end)
Malwarebytes Anti-Rootkit log 2:
Zitat:
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
hecklau :: HECKLAUJ02 [administrator]

12.12.2012 11:17:08
mbar-log-2012-12-12 (11-17-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31058
Time elapsed: 16 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.12.2012 11:26:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hecklau\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,93% Memory free
15,77 Gb Paging File | 13,47 Gb Available in Paging File | 85,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,00 Gb Total Space | 16,63 Gb Free Space | 22,18% Space Free | Partition Type: NTFS
Drive D: | 222,99 Gb Total Space | 76,60 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive G: | 111,57 Gb Total Space | 32,07 Gb Free Space | 28,75% Space Free | Partition Type: NTFS
Drive H: | 117,19 Gb Total Space | 12,72 Gb Free Space | 10,86% Space Free | Partition Type: NTFS
Drive I: | 546,48 Gb Total Space | 60,72 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive K: | 279,37 Gb Total Space | 25,38 Gb Free Space | 9,08% Space Free | Partition Type: NTFS
Drive M: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive N: | 546,48 Gb Total Space | 60,72 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive O: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive P: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive Q: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive R: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive S: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive T: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive U: | 136,62 Gb Total Space | 42,07 Gb Free Space | 30,79% Space Free | Partition Type: NTFS
 
Computer Name: HECKLAUJ02 | User Name: hecklau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\hecklau\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
PRC - D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - D:\Programme\Synergy\synergys.exe ()
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - D:\Programme\VMware\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - D:\Programme\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - d:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - d:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - D:\Programme\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies)
PRC - D:\Programme\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies)
PRC - D:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\SwyxIt!\ODialer.exe (Swyx Solutions)
PRC - C:\Program Files (x86)\SwyxIt!\CLMgr.exe (Swyx Solutions)
PRC - C:\Program Files (x86)\SwyxIt!\SwyxIt!.exe (Swyx Solutions)
PRC - D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
MOD - D:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\IpPbxCDSSharedLib\6.20.0.430__cf78dfa0a74454f8\IpPbxCDSSharedLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Xceed.Compression\3.7.8113.16100__ba83ff368b7563c6\Xceed.Compression.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\IpPbxWin32\1.0.0.2__cf78dfa0a74454f8\IpPbxWin32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\IpPbxTracing\1.0.0.0__cf78dfa0a74454f8\IpPbxTracing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.Web.Services3\3.0.0.0__31bf3856ad364e35\Microsoft.Web.Services3.dll ()
MOD - D:\Programme\Software4u\iPhone Explorer\Software4u.IPhoneLib.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - D:\Programme\CheckPoint\Endpoint Connect\imageformats\qgif4.dll ()
MOD - D:\Programme\CheckPoint\Endpoint Connect\QtGui4.dll ()
MOD - D:\Programme\CheckPoint\Endpoint Connect\QtCore4.dll ()
MOD - C:\Program Files (x86)\SwyxIt!\SPLicense.dll ()
MOD - C:\Program Files (x86)\SwyxIt!\PlantronicsDeviceEventSink.dll ()
MOD - C:\Program Files (x86)\SwyxIt!\IpPbxCDSClientLib.XmlSerializers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Synergy Server) -- D:\Programme\Synergy\synergys.exe ()
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- D:\Programme\VMware\vmware-authd.exe (VMware, Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VmbService) -- D:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe (Vodafone)
SRV - (tmlisten) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.)
SRV - (MSSQLSERVER) -- d:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$TEST) -- d:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (TracSrvWrapper) -- D:\Programme\CheckPoint\Endpoint Connect\TracSrvWrapper.exe (Check Point Software Technologies)
SRV - (TmProxy) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)
SRV - (CVPND) -- D:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (InstallFilterService) -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TmFilter) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys (Trend Micro Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9}
IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Plus! Network"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledAddons: coralietab@mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.1
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: ffe_ff3aeroff4@game-point.net:2.0.1
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.6.2
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.7
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {269e35b1-cdde-11de-8a39-0800200c9a67}:0.3.3
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
FF - prefs.js..keyword.URL: "hxxp://www.searchplusnetwork.com/?sp=vit4&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: D:\Programme\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon\ [2012.04.13 15:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 12:06:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.06.22 08:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.08.16 07:53:23 | 000,000,000 | ---D | M]
 
