| |
| |||||||
Log-Analyse und Auswertung: Trojaner nach Update von pdf-CreatorWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
29.01.2013, 13:47
| #10 |
 |  Trojaner nach Update von pdf-Creator und hier die von OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.01.2013 12:21:55 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***** *****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,63% Memory free
4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 41,90 Gb Free Space | 34,18% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32
Computer Name: **********-PC | User Name: ***** ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***** *****\Desktop\OTL (2).exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
PRC - C:\Users\***** *****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron)
PRC - C:\Programme\Softex\OmniPass\scureapp.exe ()
PRC - C:\Programme\Softex\OmniPass\opvapp.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f27d73d96812e733d77f814070767c73\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\AntiBrowserSpy\VersionInfo.dll ()
MOD - C:\Programme\AntiBrowserSpy\Commons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbBrowserLibs.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbCommons.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbSettingsKeeper.dll ()
MOD - C:\Programme\AntiBrowserSpy\AbProcessManager.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzArchive10.tgp ()
MOD - C:\Programme\Softex\OmniPass\hdddrv.dll ()
MOD - C:\Programme\Softex\OmniPass\scureapp.exe ()
MOD - C:\Programme\Softex\OmniPass\userdata.dll ()
MOD - C:\Programme\Softex\OmniPass\autheng.dll ()
MOD - C:\Programme\Softex\OmniPass\scuredll.dll ()
MOD - C:\Programme\Softex\OmniPass\storeng.dll ()
MOD - C:\Programme\Softex\OmniPass\cryptodll.dll ()
MOD - C:\Programme\Softex\OmniPass\SSPLogon.dll ()
MOD - C:\Windows\System32\ztvunrar36.dll ()
MOD - C:\Programme\TUGZip\Plugins\TzImage10.tgp ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SearchAnonymizer) -- C:\Users\***** *****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\DfSdkS.exe (mst software GmbH, Germany)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.)
SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\*****~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (stdriver) -- C:\Windows\System32\drivers\stdriverx86.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG )
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{215D341C-7865-4B5D-8C88-8C012641DDC4}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{3FBAAF52-0FA7-495B-AD9A-38BA0B70E021}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{67B1543A-0CE9-49FA-A074-F3A7043F5151}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{86AD842C-326A-4B2E-A41B-046016A33598}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{C4DD0BA0-BA65-4F55-89B5-2A840BC47A05}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\SearchScopes\{F4B74E77-D78D-4C5B-AD1C-86243EE24B2B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0c47b0ff-2496-4133-8e1d-48d6d760c420&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.09.03 17:05:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.09.03 17:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.07 22:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.14 17:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.14 17:41:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.07 17:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.11 10:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.11 10:41:08 | 000,000,000 | ---D | M]
[2012.01.02 13:51:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\Extensions
[2010.01.25 19:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.01.29 12:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions
[2011.12.03 14:07:54 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\***** *****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011.12.21 10:04:02 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\***** *****\AppData\Roaming\mozilla\Firefox\Profiles\wq2tz0vd.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2012.11.26 13:46:47 | 000,559,819 | ---- | M] () (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\toolbar@web.de.xpi
[2012.09.03 19:15:49 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-10.xml
[2011.05.13 08:24:30 | 000,000,950 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-11.xml
[2011.12.21 10:04:37 | 000,000,950 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-12.xml
[2012.01.16 17:47:27 | 000,000,950 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-13.xml
[2012.09.03 19:16:17 | 000,000,950 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-14.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-4.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-5.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-6.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-7.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-8.xml
[2011.05.12 17:05:24 | 000,001,103 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\icqplugin-9.xml
