| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.RewardsArcade in RegistrierungsschluesselWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.03.2013, 09:55
| #1 |
 |  PUP.RewardsArcade in Registrierungsschluessel Hallo Foren-Helfer, ich habe eher zufällig einen Malewarescan mit dem Programm " Malwarebytes Anti-Malware " durchführen lassen. Ich hatte bisher keine Probleme / Auffälligkeiten / Symptome mit meinem PC. Einzig erwähnenswert wäre hier eine PC-Startdauer von ~4min, inklusive Windowsstart. Bei dem Maleware-Scan wurden 7 infizierte Registrierungsschluessel und 2 infizierte Dateien gemeldet. Avira Free Antivir hat bei einem vollständigen Systemsuchlauf, inklusive Rootkit- und Bootsektorensuche, keine Bedrohungen gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.09.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 RK :: ROBERT-PC [Administrator] 09.03.2013 18:57:55 mbam-log-2013-03-09 (18-57-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 455534 Laufzeit: 3 Stunde(n), 25 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 D:\Downloads\installer_driver_philips_pcvc720k_40_webcam_98_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Downloads\MKVPlayerSetup.exe (PUP.Adware.RKN) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Aufgrund der Meldungen habe ich die infizierten Dateien in Quarantäne gestellt und diese auch gänzlich gelöscht. Die infizierten Registrierungsschluessel habe ich beim nächsten Scan in Quarantäne gestellt. Im Zuge der Erstellung des Themas und des Erbittens Eurer Hilfe habe ich die in "Für alle Hilfesuchenden!" erwähnten Schritte hoffentlich mit aller Korrektheit und Vollständigkeit durchgeführt. Die Forums-Regeln sind mir bekannt. defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:18 on 14/03/2013 (RK)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 14.03.2013 17:23:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RK\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,85% Memory free 3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 65,00 Gb Total Space | 1,97 Gb Free Space | 3,03% Space Free | Partition Type: NTFS Drive D: | 46,69 Gb Total Space | 2,79 Gb Free Space | 5,97% Space Free | Partition Type: NTFS Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.14 09:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe PRC - [2013.02.12 16:47:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.12 16:44:28 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.02.12 16:44:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.12 16:44:10 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.01.29 18:13:12 | 001,668,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2013.01.29 18:13:12 | 001,093,744 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe ========== Modules (No Company Name) ========== MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll ========== Services (SafeList) ========== SRV - [2013.03.08 14:02:35 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.12 16:47:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.12 16:44:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.01.07 13:28:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.01.04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.12.29 09:58:24 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2011.08.19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.09 11:18:06 | 001,060,864 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2011.03.09 11:16:56 | 000,484,352 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2011.03.09 11:07:54 | 000,238,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.12.11 16:45:12 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.11 16:45:12 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.26 18:05:22 | 000,064,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012.11.14 11:36:26 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.01.09 16:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2012.01.09 16:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.12.29 09:58:31 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86) DRV - [2011.12.29 09:58:31 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86) DRV - [2011.12.29 09:58:25 | 000,325,120 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011.08.19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011.08.19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011.03.06 22:33:38 | 000,045,440 | ---- | M] (Siano) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smsbda.sys -- (smsbda) DRV - [2011.02.16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.07.27 11:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10) DRV - [2007.07.27 09:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10) DRV - [2007.04.23 13:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\RK\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 81 7E A8 0C E2 C3 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {553852A3-665D-47A0-8DB6-15C1A116880D} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{553852A3-665D-47A0-8DB6-15C1A116880D}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\..