[2012.04.10 14:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\Extensions
[2012.12.03 17:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions
[2012.04.13 14:56:28 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2012.04.13 14:55:39 | 000,000,000 | ---D | M] (Netfox) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\{269e35b1-cdde-11de-8a39-0800200c9a67}
[2012.07.31 08:56:25 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}
[2012.08.22 17:07:46 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com
[2012.04.13 14:45:52 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\coralietab@mozdev.org
[2012.11.23 17:33:41 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\hecklau\AppData\Roaming\mozilla\Firefox\Profiles\g33a8ykm.default\extensions\foxyproxy@eric.h.jung
[2012.07.31 08:53:18 | 000,827,050 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\ffe_ff3aeroff4@game-point.net.xpi
[2012.12.03 17:52:24 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.02 11:26:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.12.11 11:59:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.12.11 11:59:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.12.12 10:53:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.12.10 11:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.10.22 11:04:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire
[2012.12.12 11:17:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.12.11 11:59:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire
[2012.11.27 10:49:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.11.21 13:55:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\92014bb7f6462cb491e652ca4941f1d2_expire
[2012.12.12 10:53:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.12.11 11:59:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.12.11 11:59:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.10.30 10:26:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire
[2012.10.29 09:16:33 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire
[2012.12.11 11:59:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire
[2012.10.30 09:03:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire
[2012.11.20 10:44:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire
[2012.12.11 11:59:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.11.20 10:44:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012.10.22 11:04:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012.12.11 11:59:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.12.10 11:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.12.10 11:38:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.08.22 17:07:46 | 000,002,792 | ---- | M] () -- C:\Users\hecklau\AppData\Roaming\mozilla\firefox\profiles\g33a8ykm.default\searchplugins\Plusnetwork.xml
[2012.03.29 09:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.29 09:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.07.30 10:53:24 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2012.03.13 05:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Check Point Endpoint Security] D:\Programme\CheckPoint\Endpoint Connect\TrGUI.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [MobileBroadband] D:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Synergy] D:/Programme/Synergy/synergy.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1601906125-279381933-2032345518-14107..\Run: [DAEMON Tools Lite] D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1601906125-279381933-2032345518-14107..\Run: [iPhone Explorer Launcher] D:\Programme\Software4u\iPhone Explorer\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de)
O4 - HKU\S-1-5-21-68118334-1497826446-2629867153-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Users\hecklau\Desktop\mbar-1.01.0.1011\mbar\mbar.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-68118334-1497826446-2629867153-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Markierte Rufnummer/URI wählen - C:\Program Files (x86)\SwyxIt!\IEDial.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: SwyxIt! Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files (x86)\SwyxIt!\IEDial.htm ()
O9 - Extra 'Tools' menuitem : SwyxIt! Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files (x86)\SwyxIt!\IEDial.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1601906125-279381933-2032345518-14107\..Trusted Ranges: Range1 ([https] in Vertrauenswürdige Sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn.seeburger.de/+CSCOL+/cscopf.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://213.211.239.30/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.66 10.0.0.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = seeburger.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93D81343-5FB2-474E-952F-9970D57B7C90}: DhcpNameServer = 10.0.0.66 10.0.0.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9452D8E-37B4-4949-8D4A-C998A832E352}: DhcpNameServer = 139.7.30.126 139.7.30.125
