| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop spielt einfach Musik ab, obwohl er zugeklappt istWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.01.2013, 15:44
| #1 |
| |  Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Hallo, ich habe gestern Abend, noch etwas im Internet gesurft, und habe danach (ohne den Laptop herunterzufahren) einfach zugeklappt. Normalerweise ist er bisher immer in Standby gegangen. Al ich heute morgen aufgestanden bin, hörte ich das der lüfter (also auch Laptop) noch läuft. Ich habe ihn aber laufen lassen, weil ich schnell zur Arbeit musste. Während ich mich fertig machte fing plötzlich an Musik zu laufen mit dem Windows Media Player. Ich habe dann nur den Rechner schnell ausgemacht, weil ich dann weg musste. Was kann ich dagegen tuen, bzw. woran kann das liegen? VIELEN DANK im Voraus Gruß Jens |
|
10.01.2013, 15:55
| #2 |
| /// TB-Ausbilder   |  Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Spontan kann ich dir nicht sagen, woran das liegen könnte. Wir untersuchen deinen Rechner erst mal auf Malware, dann sehen wir weiter.  Schritt 1 Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.exe
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte
Bitte poste mit deiner nächsten Antwort
|
|
10.01.2013, 19:27
| #3 |
| | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Hallo, habe vergessen zu schreiben, das ich Windows 7 habe. Habe aber alle Programme die du mir gesagt hast mit rechtsklick "als "Administrator" ausgeführt.
__________________DDS.txt DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by JOehring at 18:33:59 on 2013-01-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3956.2513 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\makecab.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i126l0438z1i5t4631o735
mStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i126l0438z1i5t4631o735
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\JOehring\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{7DBAF965-DBD2-480B-9EA3-585A2DBD80DA} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{7DBAF965-DBD2-480B-9EA3-585A2DBD80DA}\142736F62775962756C6563737C414E4 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DBAF965-DBD2-480B-9EA3-585A2DBD80DA}\34F6E6E656364796F6E605F696E647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7DBAF965-DBD2-480B-9EA3-585A2DBD80DA}\64279647A71224F687024474 : DHCPNameServer = 192.168.133.1
TCP: Interfaces\{7DBAF965-DBD2-480B-9EA3-585A2DBD80DA}\64565644241636B6 : DHCPNameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{7DBAF965-DBD2-480B-9EA3-585A2DBD80DA}\A4F456862796E676 : DHCPNameServer = 193.254.160.1 10.74.83.22
TCP: Interfaces\{7DBAF965-DBD2-480B-9EA3-585A2DBD80DA}\C42494 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{D24746A0-EEC0-4012-9FB1-E23D0AA58DAA} : DHCPNameServer = 10.111.81.129 10.129.32.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i126l0438z1i5t4631o735
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\
FF - prefs.js: browser.search.selectedEngine - Funmoods
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=609e6f3b0000000000002a7c8f01abb7&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 609e6f3b0000000000002a7c8f01abb7
FF - user.js: extensions.BabylonToolbar_i.hardId - 609e6f3b0000000000002a7c8f01abb7
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15497
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58:33
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733&q=
FF - user.js: extensions.funmoods.id - 2A7C8F01ABB76F3B
FF - user.js: extensions.funmoods.instlDay - 15623
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2215:53:27
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - iron2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - iron2
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-4-18 27760]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-8-24 271424]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/31 07:37:37];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-1-22 146928]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-4-18 98848]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-25 56344]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WSDScan;WSD-Scanunterstützung durch UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
.
=============== Created Last 30 ================
.