\SearchScopes\{E84F4033-D7CD-486E-A589-8AA5CCAAAF7F}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6 FF - prefs.js..extensions.enabledAddons: %7Bdaf44bf7-a45e-4450-979c-91cf07434c3d%7D:1.5.8 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13 FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.1 FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.2 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.12.02 20:51:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 14:02:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 14:02:24 | 000,000,000 | ---D | M] [2012.09.18 11:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Extensions [2013.03.03 17:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions [2013.03.03 17:49:47 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RK\AppData\Roaming\mozilla\Firefox\Profiles\ukmzecrj.default\extensions\donottrackplus@abine.com [2012.11.19 13:34:20 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\nosquint@urandom.ca.xpi [2013.02.04 15:53:08 | 000,023,709 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}.xpi [2013.02.21 17:01:15 | 000,115,869 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2013.03.03 17:49:45 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.18 10:22:04 | 000,115,263 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi [2013.02.12 06:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2012.11.03 12:50:18 | 000,002,344 | ---- | M] () -- C:\Users\RK\AppData\Roaming\mozilla\firefox\profiles\ukmzecrj.default\searchplugins\askcom.xml [2013.03.08 14:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.02 20:51:52 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.03.08 14:02:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - Startup: C:\Users\RK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleNetIDList = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1362648753484 (MUCatalogWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} hxxp://download.flatcast.net/objects/NpFv530.dll (Flatcast Viewer 5.3) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DCC2B62-5BFD-4AFA-825A-6D910F509E47}: DhcpNameServer = 134.169.172.1 134.169.9.150 134.169.9.151 134.169.9.152 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2D7BDB-400D-48E6-8345-874DFFA9A04D}: DhcpNameServer = 134.169.9.152 134.169.9.151 134.169.9.150 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell - "" = AutoRun O33 - MountPoints2\{345905ec-6ce7-11e1-b28c-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell - "" = AutoRun O33 - MountPoints2\{a12bd357-541d-11e2-86ad-0013a9c0c8e8}\Shell\AutoRun\command - "" = H:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.14 09:01:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe [2013.03.12 23:15:28 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2013.03.09 18:26:12 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Roaming\Malwarebytes [2013.03.09 18:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.09 18:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.09 18:25:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.09 18:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.08 23:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.03.08 14:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.07 10:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2013.03.06 10:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.05 15:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.28 14:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.02.27 13:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2013.02.27 13:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2013.02.27 13:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.27 13:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.26 14:26:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.02.14 01:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2013.02.13 10:56:29 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.02.13 10:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.02.13 10:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2013.02.13 10:40:20 | 000,000,000 | ---D | C] -- C:\Users\RK\AppData\Local\Windows Live [2013.02.13 10:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.14 17:21:04 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.14 