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.17 16:15:47 | 000,000,000 | ---D | M] - N:\Automotive -- [ NTFS ]
O32 - AutoRun File - [2012.03.14 14:19:37 | 000,000,000 | ---D | M] - O:\Automotive -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.12 11:20:20 | 015,728,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.12.12 09:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2012.12.12 09:38:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2012.12.12 09:37:36 | 000,000,000 | ---D | C] -- C:\Windows\{69093D49-3DD1-4FB5-A378-0D4DB4CF86EA}
[2012.12.11 17:37:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hecklau\Desktop\OTL.exe
[2012.12.11 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\hecklau\Desktop\mbar-1.01.0.1011
[2012.12.10 14:45:38 | 000,000,000 | ---D | C] -- C:\Users\hecklau\AppData\Roaming\Malwarebytes
[2012.12.10 14:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.10 14:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.10 14:45:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.30 15:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.11.30 15:49:57 | 000,000,000 | ---D | C] -- C:\Users\hecklau\AppData\Local\Google
[2012.11.30 15:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.11.16 17:45:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.16 17:45:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.16 17:45:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.16 17:45:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.16 17:45:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.16 17:45:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.16 09:30:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.16 09:30:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.16 09:30:23 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.16 09:30:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.16 09:30:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.14 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\hecklau\flexdock
[2012.11.14 11:54:45 | 000,000,000 | ---D | C] -- C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JasperSoft
[2012.11.14 11:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JasperSoft
[2012.11.13 13:07:39 | 000,000,000 | ---D | C] -- C:\Users\hecklau\.netbeans
[2012.11.13 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\hecklau\.ireport
[2012.11.13 13:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jaspersoft
[2012.11.13 12:36:44 | 000,000,000 | ---D | C] -- C:\Users\hecklau\.xmldog
[2012.11.13 11:48:17 | 000,000,000 | ---D | C] -- C:\Users\hecklau\.easyxmleditor
[2012.11.13 11:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy XML Editor
[2012.11.13 11:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy XML Editor
[2012.11.13 11:43:00 | 000,000,000 | ---D | C] -- C:\Users\hecklau\Application Data
[2012.11.13 11:35:40 | 000,000,000 | ---D | C] -- C:\Office Samples
[2012.11.13 11:25:46 | 000,000,000 | ---D | C] -- C:\Users\hecklau\AppData\Roaming\com.oxygenxml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.12 11:20:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.12 11:20:27 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.12 11:20:27 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.12 11:20:20 | 015,728,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.12.12 11:17:27 | 000,010,531 | ---- | M] () -- C:\Windows\uedit32.INI
[2012.12.12 10:59:53 | 000,000,143 | RHS- | M] () -- C:\ProgramData\3002.xml
[2012.12.12 10:59:51 | 000,008,906 | ---- | M] () -- C:\Windows\cfgall.ini
[2012.12.12 10:57:47 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.12 10:57:17 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012.12.12 10:57:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.12 10:56:55 | 2053,844,991 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.12 10:55:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.12 10:40:59 | 000,002,450 | -H-- | M] () -- C:\Users\hecklau\Documents\Default.rdp
[2012.12.11 17:37:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hecklau\Desktop\OTL.exe
[2012.12.11 17:25:39 | 013,485,902 | ---- | M] () -- C:\Users\hecklau\Desktop\mbar-1.01.0.1011.zip
[2012.12.11 16:45:11 | 000,003,333 | ---- | M] () -- C:\Users\hecklau\Desktop\Netviewer_Support_Sessions_2041060.csv
[2012.12.11 15:14:58 | 053,599,515 | ---- | M] () -- C:\Users\hecklau\Desktop\2012_12_11 14_39_32_865.nvl
[2012.12.11 14:36:25 | 035,966,137 | ---- | M] () -- C:\Users\hecklau\Desktop\2012_12_11 14_09_40_451.nvl