2013-01-09 22:35:12 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 22:35:12 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 22:35:05 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-01-09 22:35:03 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-01-09 22:35:03 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-01-09 22:35:03 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-01-09 22:35:02 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-01-09 22:35:02 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-01-09 22:35:00 800768 ----a-w- C:\Windows\System32\usp10.dll
2013-01-09 22:35:00 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2013-01-09 22:30:22 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D09DFFB-8474-4F20-8567-2742691F3D64}\mpengine.dll
2013-01-06 11:24:57 -------- d-----w- C:\Users\JOehring\AppData\Roaming\tiger-k
2013-01-06 11:24:56 -------- d-----w- C:\Users\JOehring\AppData\Roaming\Leawo
2013-01-06 11:23:06 -------- d-----w- C:\ProgramData\Leawo
2013-01-06 11:23:00 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2013-01-06 11:22:58 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-01-06 11:22:50 606208 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2013-01-06 11:22:50 139264 ----a-w- C:\Windows\SysWow64\xvid.ax
2013-01-06 11:22:41 66944 ----a-w- C:\Windows\SysWow64\thdudf.sys
2013-01-06 11:22:41 66944 ----a-w- C:\Windows\SysWow64\drivers\thdudf.sys
2013-01-06 11:22:40 -------- d-----w- C:\Program Files (x86)\Leawo
2013-01-01 16:23:26 -------- d-----w- C:\Users\JOehring\AppData\Roaming\ihelper
2013-01-01 16:23:22 -------- d-----w- C:\Program Files (x86)\PPÖúÊÖ
2012-12-22 08:24:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 08:24:50 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 08:24:49 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 08:24:49 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-21 16:35:57 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 16:35:57 -------- d-----w- C:\Program Files\iTunes
2012-12-21 16:35:57 -------- d-----w- C:\Program Files\iPod
2012-12-21 16:35:57 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-18 14:28:14 186584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-12-18 14:28:14 186584 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-12-16 21:08:49 -------- d-----w- C:\Users\JOehring\AppData\Roaming\pdfforge
2012-12-16 21:08:48 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2012-12-16 21:08:47 64512 ----a-w- C:\Windows\SysWow64\MSCC2DE.DLL
2012-12-16 21:08:47 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2012-12-16 21:08:47 158208 ----a-w- C:\Windows\SysWow64\MSCMCDE.DLL
2012-12-16 21:08:47 103936 ----a-w- C:\Windows\System32\pdfcmon.dll
2012-12-16 21:07:02 -------- d-----w- C:\Users\JOehring\AppData\Local\Programs
2012-12-12 18:37:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-12 17:00:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 17:00:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 17:00:25 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-12 17:00:25 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
==================== Find3M ====================
.
2013-01-09 20:43:38 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 20:43:38 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 18:35:53,68 ===============
Attach.txt Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 03.10.2010 16:50:26
System Uptime: 10.01.2013 18:29:59 (0 hours ago)
.
Motherboard: Acer | | Aspire 7741
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU 1 | 2266/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 85 GiB total, 14,21 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 200 GiB total, 109,813 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_033D1025&REV_01\4&2624DE0E&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_033D1025&REV_01\4&2624DE0E&0&00E0
Service: k57nd60a
.
==== System Restore Points ===================
.
RP320: 09.01.2013 23:30:02 - Windows Update
RP321: 10.01.2013 03:00:18 - Windows Update
.
==== Installed Programs ======================
.
Leawo Total Media Converter Ultimate version 5.1.0.0
Update for Microsoft Office 2007 (KB2508958)
Acer eRecovery Management
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5) - Deutsch
Alcatech BPM Studio Professional v4.9.1
Alcor Micro USB Card Reader
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
µTorrent
Avira Free Antivirus
Bonjour
BosMon 1.1.9
Broadcom Gigabit NetLink Controller
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink PowerDVD 9
DAEMON Tools Pro
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp CD Writer
dBpoweramp Dalet Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Mp2 and BwfMp2 codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Real Audio (Helix) Encoder
dBPoweramp tooLame MP2 codec
dBpoweramp Wave64 Codec
dBpoweramp WavPack Codec
DivX-Setup
ElsterFormular für Privatanwender
Free YouTube Download version 3.1.38.1005
GIMP 2.6.12
Google Earth
Google SketchUp 8
Google Update Helper
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
HP Deskjet 3050 J610 series Hilfe
HP Update
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 37
K-Lite Codec Pack 7.9.0 (Basic)
LAME v3.98.3 for Audacity
Leawo Youtube Downloader Version: 4.0.0.2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared 64-bit MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 de)
Mozilla Maintenance Service
NTI Backup Now 5
NTI Backup Now Standard
PDF-XChange Viewer
PDFCreator
Picasa 3
PPÖúÊÖ PC°æ 1.0.5.0
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sweet Home 3D version 3.6
TeamViewer 7
TomTom HOME
TomTom HOME Visual Studio Merge Modules
TuneUp Utilities Language Pack (de-DE)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
VSB Haushaltsplaner
Windows Media Player Firefox Plugin
WinRAR
.