17:20:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.14 17:19:49 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2013.03.14 17:18:24 | 000,000,000 | ---- | M] () -- C:\Users\RK\defogger_reenable [2013.03.14 17:01:34 | 000,482,463 | ---- | M] () -- C:\Users\RK\Desktop\FLT_9EMUQP2481_0.pdf [2013.03.14 16:53:38 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.14 16:53:38 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.14 16:29:32 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.14 14:30:07 | 001,149,657 | ---- | M] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf [2013.03.14 09:30:54 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.03.14 09:02:58 | 000,377,856 | ---- | M] () -- C:\Users\RK\Desktop\gmer_2.1.19155.exe [2013.03.14 09:01:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RK\Desktop\OTL.exe [2013.03.14 09:01:13 | 000,050,477 | ---- | M] () -- C:\Users\RK\Desktop\Defogger.exe [2013.03.14 08:26:54 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.14 08:26:54 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.14 08:26:54 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.14 08:26:54 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.14 00:38:36 | 000,684,626 | ---- | M] () -- C:\Users\RK\Desktop\Für alle Hilfesuchenden Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.pdf [2013.03.12 23:15:28 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2013.03.05 18:40:52 | 000,572,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.27 15:55:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2013.02.14 14:43:19 | 000,007,168 | ---- | M] () -- C:\Users\RK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.13 10:49:07 | 000,000,020 | ---- | M] () -- C:\Windows\èù¥ [1 C:\Users\RK\*.tmp files -> C:\Users\RK\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.14 17:18:24 | 000,000,000 | ---- | C] () -- C:\Users\RK\defogger_reenable [2013.03.14 17:01:28 | 000,482,463 | ---- | C] () -- C:\Users\RK\Desktop\FLT_9EMUQP2481_0.pdf [2013.03.14 14:30:04 | 001,149,657 | ---- | C] () -- C:\Users\RK\Desktop\Elektroauto – Wikipedia.pdf [2013.03.14 09:30:54 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.14 09:02:56 | 000,377,856 | ---- | C] () -- C:\Users\RK\Desktop\gmer_2.1.19155.exe [2013.03.14 09:01:12 | 000,050,477 | ---- | C] () -- C:\Users\RK\Desktop\Defogger.exe [2013.03.14 00:38:35 | 000,684,626 | ---- | C] () -- C:\Users\RK\Desktop\Für alle Hilfesuchenden Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.pdf [2013.02.13 10:56:03 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.02.13 10:55:41 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.02.13 10:49:06 | 000,000,020 | ---- | C] () -- C:\Windows\èù¥ [2012.12.03 18:13:33 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini [2012.08.24 15:49:07 | 000,000,351 | ---- | C] () -- C:\Users\RK\Spiele - Verknüpfung.lnk [2012.08.19 23:35:19 | 000,007,168 | ---- | C] () -- C:\Users\RK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 17:11:54 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.05.01 09:04:19 | 000,004,096 | -H-- | C] () -- C:\Users\RK\AppData\Local\keyfile3.drm [2012.04.22 21:06:23 | 000,017,408 | ---- | C] () -- C:\Users\RK\AppData\Local\WebpageIcons.db [2012.04.16 17:33:31 | 000,000,173 | ---- | C] () -- C:\Users\RK\AppData\Local\msmathematics.qat.RK [2012.04.05 15:49:54 | 000,180,008 | ---- | C] () -- C:\Windows\SETUP1.EXE [2012.03.02 17:20:08 | 000,007,600 | ---- | C] () -- C:\Users\RK\AppData\Local\Resmon.ResmonCfg [2012.01.08 22:13:51 | 000,245,528 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.01.08 22:13:51 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011.12.29 11:18:44 | 000,125,426 | ---- | C] () -- C:\Windows\cgmxp32.ini [2011.12.28 16:20:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.28 16:14:26 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.12.28 16:14:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.12.26 18:55:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.26 23:49:11 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\DVDVideoSoft [2013.01.15 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\FileZilla [2012.01.09 11:32:33 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Leadertech [2012.08.19 23:38:09 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia [2012.08.19 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Nokia Suite [2012.09.18 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Opera [2012.02.28 10:10:10 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\PC Suite [2013.02.13 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Swiss Academic Software [2012.01.11 17:01:46 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Sync App Settings [2013.03.14 00:35:59 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\temp [2012.02.01 08:42:27 | 000,000,000 | ---D | M] -- C:\Users\RK\AppData\Roaming\Trillian ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.03.2013 17:23:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RK\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,85% Memory free