[2011.05.12 17:05:24 | 000,002,077 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{2FDB524A-9EC6-4CC2-96D5-605E6CD99E87}.xml
[2011.05.12 17:05:24 | 000,001,870 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{37C3BE76-7752-44DD-99BF-799A88971DC4}.xml
[2011.05.12 17:05:24 | 000,002,188 | ---- | M] () -- C:\Users\***** *****\AppData\Roaming\mozilla\firefox\profiles\wq2tz0vd.default\searchplugins\{A17291A7-69CC-4AC8-967B-8D246DCA9381}.xml
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.09 08:35:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.04.17 08:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.09.19 15:24:15 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.09.19 15:24:10 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.12.21 10:02:33 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- C:\USERS\***** *****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\{7E111A5C-3D11-4F56-9463-5310C3C69025}
File not found (No name found) -- C:\USERS\***** *****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\***** *****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQ2TZ0VD.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.14 17:43:36 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\7.2_0\
CHR - Extension: Google-Suche = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Summer Fields = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lioedaeelokfajcbbdbbljmcjadfbngf\1_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\***** *****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\***** *****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003..\Run: [BrowserMask] C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft)
O4 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003..\RunOnce: [Application Restart #3] C:\Program Files\Google\Chrome\Application\chrome.exe -user-agent="Mozilla/5.0 (Windows; U; Windows NT 6.0; de) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/NA Chrome anonymized by Abelssoft 657129543" --flag-switches-begin --flag-switches-end --restore-last-session File not found
O4 - Startup: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WKCALREM.LNK = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1379273029-1540042613-3934876083-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-5/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***** *****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.27 18:45:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***** *****\Desktop\tdsskiller (1).exe
[2013.01.27 11:40:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***** *****\Desktop\aswMBR.exe
[2013.01.25 16:17:23 | 000,000,000 | ---D | C] -- C:\Users\***** *****\Desktop\mbar
[2013.01.23 12:55:43 | 000,000,000 | ---D | C] -- C:\Users\***** *****\Documents\HEALTH
[2013.01.20 20:26:37 | 000,000,000 | ---D | C] -- C:\Users\***** *****\***** Backup
[2013.01.15 22:46:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***** *****\Desktop\OTL (2).exe
[2013.01.15 14:36:00 | 000,000,000 | ---D | C] -- C:\Users\***** *****\AppData\Roaming\Malwarebytes
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.15 14:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.15 14:35:39 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.15 14:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.15 13:04:10 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2013.01.15 13:04:10 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2013.01.15 13:04:03 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2013.01.15 13:04:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2013.01.15 13:04:03 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2013.01.15 13:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013.01.14 15:14:55 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.01.14 15:14:55 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.14 15:14:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.14 15:14:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.14 15:14:09 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.11 10:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.01.10 08:42:21 | 000,000,000 | ---D | C] -- C:\0806ff2fcdc45134c9
[2013.01.09 16:18:51 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 16:18:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.06 12:27:48 | 000,000,000 | ---D | C] -- C:\8a2ee5667d81966f11c80e
[2013.01.05 01:33:20 | 000,000,000 | ---D | C] -- C:\d294282a463339fb4ba967
[2011.09.19 15:01:33 | 145,454,840 | ---- | C] (Kaspersky Lab) -- C:\Users\***** *****\kis12.0.0.374de (1).exe
========== Files - Modified Within 30 Days ==========
[2013.01.29 12:20:01 | 000,002,273 | ---- | M] () -- C:\Users\***** *****\Desktop\Google Chrome.lnk
[2013.01.29 12:08:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 12:08:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 12:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.29 12:07:51 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.29 12:02:11 | 000,000,096 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.28 18:34:05 | 000,580,235 | ---- | M] () -- C:\Users\***** *****\Desktop\adwcleaner.exe