[2012.12.10 14:45:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.21 09:24:02 | 000,002,052 | RHS- | M] () -- C:\Users\hecklau\ntuser.pol
[2012.11.16 15:34:09 | 000,001,344 | ---- | M] () -- C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.11.14 16:15:10 | 725,052,523 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.14 12:43:41 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\iReport-4.7.0.lnk
[2012.11.14 11:54:45 | 000,001,186 | ---- | M] () -- C:\Users\hecklau\Desktop\iReport-2.0.2.lnk
[2012.11.13 11:48:13 | 000,001,085 | ---- | M] () -- C:\Users\hecklau\Desktop\Easy XML Editor.lnk
[2012.11.13 11:48:13 | 000,001,053 | ---- | M] () -- C:\Users\hecklau\Desktop\XML Dog.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.11 17:26:15 | 013,485,902 | ---- | C] () -- C:\Users\hecklau\Desktop\mbar-1.01.0.1011.zip
[2012.12.11 14:39:32 | 053,599,515 | ---- | C] () -- C:\Users\hecklau\Desktop\2012_12_11 14_39_32_865.nvl
[2012.12.11 14:09:40 | 035,966,137 | ---- | C] () -- C:\Users\hecklau\Desktop\2012_12_11 14_09_40_451.nvl
[2012.12.10 14:45:34 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.30 15:50:12 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.30 15:50:08 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.19 13:50:05 | 000,003,333 | ---- | C] () -- C:\Users\hecklau\Desktop\Netviewer_Support_Sessions_2041060.csv
[2012.11.14 12:43:41 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\iReport-4.7.0.lnk
[2012.11.14 11:54:45 | 000,001,186 | ---- | C] () -- C:\Users\hecklau\Desktop\iReport-2.0.2.lnk
[2012.11.13 11:48:13 | 000,001,085 | ---- | C] () -- C:\Users\hecklau\Desktop\Easy XML Editor.lnk
[2012.11.13 11:48:13 | 000,001,053 | ---- | C] () -- C:\Users\hecklau\Desktop\XML Dog.lnk
[2012.08.29 14:54:37 | 000,000,143 | RHS- | C] () -- C:\ProgramData\3002.xml
[2012.08.22 17:13:48 | 000,000,040 | ---- | C] () -- C:\Users\hecklau\AppData\Roaming\cdr.ini
[2012.06.07 14:33:40 | 000,007,610 | ---- | C] () -- C:\Users\hecklau\AppData\Local\Resmon.ResmonCfg
[2012.06.07 09:53:40 | 000,011,904 | RHS- | C] () -- C:\ProgramData\3002.abs
[2012.06.01 12:40:59 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2012.05.30 11:39:21 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012.05.30 11:39:20 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012.05.14 15:14:50 | 000,010,531 | ---- | C] () -- C:\Windows\uedit32.INI
[2012.04.11 07:57:45 | 001,984,860 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.10 13:47:15 | 000,002,052 | RHS- | C] () -- C:\Users\hecklau\ntuser.pol
[2012.03.29 09:25:13 | 000,008,906 | ---- | C] () -- C:\Windows\cfgall.ini
[2012.03.29 08:52:57 | 000,002,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.28 07:17:40 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012.03.28 07:16:28 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012.01.31 15:07:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.01.31 15:07:52 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.01.31 15:07:50 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.01.31 15:07:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.01.31 15:07:44 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.04.18 14:39:56 | 000,226,364 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.12.2012 11:26:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hecklau\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,91 Gb Available Physical Memory | 74,93% Memory free
15,77 Gb Paging File | 13,47 Gb Available in Paging File | 85,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,00 Gb Total Space | 16,63 Gb Free Space | 22,18% Space Free | Partition Type: NTFS
Drive D: | 222,99 Gb Total Space | 76,60 Gb Free Space | 34,35% Space Free | Partition Type: NTFS
Drive G: | 111,57 Gb Total Space | 32,07 Gb Free Space | 28,75% Space Free | Partition Type: NTFS
Drive H: | 117,19 Gb Total Space | 12,72 Gb Free Space | 10,86% Space Free | Partition Type: NTFS
Drive I: | 546,48 Gb Total Space | 60,72 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive K: | 279,37 Gb Total Space | 25,38 Gb Free Space | 9,08% Space Free | Partition Type: NTFS
Drive M: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive N: | 546,48 Gb Total Space | 60,72 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive O: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive P: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive Q: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive R: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive S: | 950,00 Gb Total Space | 180,55 Gb Free Space | 19,00% Space Free | Partition Type: NTFS
Drive T: | 546,48 Gb Total Space | 4,11 Gb Free Space | 0,75% Space Free | Partition Type: NTFS
Drive U: | 136,62 Gb Total Space | 42,07 Gb Free Space | 30,79% Space Free | Partition Type: NTFS
 