==== End Of File ===========================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:45 on 10/01/2013 (JOehring)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Als .zip im Anhang |
|
11.01.2013, 17:09
| #4 |
| /// TB-Ausbilder | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Servus, ich sehe da etwas Adware auf deinem Rechner, darum kümmern wir uns u. a. jetzt. Schritt 1 Ich sehe, dass du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall µTorrent. Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und das ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass du dir eine infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software / Programme deinstallieren und deinstalliere die oben genannte Software. Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
12.01.2013, 18:50
| #5 |
| | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist AdwCleaner[S1].txt Code:
ATTFilter # AdwCleaner v2.105 - Datei am 12/01/2013 um 06:32:48 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : JOehring - JOEHRING-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\JOehring\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\JOehring\AppData\Local\funmoods.crx
Datei Gelöscht : C:\Users\JOehring\AppData\Local\funmoods-speeddial_sf.crx
Datei Gelöscht : C:\Users\JOehring\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\JOehring\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\JOehring\AppData\Local\Temp\BabylonToolbar
Ordner Gelöscht : C:\Users\JOehring\AppData\Local\Temp\CT2625848
Ordner Gelöscht : C:\Users\JOehring\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\JOehring\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\JOehring\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\CT2625848
Ordner Gelöscht : C:\Users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
Ordner Gelöscht : C:\Users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\extensions\ffxtlbr@funmoods.com
Ordner Gelöscht : C:\Users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\Smartbar
Ordner Gelöscht : C:\Users\JOehring\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733 --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\prefs.js
C:\Users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1", "eyJ1cGRhdGVSZXFUaW1lIjoxMzUwMTU3ND[...]
Gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2625848.FirstTime", "true");
Gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2625848.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2625848.UserID", "UN02722026503192798");
Gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Gelöscht : user_pref("CT2625848.defaultSearch", "false");
Gelöscht : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2625848.enableAlerts", "false");
Gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2625848.fixUrls", true);
Gelöscht : user_pref("CT2625848.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2625848.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2625848.isNewTabEnabled", false);
Gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.trojaner-boa[...]
Gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Gelöscht : user_pref("CT2625848.search.searchCount", "0");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1350126355870");
Gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1350126355698");
Gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350126356543");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.1.89_lastUpdate", "1353147502871");
Gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357968672930");
Gelöscht : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1350126355874");
Gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350126356751");
Gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1350126355114");
Gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1357968672227");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350126356481");
Gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1357968672403");
Gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1357968672440");
Gelöscht : user_pref("CT2625848.settingsINI", true);
Gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Gelöscht : user_pref("CT2625848.startPage", "false");
Gelöscht : user_pref("CT2625848.toolbarBornServerTime", "13-10-2012");
Gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "12-1-2013");
Gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Funmoods");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.selectedEngine", "Funmoods");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "609e6f3b0000000000002a7c8f01abb7");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "609e6f3b0000000000002a7c8f01abb7");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15497");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110819&babsrc=N[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:58:33");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Gelöscht : user_pref("extensions.funmoods.aflt", "iron2");
Gelöscht : user_pref("extensions.funmoods.autoRvrt", false);
Gelöscht : user_pref("extensions.funmoods.dfltLng", "");
Gelöscht : user_pref("extensions.funmoods.dfltSrch", true);
Gelöscht : user_pref("extensions.funmoods.dnsErr", true);
Gelöscht : user_pref("extensions.funmoods.envrmnt", "production");
Gelöscht : user_pref("extensions.funmoods.excTlbr", false);
Gelöscht : user_pref("extensions.funmoods.hmpg", true);
Gelöscht : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzuy[...]