[2013.01.27 18:45:53 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***** *****\Desktop\tdsskiller (1).exe
[2013.01.27 18:32:47 | 000,000,512 | ---- | M] () -- C:\Users\***** *****\Desktop\MBR.dat
[2013.01.27 11:42:04 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***** *****\Desktop\aswMBR.exe
[2013.01.25 16:16:12 | 013,462,931 | ---- | M] () -- C:\Users\***** *****\Desktop\mbar-1.01.0.1016.zip
[2013.01.16 17:08:30 | 357,145,588 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.16 10:42:19 | 000,365,568 | ---- | M] () -- C:\Users\***** *****\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:46:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***** *****\Desktop\OTL (2).exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | M] () -- C:\Users\***** *****\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | M] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | M] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | M] () -- C:\Windows\is-EL2PH.lst
[2013.01.14 15:13:27 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.14 15:13:12 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.14 15:13:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.14 15:13:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.14 15:13:11 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.01.14 15:13:11 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.01.13 21:10:47 | 000,392,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.11 11:39:42 | 000,088,576 | ---- | M] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2013.01.10 14:47:12 | 000,681,468 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 14:47:12 | 000,640,480 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 14:47:12 | 000,148,812 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 14:47:12 | 000,122,468 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2013.01.29 12:01:30 | 000,000,096 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.01.28 18:33:51 | 000,580,235 | ---- | C] () -- C:\Users\***** *****\Desktop\adwcleaner.exe
[2013.01.27 18:32:47 | 000,000,512 | ---- | C] () -- C:\Users\***** *****\Desktop\MBR.dat
[2013.01.25 16:15:18 | 013,462,931 | ---- | C] () -- C:\Users\***** *****\Desktop\mbar-1.01.0.1016.zip
[2013.01.16 10:42:18 | 000,365,568 | ---- | C] () -- C:\Users\***** *****\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:34:11 | 000,000,000 | ---- | C] () -- C:\Users\***** *****\defogger_reenable
[2013.01.15 13:04:17 | 000,705,536 | ---- | C] () -- C:\Windows\is-EL2PH.exe
[2013.01.15 13:04:17 | 000,013,608 | ---- | C] () -- C:\Windows\is-EL2PH.msg
[2013.01.15 13:04:17 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.01.15 13:04:17 | 000,000,367 | ---- | C] () -- C:\Windows\is-EL2PH.lst
[2012.12.21 11:58:28 | 000,002,780 | ---- | C] () -- C:\Users\***** *****\.recently-used.xbel
[2012.11.28 18:43:28 | 000,059,617 | ---- | C] () -- C:\Users\***** *****\*****-184328.png
[2012.11.28 18:38:14 | 000,003,095 | ---- | C] () -- C:\Users\***** *****\*****.htm
[2012.11.12 17:40:40 | 000,000,680 | ---- | C] () -- C:\Users\***** *****\AppData\Local\d3d9caps.dat
[2012.10.30 12:05:58 | 000,052,398 | ---- | C] () -- C:\Users\***** *****\*****.pdf
[2012.10.30 12:05:13 | 000,143,085 | ---- | C] () -- C:\Users\***** *****\TK-***** (1).pdf
[2012.10.30 12:02:38 | 000,143,085 | ---- | C] () -- C:\Users\***** *****\TK-*****.pdf
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.08.07 23:03:33 | 000,011,815 | ---- | C] () -- C:\Users\***** *****\*****_*****_*****.pdf
[2012.08.07 21:46:23 | 000,013,057 | ---- | C] () -- C:\Users\***** *****\*****_*****_*****.pdf
[2012.08.07 21:44:16 | 000,005,847 | ---- | C] () -- C:\Users\***** *****\*****_20120807215157 ***** *****.pdf
[2012.08.07 21:43:18 | 000,011,355 | ---- | C] () -- C:\Users\***** *****\*****_*****_*****.pdf
[2012.06.04 17:23:08 | 000,037,656 | ---- | C] () -- C:\Windows\System32\drivers\stdriverx86.sys
[2012.05.23 19:07:56 | 015,278,317 | ---- | C] () -- C:\Users\***** *****\***** ***** *****.pdf
[2012.05.23 18:45:08 | 002,954,565 | ---- | C] () -- C:\Users\***** *****\*****.JPG
[2012.05.23 18:45:08 | 002,866,133 | ---- | C] () -- C:\Users\***** *****\*****.JPG
[2012.05.23 18:45:08 | 002,824,508 | ---- | C] () -- C:\Users\***** *****\BILD1177.JPG
[2012.05.23 18:45:08 | 002,723,667 | ---- | C] () -- C:\Users\***** *****\BILD1179.JPG
[2012.05.23 18:45:08 | 002,557,990 | ---- | C] () -- C:\Users\***** *****\BILD1181.JPG
[2012.05.23 18:45:08 | 002,411,554 | ---- | C] () -- C:\Users\***** *****\BILD1182.JPG
[2012.05.23 18:45:08 | 002,183,114 | ---- | C] () -- C:\Users\***** *****\BILD1180.JPG
[2012.02.27 09:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.01.16 17:46:33 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.01.10 19:18:09 | 000,014,121 | ---- | C] () -- C:\Users\***** *****\*****.pdf
[2011.12.13 22:41:55 | 000,164,337 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.12.13 22:38:32 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.12.13 15:39:53 | 000,147,770 | ---- | C] () -- C:\Windows\hpoins12.dat.temp
[2011.12.13 15:39:53 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat.temp