Computer Name: HECKLAUJ02 | User Name: hecklau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = UltraEdit.ini] -- "F:\Laufwerk_C\Programme\UltraEdit\uedit32.exe" "%1"
.js [@ = UltraEdit.js] -- "F:\Laufwerk_C\Programme\UltraEdit\uedit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- "F:\Laufwerk_C\Programme\UltraEdit\uedit32.exe" "%1"
 
[HKEY_USERS\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.ini [@ = UltraEdit.ini] -- D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js [@ = UltraEdit.js] -- D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- D:\Programme\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12B8AAC5-74BD-4FFD-B4B6-15D83A4E300E}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 | 
"{242F0E54-66A7-4083-A6E0-0A4FDAEFE02A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{374EDEEC-364D-4FB3-B2EF-05FC60DA7BF9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A72F364-A24C-429B-AD72-AA2BDA01DB8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{6ABE42A5-EF7D-4130-8A77-5970912EDCC3}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 | 
"{6DAE7BB5-E532-49FD-B920-D0DED4EA2B00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7268FED5-69B4-4049-816D-A00E2DCD3D4C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{91753AFC-026B-449D-AAB2-1E01420D02E5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{92696278-762F-4920-AA4F-140C9421F7A2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99C40EE6-88AC-4FB5-8F7C-16A52F9B1D67}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9FD4EE6C-1FEC-42AD-BB1F-E6BFD0B73FA4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CE1BB512-7F69-489F-A6D0-17D36892344F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F07A3A29-F034-4439-9A0F-DB32D3488CE3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27FF5BFF-B371-4BB7-8B6C-1D2458771557}" = dir=in | app=d:\programme\vmware\vmware-authd.exe | 
"{37EFA396-7873-442A-BFB4-CC08BE195780}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{95C4F615-27CC-4EBB-A4AB-070D860BACF8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{97517721-36E3-4581-A1FF-351EFA4A98CA}" = dir=in | app=d:\programme\vmware\vmware-authd.exe | 
"{BDBF5313-99C1-4995-B833-74B2AB55E1D2}" = dir=in | app=c:\program files (x86)\swyxit!\clmgr.exe | 
"{D9F7CE9F-EF2E-49F3-9EE3-A458479E6FE4}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{E0EDF912-24F9-4333-A63E-BDE4C952B3A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F4EF7853-CE52-4482-9759-CF4A8381DCA3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"TCP Query User{F3A7B234-916C-4644-AD4D-8D077C9E009C}C:\users\hecklau\desktop\netviewer_support.exe" = protocol=6 | dir=in | app=c:\users\hecklau\desktop\netviewer_support.exe | 
"UDP Query User{56C25906-C654-4E69-8260-2B9F2F6E7461}C:\users\hecklau\desktop\netviewer_support.exe" = protocol=17 | dir=in | app=c:\users\hecklau\desktop\netviewer_support.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{291E2930-2240-11E2-BC84-B8AC6F98CCE3}" = Google Earth Plug-in
"{3AD96D37-7CAF-4295-A274-E403F1F38065}" = Tools für Microsoft SQL Server 2005
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{56B6B9B0-C23F-4680-9B06-D96FF8832FB2}" = Microsoft SQL Server 2005 (TEST)
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005
"{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{f508ae38-2d20-413e-a55c-58c86661f045}" = Check Point Endpoint Security
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDEC0704-D15E-4DB8-A624-2256DD4C65D7}" = Dell MFP Laser 3115cn Scanner-Treiber
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BIS Developer Studio_6.3.4" = SEEBURGER BIS Developer Studio 6.3.4
"BIS Process Designer_6.3.4" = SEEBURGER BIS Process Designer 6.3.4
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy XML Editor_is1" = Easy XML Editor 1.6.6
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free Window Registry Repair" = Free Window Registry Repair
"iReport-2.0.2.exe" = iReport 2.0.2
"iReport-4.7.0.exe" = iReport 4.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.STANDARD" = Microsoft Office Standard 2010
"ShareMouse_is1" = ShareMouse v1.0.86
"Spark 2.6.3.12555" = Spark 2.6.3.12555
"Spesoft Audio Converter_is1" = Spesoft Audio Converter 2.6
"Synergy" = Synergy
"TeamViewer 7" = TeamViewer 7
"The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0
"VLC media player" = VLC media player 2.0.1
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1601906125-279381933-2032345518-14107\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.10.2012 12:00:36 | Computer Name = hecklauj02.seeburger.de | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error - 18.10.2012 12:00:37 | Computer Name = hecklauj02.seeburger.de | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.10.2012 12:00:37 | Computer Name = hecklauj02.seeburger.de | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009
 