Gelöscht : user_pref("extensions.funmoods.id", "2A7C8F01ABB76F3B");
Gelöscht : user_pref("extensions.funmoods.instlDay", "15623");
Gelöscht : user_pref("extensions.funmoods.instlRef", "iron2");
Gelöscht : user_pref("extensions.funmoods.isdcmntcmplt", true);
Gelöscht : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Gelöscht : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]
Gelöscht : user_pref("extensions.funmoods.prdct", "funmoods");
Gelöscht : user_pref("extensions.funmoods.prtnrId", "funmoods");
Gelöscht : user_pref("extensions.funmoods.srchPrvdr", "Search");
Gelöscht : user_pref("extensions.funmoods.tlbrId", "base");
Gelöscht : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[...]
Gelöscht : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Gelöscht : user_pref("extensions.funmoods_i.newTab", true);
Gelöscht : user_pref("extensions.funmoods_i.smplGrp", "none");
Gelöscht : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2215:53:27");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=609e6f3b000000[...]
*************************
AdwCleaner[S1].txt - [15067 octets] - [12/01/2013 06:32:48]
########## EOF - C:\AdwCleaner[S1].txt - [15128 octets] ##########
Code:
ATTFilter ComboFix 13-01-12.01 - JOehring 12.01.2013 18:30:05.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3956.2564 [GMT 1:00]
ausgeführt von:: c:\users\JOehring\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\JOehring\AppData\Roaming\IHelper
c:\users\JOehring\AppData\Roaming\Local
c:\users\JOehring\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\JOehring\AppData\Roaming\Local\Temp\DDM\Settings\haco_schmunzelviech_xvid.avi.ddr
c:\users\JOehring\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\JOehring\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\af095d3abcfd5e2f2d703716b15b3233.ddp
c:\users\JOehring\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\d80ac7d1856550f370dd0438f57e3c57.avi(2).ddp
c:\users\JOehring\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\d80ac7d1856550f370dd0438f57e3c57.avi.ddp
c:\users\JOehring\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\haco_schmunzelviech_xvid.avi.ddp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-12 bis 2013-01-12 ))))))))))))))))))))))))))))))
.
.
2013-01-12 17:38 . 2013-01-12 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-12 17:36 . 2013-01-12 17:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A0E5D61-7C73-4F58-97B0-727DA7097326}\offreg.dll
2013-01-12 05:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A0E5D61-7C73-4F58-97B0-727DA7097326}\mpengine.dll
2013-01-09 22:35 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 22:35 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 22:35 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 22:35 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 22:35 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 22:35 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 22:35 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 22:35 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 22:35 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 22:35 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-06 11:24 . 2013-01-06 11:25 -------- d-----w- c:\users\JOehring\AppData\Roaming\tiger-k
2013-01-06 11:24 . 2013-01-06 11:24 -------- d-----w- c:\users\JOehring\AppData\Roaming\Leawo
2013-01-06 11:23 . 2013-01-06 11:23 -------- d-----w- c:\programdata\Leawo
2013-01-06 11:23 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2013-01-06 11:22 . 2013-01-06 11:23 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-01-06 11:22 . 2012-01-09 12:43 606208 ----a-w- c:\windows\SysWow64\xvidcore.dll
2013-01-06 11:22 . 2012-01-09 12:43 139264 ----a-w- c:\windows\SysWow64\xvid.ax
2013-01-06 11:22 . 2012-01-10 17:09 66944 ----a-w- c:\windows\SysWow64\thdudf.sys
2013-01-06 11:22 . 2012-01-10 17:09 66944 ----a-w- c:\windows\SysWow64\drivers\thdudf.sys
2013-01-06 11:22 . 2013-01-06 11:23 -------- d-----w- c:\program files (x86)\Leawo
2013-01-01 16:23 . 2013-01-01 16:23 -------- d-----w- c:\program files (x86)\PPÖúÊÖ
2012-12-22 08:24 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:24 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 08:24 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 08:24 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 16:35 . 2012-12-21 16:36 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 16:35 . 2012-12-21 16:36 -------- d-----w- c:\program files\iTunes
2012-12-21 16:35 . 2012-12-21 16:36 -------- d-----w- c:\program files (x86)\iTunes
2012-12-21 16:35 . 2012-12-21 16:35 -------- d-----w- c:\program files\iPod
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-12-16 21:08 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2012-12-16 21:08 . 2012-10-28 17:32 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2012-12-16 21:08 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2012-12-16 21:08 . 1998-07-06 16:55 158208 ----a-w- c:\windows\SysWow64\MSCMCDE.DLL
2012-12-16 21:08 . 1998-07-06 16:55 64512 ----a-w- c:\windows\SysWow64\MSCC2DE.DLL