[2011.12.13 12:39:31 | 000,147,997 | ---- | C] () -- C:\Windows\hpoins12.dat
[2011.09.24 20:31:15 | 000,006,725 | ---- | C] () -- C:\Users\***** *****\*****_kl.gif
[2011.09.19 19:03:34 | 000,099,069 | ---- | C] () -- C:\Users\***** *****\ebay 2.jpg
[2011.09.19 19:03:15 | 000,100,321 | ---- | C] () -- C:\Users\***** *****\ebay 1.jpg
[2011.09.19 15:35:41 | 000,017,408 | ---- | C] () -- C:\Users\***** *****\AppData\Local\WebpageIcons.db
[2011.08.31 16:45:12 | 000,047,845 | ---- | C] () -- C:\Users\***** *****\*****.pdf
[2011.08.03 21:10:33 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.03.11 11:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.02.11 02:45:07 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out
[2010.07.09 08:41:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 23:25:50 | 000,001,752 | ---- | C] () -- C:\Users\***** *****\AppData\Roaming\wklnhst.dat
[2010.02.01 13:18:05 | 000,012,800 | ---- | C] () -- C:\Users\***** *****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 13:06:36 | 000,000,101 | ---- | C] () -- C:\Users\***** *****\AppData\Local\fusioncache.dat
========== ZeroAccess Check ==========
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 833 bytes -> C:\Users\***** *****\Documents\*****.eml:OECustomProperty
@Alternate Data Stream - 685 bytes -> C:\Users\***** *****\Documents\*****.eml:OECustomProperty
@Alternate Data Stream - 1013 bytes -> C:\Users\***** *****\Documents\*****.eml:OECustomProperty
< End of report >
OTL extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.01.2013 12:21:55 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 46,63% Memory free
4,22 Gb Paging File | 2,79 Gb Available in Paging File | 66,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 41,90 Gb Free Space | 34,18% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 17,16 Gb Free Space | 64,89% Space Free | Partition Type: FAT32
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1379273029-1540042613-3934876083-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B06E698-1115-4F29-A822-AAA517EBDE6A}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43978C33-0533-4C09-93C6-59DAC4C7736B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BF88C15-5AF4-473D-B96D-5EA87BCCC078}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D34CE02B-4070-4368-93F2-83213C802A6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB3AD40-A93F-4172-8E57-5D8FD63E1BE8}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\7zs4f53\hpdiagnosticcoreui.exe |
"{23BC97C0-600D-49FB-8F06-27DDFF7DD64D}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\7zs4f53\hpdiagnosticcoreui.exe |
"{28EE64B6-1F7C-4931-932B-24531583AFAE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2E9D9C0B-0137-483D-B92A-CD530592F3E6}" = dir=in | app=c:\program files\home cinema\powerdvd\powerdvd.exe |
"{3BA65083-3F97-464C-9EF6-4EA2B59F3CCD}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe |
"{4682DF48-CFFE-4CCA-B159-F49E0820F5EA}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\7zs573b\hpdiagnosticcoreui.exe |
"{5242F66A-32D3-40BD-BA15-A09FD5BA67F2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{60505A7B-3169-4F1B-8861-5AF7DC97698A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8918E140-CE4B-4788-AD10-FDD1CA51EAF3}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\7zs573b\hpdiagnosticcoreui.exe |
"{A09338A2-CC74-4A5A-9F57-928168995000}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{A1A7410C-1A25-41EC-A810-A2AFE6882E15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C506E5A5-7C23-4494-A775-3FFC02C984AA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDBEB067-3760-4F26-9C32-2F4450F24E14}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{D3F621DE-87B2-4E08-84D5-54D40B6CEF8B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F3289106-9270-44C2-A8C5-5B3A4BDB0EFF}" = dir=in | app=c:\program files\home cinema\powerdirector\pdr.exe |
"{F736CADE-D8C1-4572-BE47-619F692260B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F88D2146-E7DB-4AD7-A844-DCD4E2292B3C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2B10F0FA-2BCB-4B08-96FB-BD0788B16564}" = klickTel Telefon- und Branchenbuch Frühjahr 2010
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32DAD205-9831-4319-9DF6-B7789C36FC0C}" = Auerswald COMset 2.7.1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5DE161B8-9114-436C-96F3-DCD42651D94B}" = Lexware Elster
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71504FB8-F84D-4B63-A97F-D6D5F0F0F410}" = Deutsche Post E-Porto
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A5A288-9614-4E59-93A9-4DDB895FFA10}" = Auerswald COMlist 2.5.1
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A70FCC4-E09F-45CE-ADB5-C208CEBF0A82}" = Servicepack Datumsaktualisierung
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87079BC7-1A1E-4520-B5C3-9AF582FA26FD}" = AuthenTec Fingerprint Sensor Minimum Install
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9353F6E9-13B7-43B4-8FA5-CB46CA22671B}" = Haufe Formular-Manager
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{9FFD7E59-7EA4-4D30-98D3-CFB29936BFB8}" = Stampit Home