3,98 Gb Paging File | 3,13 Gb Available in Paging File | 78,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,00 Gb Total Space | 1,97 Gb Free Space | 3,03% Space Free | Partition Type: NTFS
Drive D: | 46,69 Gb Total Space | 2,79 Gb Free Space | 5,97% Space Free | Partition Type: NTFS
Computer Name: ROBERT-PC | User Name: RK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0079B8EF-A4E2-4862-96F4-F29C00490744}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\set.exe |
"{0273A601-5074-4EA1-A0EB-CB93792189AB}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideocameraautoplaymanager.exe |
"{034EADA1-C349-48C3-ABD3-7140A2591315}" = dir=out | app=%programfiles%\google\update\download\{430fd4d0-b729-4f61-aa34-91526481799d}\1.3.21.115\googleupdatesetup.exe |
"{037B8C48-3A7A-4C0A-AE0A-3E699D7711FD}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe |
"{043A57E5-78E6-4BF2-8085-2F06265D1790}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe |
"{04CA5362-B4F9-44C6-9B65-FD62DD091BB1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe |
"{04CD64A7-28FA-48FB-B71D-90DFBA406298}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_inst.exe |
"{0546E6A3-D209-407C-A1C6-C5C4ED862E18}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\itype.exe |
"{05D2FCD1-8442-4FBF-A855-E733040B5633}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe |
"{073181B5-E6C9-4847-8803-10506DAD49D3}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousinfo.exe |
"{0A1E443B-D8FA-4BDF-A018-AB86C878BD0E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\touchmousepractice.exe |
"{0AFA7149-7067-409B-A04A-9A10419BF2EE}" = dir=out | app=%programfiles%\sigmatel\c-major audio\setup.exe |
"{0C665A56-4AA6-424A-86C5-FF744C8AAC8C}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe |
"{0CDE49E1-A8C4-4144-BAB1-799BEF0BFB7A}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe |
"{0EE57F5F-37D7-4E2B-9226-6C86BDA8EA5D}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe |
"{0F951987-3A50-4662-BA89-8F8847A8BC16}" = dir=out | app=%programfiles%\common files\hewlett-packard\scanjet\bin\hpsjrreg.exe |
"{10189993-0D07-41E0-9B11-FDC4C745D910}" = dir=out | app=%programfiles%\hp\hp software update\hpwucli.exe |
"{1097A53B-C01F-459D-BF4D-B2381988DEC9}" = dir=out | app=%programfiles%\common files\nokia\mpapi\mpapi3s.exe |
"{110B43CC-925E-4A75-99F7-3CE212A1BCD7}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32c.exe |
"{1110A76C-09F4-4735-9BD9-71EDF40365A5}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe |
"{14599659-A902-43A2-A23D-8AF8060B7FC0}" = dir=out | app=%programfiles%\microsoft games\freecell\freecell.exe |
"{15184DF7-4C4D-4416-8A3F-40077CC5DD56}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzrcv01.exe |
"{1862159F-C8FF-4B1E-8A22-E92E6713D148}" = dir=out | app=%programfiles%\paint.net\pdnrepair.exe |
"{1C733848-A55B-404F-82BD-C22128465777}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\sweb.exe |
"{1D2B556E-E6ED-44DE-A4DD-41E31752D590}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbupdatechecker.exe |
"{1FBE7388-1878-484D-ACF2-78508BB3F9A0}" = dir=out | app=%programfiles%\windows media player\wmpshare.exe |
"{2410FF93-CCF2-479F-BF5B-C036744AE0C9}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\ipoint.exe |
"{27E946EE-CFA0-45EC-9565-931544EB4466}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxalbumdownloadwizard.exe |
"{28B907FB-3D2B-46C3-99D2-649AB4042D17}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\updchecker.exe |
"{28E414B8-7477-4B11-ADC9-21381958E2E7}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxquicktimecontrolhost.exe |
"{2B383911-75DE-4125-A3C0-8B379898D560}" = dir=out | app=%programfiles%\windows media player\wmpsideshowgadget.exe |
"{2C8AB345-5908-446B-AB33-5D54E1C11048}" = dir=out | app=%programfiles%\windows media player\wmpdmc.exe |
"{2CC348DD-18A9-49EA-BD62-2AA1E251DEA8}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxtranscode.exe |
"{2D2C77D7-8ADD-40A5-9DF0-1DA9C284222B}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\fifa 09_code.exe |
"{2DE75529-7D14-4B2E-8FC4-0930D74EE96F}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponentssilent.exe |
"{2E31EB50-99E9-46DB-A1F7-AEDFA68BBDCC}" = dir=out | app=%programfiles%\microsoft games\solitaire\solitaire.exe |
"{2F53687F-F82F-4B2C-87A9-810DA94DD1DB}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\set.exe |