2012-12-16 21:07 . 2012-12-16 21:07 -------- d-----w- c:\users\JOehring\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 02:02 . 2010-10-06 14:44 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 20:43 . 2012-05-23 20:25 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 20:43 . 2011-05-16 13:37 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-30 04:45 . 2013-01-09 22:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 18:36 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 18:36 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 18:36 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 18:36 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 18:36 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 18:36 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 18:36 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 18:36 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 18:36 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 18:36 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 18:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 18:36 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 18:36 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 18:36 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 18:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 18:36 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 18:36 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 18:36 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 18:36 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 18:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 18:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 18:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 17:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 17:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 17:00 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 17:00 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-16 08:38 . 2012-11-29 11:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-29 11:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-29 11:17 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-24 271424]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/31 07:37];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-01-22 16:31 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 20:43]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 10:16]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 10:16]
.
2013-01-09 c:\windows\Tasks\hpwebreg_CN0AB2C2D805HX.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-16 19:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-11 9643552]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7741&r=27361010i126l0438z1i5t4631o735
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\JOehring\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\JOehring\AppData\Roaming\Mozilla\Firefox\Profiles\qtmx5798.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Dalet Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Monkeys Audio Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Mp2 and BwfMp2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp mp3 (Fraunhofer IIS) Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPoweramp tooLame MP2 codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Wave64 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp WavPack Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Calculate Audio CRC] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-12 18:41:37
ComboFix-quarantined-files.txt 2013-01-12 17:41
.
Vor Suchlauf: 11 Verzeichnis(se), 15.003.975.680 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 15.338.319.872 Bytes frei
.
- - End Of File - - CD44FAF558A9E09FBCFC84F8126E6B3C
|
|
13.01.2013, 12:30
| #6 |
| /// TB-Ausbilder | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Servus, na das war ja mal ergiebig. Ich möchte noch kurz genauer einen Blick auf den Rechner werfen: Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror # 1
|
|
13.01.2013, 12:50
| #7 |
| | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Hi, Das Programm "PPÖúÊÖ" ist eigentlich ein chinesisches Programm mit dem man Apps auf das Iphone ziehen kann. Es gibt aber in dem Forum (32 Seite) wo ich das her habe bisher keine negative rückmeldung. Ausserdem hbe ich dieses Tool erst sein ein paar tagen drauf und mir kam der Laptop vorher schon etwas komisch vor. Also ich bezweifel das es daran liegt. Aber gerne lösche ich dieses Programm um in unserem vorgehen weiter zu kommen. Ich danke dir schon einmal für die bisherige betreuung. Bin sehr begeistert. DANKE  SystemLook.txt Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 12:38 on 13/01/2013 by JOehring
Administrator - Elevation successful
========== dir ==========
c:\program files (x86)\PPÖúÊÖ - Parameters: "/S"
---Files---
7z.dll --a---- 836424 bytes [10:06 16/07/2012] [10:06 16/07/2012]
avcodec-53.dll --a---- 3196416 bytes [03:35 19/04/2012] [03:35 19/04/2012]
avformat-53.dll --a---- 315904 bytes [03:35 19/04/2012] [03:35 19/04/2012]
avutil-51.dll --a---- 119808 bytes [03:35 19/04/2012] [03:35 19/04/2012]
ihelper.dll --a---- 933784 bytes [07:46 27/12/2012] [07:46 27/12/2012]
ihelper.exe --a---- 2841496 bytes [15:33 27/12/2012] [15:33 27/12/2012]
ihelper.tra --a---- 1273085 bytes [07:17 25/12/2012] [07:17 25/12/2012]
liveupdate.dat --a---- 28 bytes [16:23 01/01/2013] [16:23 01/01/2013]
lu.exe --a---- 134472 bytes [06:24 30/11/2012] [06:24 30/11/2012]
lua51.dll --a---- 61312 bytes [08:01 12/01/2012] [08:01 12/01/2012]
PPÖúÊÖ PC°æ.url --a---- 45 bytes [16:23 01/01/2013] [16:23 01/01/2013]
Product.config --a---- 27 bytes [09:31 04/05/2012] [09:31 04/05/2012]
sqlite3.dll --a---- 573100 bytes [11:32 01/11/2011] [11:32 01/11/2011]
swresample-0.dll --a---- 51712 bytes [03:35 19/04/2012] [03:35 19/04/2012]
swscale-2.dll --a---- 236544 bytes [03:35 19/04/2012] [03:35 19/04/2012]