Error - 18.10.2012 12:00:37 | Computer Name = hecklauj02.seeburger.de | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009
 
Error - 19.10.2012 02:50:55 | Computer Name = hecklauj02.seeburger.de | Source = AutoEnrollment | ID = 6
Description = 
 
Error - 19.10.2012 02:51:47 | Computer Name = hecklauj02.seeburger.de | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.10.2012 06:55:55 | Computer Name = hecklauj02.seeburger.de | Source = VmbService | ID = 0
Description = GetClient
 
Error - 19.10.2012 06:56:12 | Computer Name = hecklauj02.seeburger.de | Source = VmbService | ID = 0
Description = GetLoggedOnUser
 
Error - 22.10.2012 03:10:29 | Computer Name = hecklauj02.seeburger.de | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.10.2012 03:26:22 | Computer Name = hecklauj02.seeburger.de | Source = WinMgmt | ID = 10
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 12.12.2012 04:39:10 | Computer Name = hecklauj02.seeburger.de | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1084 NULL object. Cannot establish a connection at this time.
 
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen.   
 
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown 
 
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801 
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE 
 
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen.   
 
Error - 12.12.2012 05:55:43 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE 
 
Error - 12.12.2012 05:57:40 | Computer Name = hecklauj02.seeburger.de | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 12.12.2012 05:59:47 | Computer Name = hecklauj02.seeburger.de | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4612
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 12.12.2012 05:59:48 | Computer Name = hecklauj02.seeburger.de | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1084 NULL object. Cannot establish a connection at this time.
 
[ Media Center Events ]
Error - 07.06.2012 02:09:02 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 08:08:37 - Fehler beim Herstellen der Internetverbindung.  08:08:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.06.2012 03:10:35 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 09:10:35 - Fehler beim Herstellen der Internetverbindung.  09:10:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.06.2012 03:11:16 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 09:10:41 - Fehler beim Herstellen der Internetverbindung.  09:10:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.06.2012 01:55:13 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:55:13 - Fehler beim Herstellen der Internetverbindung.  07:55:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.06.2012 01:55:24 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:55:18 - Fehler beim Herstellen der Internetverbindung.  07:55:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.06.2012 01:55:49 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:55:49 - Fehler beim Herstellen der Internetverbindung.  07:55:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 20.06.2012 01:56:42 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:55:54 - Fehler beim Herstellen der Internetverbindung.  07:55:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.07.2012 01:35:49 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:35:49 - Fehler beim Herstellen der Internetverbindung.  07:35:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.07.2012 01:36:02 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:35:55 - Fehler beim Herstellen der Internetverbindung.  07:35:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2012 01:43:04 | Computer Name = hecklauj02.seeburger.de | Source = MCUpdate | ID = 0
Description = 07:43:02 - Fehler beim Herstellen der Internetverbindung.  07:43:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 01.10.2012 03:47:25 | Computer Name = hecklauj02.seeburger.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 01.10.2012 04:01:28 | Computer Name = hecklauj02.seeburger.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 01.10.2012 05:56:42 | Computer Name = hecklauj02.seeburger.de | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne SUB aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 01.10.2012 09:55:44 | Computer Name = hecklauj02.seeburger.de | Source = Service Control Manager | ID = 7034
Description = Dienst "Synergy Server" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 02.10.2012 02:03:35 | Computer Name = hecklauj02.seeburger.de | Source = NETLOGON | ID = 5719
Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller
 in der Domäne SUB aufgrund der folgenden  Ursache nicht einrichten:   %%1311    Dies kann
 zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer mit
 dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn das
 Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein Domänencontroller
 der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären  Domänencontrolleremulator
 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 
sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.
 
Error - 02.10.2012 02:03:39 | Computer Name = hecklauj02.seeburger.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 02.10.2012 02:04:17 | Computer Name = hecklauj02.seeburger.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 
Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann
 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn
 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 
und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 
Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
 
Error - 02.10.2012 02:05:07 | Computer Name = hecklauj02.seeburger.de | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Browser erreicht.
 
Error - 02.10.2012 02:05:17 | Computer Name = hecklauj02.seeburger.de | Source = DCOM | ID = 10016
Description = 
 
Error - 02.10.2012 02:07:17 | Computer Name = hecklauj02.seeburger.de | Source = Service Control Manager | ID = 7031
Description = Der Dienst "OfficeScan NT RealTime Scan" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
--- --- ---

Geändert von Monk71 (12.12.2012 um 10:44 Uhr)

Alt 13.12.2012, 17:19   #5
t'john
/// Helfer-Team
 
PUP.Blabbers - Standard

PUP.Blabbers



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
MOD - C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe () 

O4 - Startup: C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
 
:Files

C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\hecklau\*.tmp
C:\Users\hecklau\AppData\Local\Temp\*.exe
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

__________________
Mfg, t'john
Das TB unterstützen

Alt 14.12.2012, 09:07   #6
Monk71
 
PUP.Blabbers - Standard

PUP.Blabbers



Hallo,

anbei das OTL Ergebnis.