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ADB0EDCF-6A4E-4EA9-B57E-FD7434F18B79}" = Auerswald COMtools 2.3.1
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.8
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.74
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1" = AntiBrowserSpy
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"DivX Setup" = DivX-Setup
"ElsterFormular 12.3.2.6814k" = ElsterFormular-Update
"ElsterFormular 13.1.1.8479k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.3.5.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.02" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Inkscape" = Inkscape 0.47
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"LameACM" = LameACM
"LetsTrade" = LetsTrade Komponenten
"LogoMaker_is1" = LogoMaker 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Formulare 3" = PDF Formulare 3
"Powerbullet Presenter free v1.35_is1" = Powerbullet Presenter
"RealPlayer 15.0" = RealPlayer
"Scribus 1.3.6" = Scribus 1.3.6
"SearchAnonymizer" = SearchAnonymizer
"SmartToolsFalz- und Lochmarken-Assistentv5.00" = SmartTools Publishing • Word Falz- und Lochmarken-Assistent
"SoundTap" = SoundTap Streaming Audio Recorder
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.0.3
"Trillian" = Trillian
"TUGZip_is1" = TUGZip 3.5
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.8
"X10Hardware" = X10 Hardware(TM)
"XviD" = XviD MPEG-4 Codec
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1379273029-1540042613-3934876083-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.09.2011 02:41:44 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung scureapp.exe, Version 5.0.0.1, Zeitstempel 0x46dd99b1,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xc38, Anwendungsstartzeit 01cc6a0483098e3d.
Error - 03.09.2011 10:37:10 | Computer Name = *****-PC | Source = RapiMgr | ID = 8
Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von
Fehler Receive Connection (0x80070490) fehlgeschlagen. (Weitere Infos zum Fehlercode
finden Sie in den Daten.)
Error - 03.09.2011 10:37:21 | Computer Name = *****-PC | Source = RapiMgr | ID = 8
Description = Die Verbindung mit Windows Mobile-basierten Gerät ist aufgrund von
Fehler Receive Connection (0x80070005) fehlgeschlagen. (Weitere Infos zum Fehlercode
finden Sie in den Daten.)
[ OSession Events ]
Error - 24.02.2010 16:31:56 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2891 seconds with 2700 seconds of active time. This session ended with a
crash.
Error - 25.02.2010 08:37:24 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 144 seconds with 120 seconds of active time. This session ended with a crash.
Error - 25.02.2010 14:21:47 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 6202 seconds with 2100 seconds of active time. This session ended with a
crash.
Error - 26.02.2010 12:45:24 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3737 seconds with 2400 seconds of active time. This session ended with a
crash.
Error - 12.04.2010 04:53:15 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1748
seconds with 1260 seconds of active time. This session ended with a crash.
Error - 28.10.2011 11:09:33 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2873
seconds with 540 seconds of active time. This session ended with a crash.
Error - 11.06.2012 08:57:02 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14326
seconds with 4980 seconds of active time. This session ended with a crash.
Error - 10.07.2012 06:51:21 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12241
seconds with 3900 seconds of active time. This session ended with a crash.
Error - 12.07.2012 10:26:38 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8245
seconds with 600 seconds of active time. This session ended with a crash.
Error - 09.11.2012 02:51:59 | Computer Name = *****-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58416
seconds with 540 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.01.2013 05:51:54 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.01.2013 07:01:23 | Computer Name = *****-PC | Source = DCOM | ID = 10010
Description =
Error - 27.01.2013 12:03:54 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 27.01.2013 12:05:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.01.2013 12:05:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.01.2013 14:43:14 | Computer Name = *****-PC | Source = DCOM | ID = 10005
Description =
Error - 28.01.2013 14:43:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.01.2013 07:09:31 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29.01.2013 07:11:09 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 29.01.2013 07:11:09 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
| Themen zu Trojaner nach Update von pdf-Creator |
| abelssoft, adobe, avp.exe, babylontoolbar, bho, bonjour, browser, defender, error, explorer, firefox, format, ftp, home, hotkey.sys, internet, kaspersky, kaspersky quarantäne, launch, logfile, nodrives, pdf creator, pdf trojaner, plug-in, programm, programme, realtek, registry, search the web, security, senden, software, tastatur, temp, trojaner, usb |
Baum-Darstellung