trp2p.dll --a---- 106392 bytes [07:37 25/12/2012] [07:37 25/12/2012]
uninst.exe --a---- 89698 bytes [16:23 01/01/2013] [16:23 01/01/2013]
c:\program files (x86)\PPÖúÊÖ\Log d------ [16:23 01/01/2013]
========== folderfind ==========
Searching for "*babylon*"
No folders found.
Searching for "*funmoods*"
No folders found.
Searching for "*Conduit*"
No folders found.
Searching for "*pdfforge*"
C:\Program Files (x86)\PDFCreator\PlugIns\pdfforge d------ [21:08 16/12/2012]
========== regfind ==========
Searching for "babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{47261571-84B9-901F-6E67-58C7279F52A4}]
"DisplayName"="Search the web (Babylon)"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{47261571-84B9-901F-6E67-58C7279F52A4}]
"URL"="hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=609e6f3b0000000000002a7c8f01abb7"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47261571-84B9-901F-6E67-58C7279F52A4}]
"DisplayName"="Search the web (Babylon)"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47261571-84B9-901F-6E67-58C7279F52A4}]
"URL"="hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=609e6f3b0000000000002a7c8f01abb7"
Searching for "funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"URL"="hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"TopResultURLFallback"="hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"FaviconURL"="hxxp://searchfunmoods.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"FaviconPath"="C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"FaviconURLFallback"="hxxp://searchfunmoods.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
@="Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"DisplayName"="Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"DisplayName"="Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"URL"="hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"TopResultURLFallback"="hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutB0AyB0Czz0FtDtC0A0B0ByByC0FtA0BtN0D0Tzu0CtBzzyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=43775733"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"FaviconURL"="hxxp://searchfunmoods.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"FaviconPath"="C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
"FaviconURLFallback"="hxxp://searchfunmoods.com/favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
@="Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASMANCS]
Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettings]
"ServiceUrl"="hxxp://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\AE48807DEC2E935419BD7466CCE1F5F5]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678]
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppsMetaData]
"ServiceUrl"="hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\AppTrackingFirstTime]
"ServiceUrl"="hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\GottenAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\OtherAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\SharedAppsContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarAppComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarAppUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarComponentUsage]
"ServiceUrl"="hxxp://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarContextMenu]
"ServiceUrl"="hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarLogin]
"ServiceUrl"="hxxp://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettings]
"ServiceUrl"="hxxp://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarSettingsForPublisher]
"ServiceUrl"="hxxp://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarTranslation]
"ServiceUrl"="hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-3226224925-3163038922-2662592277-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678\ToolbarUsage]
"ServiceUrl"="hxxp://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
Searching for "pdfforge"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.Images2PDF]
@="pdfforge Images2PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge Images2PDF]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.DllInfo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.DllInfo]
@="pdfforge.DllInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDF]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDF]
@="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDF.X509]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDF.X509]
@="pdfforge.PDF.PDF+X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDF.X509.Signing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDF.X509.Signing]
@="pdfforge.PDF.PDF+X509+Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDFEncryptor]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDFEncryptor]
@="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDFLine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDFLine]
@="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDFText]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.PDF.PDFText]
@="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.Tools]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.Tools]
@="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.X509.X509]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pdfforge.X509.X509]
@="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}]
@="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32]
"Class"="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\ProgId]
@="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}]