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk moved successfully.
C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
========== FILES ==========
File\Folder C:\Users\hecklau\AppData\Roaming\BrowserCompanion\tbhcn.exe not found.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\hecklau\*.tmp not found.
C:\Users\hecklau\AppData\Local\Temp\Browser_Helper_Companion_DE.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\Foxit Updater.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\nvvistaservice_2696_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\nvvistaservice_4060_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\nvvistaservice_5008_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\NV_Meet_Participant.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\NV_Support_Participant.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_1584_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_3984_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_4320_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_5180_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_5640_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_6756_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\shmcapture_8764_1.exe moved successfully.
C:\Users\hecklau\AppData\Local\Temp\vpnclient_setup.exe moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\hecklau\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\hecklau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\hecklau\Desktop\cmd.bat deleted successfully.
C:\Users\hecklau\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: hecklau
->Temp folder emptied: 643028947 bytes
->Temporary Internet Files folder emptied: 59467818 bytes
->FireFox cache emptied: 70937402 bytes
->Flash cache emptied: 28259 bytes
 
User: Install
->Temp folder emptied: 4376454 bytes
->Temporary Internet Files folder emptied: 36031041 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7136741 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 535970716 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 7194187 bytes
 
Total Files Cleaned = 1.301,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12142012_093416

Files\Folders moved on Reboot...
C:\Users\hecklau\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2724.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Hier nun auch die Log von dem Emsisoft Anti-Malware Scan

Zitat:
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 14.12.2012 10:01:39

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 14.12.2012 10:01:59


Gescannt 536921
Gefunden 0

Scan Ende: 14.12.2012 11:31:58
Scan Zeit: 1:29:59

Alt 15.12.2012, 14:36   #7
t'john
/// Helfer-Team
 
PUP.Blabbers - Standard

PUP.Blabbers



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 23.02.2013, 15:20   #8
t'john
/// Helfer-Team
 
PUP.Blabbers - Standard

PUP.Blabbers



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu PUP.Blabbers
anti-malware, datei, favoriten, firefox, geladen, hallo zusammen, hoffe, klicke, kurzem, log, log datei, malwarebytes, malwarebytes anti-malware, neu, offene, problem, pup.blabbers, runter, scan, vollständige, werbeseite, zusammen, öffnet



Ähnliche Themen: PUP.Blabbers


  1. Pup.Blabbers Entfernen
    Log-Analyse und Auswertung - 30.04.2013 (9)
  2. Wizebar, PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (7)
  3. PUP.Blabbers - Systembereinigung benötigt
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (17)
  4. PUP.Blabbers wie krieg ich die wieder weg?
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (11)
  5. PUP.Blabbers mit Malwarebytes gefunden. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (11)
  6. Mit PUP.Blabbers infizierter Win7
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (15)
  7. Mehrere PUP.Blabbers Funde
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (26)
  8. PUP.Blabbers gefunden mit mbam
    Log-Analyse und Auswertung - 07.01.2013 (10)
  9. PUP.Blabbers und Trojaner gefunden
    Log-Analyse und Auswertung - 29.11.2012 (2)
  10. PUP.Blabbers - Trojaner eingefangen?
    Log-Analyse und Auswertung - 17.11.2012 (1)
  11. PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 15.11.2012 (12)
  12. PUP.Blabbers / searchplusnetwork.com
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (25)
  13. Trojaner PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (2)
  14. pup.blabbers Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (28)
  15. PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (16)
  16. Pup Blabbers /xsecva usw. - was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (34)
  17. Trojaner Pup.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (23)

Zum Thema PUP.Blabbers - Hallo zusammen, ich habe seit kurzem das Problem, das sich im Firefox immer eine Werbeseite öffnet, wenn ich ein offene Seite an klicke, oder eine neu Seite über meine Favoriten - PUP.Blabbers...
Archiv
Du betrachtest: PUP.Blabbers auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.