@="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32]
"Class"="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32\2.4.0.0]
"Class"="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\ProgId]
@="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}]
@="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32]
"Class"="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\ProgId]
@="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}]
@="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32]
"Class"="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\ProgId]
@="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}]
@="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32]
"Class"="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32\2.4.0.0]
"Class"="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\ProgId]
@="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}]
@="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32]
"Class"="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\ProgId]
@="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}]
@="pdfforge.PDF.PDF+X509+Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32]
"Class"="pdfforge.PDF.PDF+X509+Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDF+X509+Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\ProgId]
@="pdfforge.PDF.PDF.X509.Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}]
@="pdfforge.PDF.PDF+X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32]
"Class"="pdfforge.PDF.PDF+X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDF+X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\ProgId]
@="pdfforge.PDF.PDF.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}]
@="pdfforge.DllInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32]
"Class"="pdfforge.DllInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32\2.4.0.0]
"Class"="pdfforge.DllInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\ProgId]
@="pdfforge.DllInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}]
"HelpLink"="hxxp://www.pdfforge.org/support"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}]
"Publisher"="pdfforge"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}]
"Readme"="hxxp://www.pdfforge.org"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}]
"URLInfoAbout"="hxxp://www.pdfforge.org"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}]
"URLUpdateInfo"="hxxp://www.pdfforge.org"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}]
@="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32]
"Class"="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1D512261-7F39-3DEA-B9E6-44F1B58C5783}\ProgId]
@="pdfforge.PDF.PDFText"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}]
@="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32]
"Class"="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32\2.4.0.0]
"Class"="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2CE383B7-8DE1-3A87-A090-E01004C18D0D}\ProgId]
@="pdfforge.X509.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}]
@="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32]
"Class"="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2EDB5376-DAA6-3443-826C-3A7B64DBC9D1}\ProgId]
@="pdfforge.PDF.PDFLine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}]
@="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32]
"Class"="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{358C5262-FCCB-32F9-AE90-6A9276CD1A71}\ProgId]
@="pdfforge.PDF.PDF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}]
@="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32]
"Class"="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32\2.4.0.0]
"Class"="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64F5B8EE-AC0D-3B21-9C1A-E3EF0DD966FC}\ProgId]
@="pdfforge.Tools"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}]
@="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32]
"Class"="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{65E0A140-B49D-332E-9678-A214CE10BBDF}\ProgId]
@="pdfforge.PDF.PDFEncryptor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}]
@="pdfforge.PDF.PDF+X509+Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32]
"Class"="pdfforge.PDF.PDF+X509+Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDF+X509+Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{916B50E2-28CA-3B5A-8503-D3B62193F207}\ProgId]
@="pdfforge.PDF.PDF.X509.Signing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}]
@="pdfforge.PDF.PDF+X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32]
"Class"="pdfforge.PDF.PDF+X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32\2.4.0.0]
"Class"="pdfforge.PDF.PDF+X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E2E4E38F-7318-3FB0-8A79-D2F9595430BB}\ProgId]
@="pdfforge.PDF.PDF.X509"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}]
@="pdfforge.DllInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32]
"Class"="pdfforge.DllInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32\2.4.0.0]
"Class"="pdfforge.DllInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32\2.4.0.0]
"Assembly"="pdfforge, Version=2.4.0.0, Culture=neutral, PublicKeyToken=null"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\InprocServer32\2.4.0.0]
"CodeBase"="file:///C:/Program Files (x86)/PDFCreator/PlugIns/pdfforge/pdfforge.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F749CA8E-15C7-3D60-B935-5500537B29A8}\ProgId]
@="pdfforge.DllInfo"
Searching for "DAEMON Tools Toolba"
No data found.
-= EOF =-
|
|
13.01.2013, 13:01
| #8 |
| /// TB-Ausbilder | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Servus, das Programm kannst du behalten.  Wir entfernen jetzt noch die Reste der Adware und kontrollieren nochmal alles mit ein paar Tools. Schritt 1 Fixen mit OTL
Code:
ATTFilter :reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{47261571-84B9-901F-6E67-58C7279F52A4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASMANCS]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS]
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
14.01.2013, 16:26
| #9 |
| | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Kannst du mir eine gute Software empfehlen bezüglich Virenschutz etc., was immer im Hinergrund mitlaufen sollte? Oder bin ich mit AntiVir gut bedient? Aber wäre super wenn es kostenlos ist. OTL.txt Code:
ATTFilter All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{47261571-84B9-901F-6E67-58C7279F52A4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47261571-84B9-901F-6E67-58C7279F52A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunmoodsLatest_RASMANCS\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: JOehring
->Temp folder emptied: 2680 bytes
->Temporary Internet Files folder emptied: 159709586 bytes
->Java cache emptied: 7782876 bytes
->FireFox cache emptied: 73848946 bytes
->Flash cache emptied: 12851 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7658 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 230,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01132013_132721
Files\Folders moved on Reboot...
C:\Users\JOehring\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.13.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 JOehring :: JOEHRING-LAPTOP [Administrator] Schutz: Aktiviert 13.01.2013 13:34:47 mbam-log-2013-01-13 (13-34-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213505 Laufzeit: 3 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\JOehring\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=0c8d43da731ecf43b7d88993db5196b1
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-13 12:51:06
# local_time=2013-01-13 01:51:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 8139 103851949 4206 0
# compatibility_mode=5893 16776573 100 94 71790 109711316 0 0
# scanned=225
# found=0
# cleaned=0
# scan_time=186
esets_scanner_update returned -1 esets_gle=53251
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=0c8d43da731ecf43b7d88993db5196b1
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-13 05:06:35
# local_time=2013-01-13 06:06:35 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 23468 103867278 19535 0
# compatibility_mode=5893 16776573 100 94 87119 109726645 0 0
# scanned=226
# found=0
# cleaned=0
# scan_time=2490
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=0c8d43da731ecf43b7d88993db5196b1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-14 01:45:47
# local_time=2013-01-14 02:45:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 54620 103898430 50687 0
# compatibility_mode=5893 16776573 100 94 118271 109757797 0 0
# scanned=243640
# found=0
# cleaned=0
# scan_time=31081
Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 TuneUp Utilities Language Pack (de-DE) Java(TM) 6 Update 37 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
14.01.2013, 17:07
| #10 |
| /// TB-Ausbilder | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 4 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 5 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 6 Downloade dir bitte delfix auf deinen Desktop.
Schritt 7 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
14.01.2013, 18:55
| #11 |
| | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Hallo, vielen vielen Dank für deine Hilfe. Das deinstallieren hat super geklappt und der Rechner sollte wieder rein sein. Ich danke dir für deine Hilfe und hoffe das es meinem Problem geholfen hat. Sollte noch etwas sein dann melde ich mich. DANKE |
|
14.01.2013, 19:47
| #12 |
| /// TB-Ausbilder | Laptop spielt einfach Musik ab, obwohl er zugeklappt ist Ich bin froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Laptop spielt einfach Musik ab, obwohl er zugeklappt ist |
| abend, arbeit, einfach, fertig, gestern, gesurft, heute, inter, interne, internet, laptop, laufe, laufen, lüfter, media, morgen, musik, plötzlich, rechner, schnell, spiel, standby, windows, woran, zugeklappt |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