"{32FB258C-19D5-4681-93CE-23499C653910}" = dir=out | app=%programfiles%\allway sync\bin\syncappw.exe |
"{33369236-BED9-4683-AC43-9E15D881AA5E}" = dir=out | app=%programfiles%\logitech\ereg\ereg.exe |
"{333F2ED6-A086-4203-8E6C-05A1C9EA845E}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotoacquirewizard.exe |
"{33586279-F8DF-4554-99B5-D84007358C58}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\connectionmanager.exe |
"{394343B5-7993-4AE3-AB4C-07A652163D0F}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxvideoacquirewizard.exe |
"{3ADADFC8-3AE0-4DE1-B902-E31AD5734E6E}" = dir=out | app=%programfiles%\windows media player\wmprph.exe |
"{3C590437-E664-4DE9-BACD-7D3962D63FA3}" = dir=out | app=%programfiles%\windows live\contacts\wlcomm.exe |
"{3D4C55AE-B41E-4578-B6A6-A48F03D246F5}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzpnp01.exe |
"{3D9C77C5-5332-4F61-8AF9-95D2E66ECDC4}" = dir=out | app=%programfiles%\gs\gs9.00\bin\gswin32.exe |
"{3DDB5EC0-DC3A-4D37-A41F-9064D1C983DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe |
"{3E9EB27E-4CD0-40B2-9F47-A2CD608F13B2}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogallery.exe |
"{3EFA3DBC-F26B-457C-9195-9D8F32011A5E}" = dir=out | app=%programfiles%\activision\thps2\thps2setup.exe |
"{3FC91082-6B2A-4A64-86AE-D637ED9FDCFB}" = dir=out | app=%programfiles%\microsoft mathematics\mathapp.exe |
"{414357ED-8F80-4CE2-8687-D13E471B5091}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxcodechost.exe |
"{4C2121E2-DE58-4329-BBDB-FE41F19D20FE}" = dir=out | app=%programfiles%\windows live\installer\wlarp.exe |
"{4CE7E69C-34B2-4F5A-9B72-A4038A03A91F}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\btwizard.exe |
"{536928D9-3BB2-4A10-808D-58581864DE3F}" = dir=out | app=%programfiles%\winamp\uninstwa.exe |
"{53B8D633-64CE-4F69-803D-E37BD68B7701}" = dir=out | app=%programfiles%\windows media player\wmpenc.exe |
"{540EBCEF-956D-4256-A6F1-4374636DC748}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\onetouchaccess.exe |
"{55C08F72-E253-4965-96DD-CE471DB3DF20}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\agcp.exe |
"{56051BF7-7162-40B3-B87B-4AEEBE06F793}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsync2.exe |
"{56680FC8-EF51-421A-B42E-DCD8C094768D}" = dir=out | app=%programfiles%\windows media player\wmlaunch.exe |
"{5908627A-93CD-4CCE-975C-09FB5BA38CFC}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\!isrs1.exe |
"{5913C5C3-3646-42B6-9F49-27A0BD6AC277}" = dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59F05DB9-8B87-45AD-9741-B044A81F4594}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C30B6CF-6C43-4956-A6CE-4E8BC0076E7D}" = dir=out | app=%programfiles%\google\update\download\{eeaab3af-8e11-491f-be19-5fb80c829945}\googleupdatesetup.exe |
"{5EE0DA65-1EFA-45D4-99F9-5BCCA689CE85}" = dir=out | app=%programfiles%\logitech\lws\webcam software\lws.exe |
"{5F619AE8-02B7-46DF-B467-47FB44250A8E}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzmsi01.exe |
"{60752969-11C3-4D66-930C-D93F60C89695}" = dir=out | app=%programfiles%\microsoft mathematics\conversiontool.exe |
"{6158158D-B770-4587-AE4C-3E72D5BC8613}" = dir=out | app=%programfiles%\windows live\installer\wlstartup.exe |
"{644F8532-F9F7-4E91-B243-7C85E25EDB37}" = dir=out | app=%programfiles%\windows live\installer\langselector.exe |
"{64925DB3-5082-4415-889F-9714C9A44616}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\directx\dxsetup.exe |
"{65BE358A-F1E6-4A83-9074-9737997C6640}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\shortcuteditor_uninst.exe |
"{66097F35-AC8F-4BB1-B3DF-D398BEBB50C4}" = dir=out | app=%programfiles%\windows live\installer\wlsettings.exe |
"{665BA24B-9178-4ECE-81B0-6C996A8AB8C1}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tvpi.exe |
"{684E9CE2-37DC-4452-8E7E-5539A061C227}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\agcp.exe |
"{6AB8E713-8E3B-48C4-B5F9-8283C749F807}" = dir=out | app=%programfiles%\google\update\googleupdate.exe |
"{6F307793-BEC9-420A-B88E-46F710489567}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst32.exe |
"{71CD78B6-AC38-485F-8A29-F52E95D6C1BE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\conversionhandler.exe |
"{7205C0E1-DB31-403C-8FD6-19791D7A0D3F}" = dir=out | app=%programfiles%\logitech\lws\webcam software\camerahelpershell.exe |
"{7482FEE6-EF09-4BC1-9EB2-449D08887B48}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\coregen.exe |
"{76F7A2F2-7A05-4AE3-B658-486ABDB6C878}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe |
"{774DDA47-C338-4D23-A201-941EC7084CE0}" = dir=out | app=%programfiles%\common files\borland shared\bde\bdeadmin.exe |
"{7894F630-FAB1-4BCA-9B5B-6DE3376B6924}" = dir=out | app=%programfiles%\paint.net\updatemonitor.exe |
"{7939DCB3-9E02-448A-B3BF-55E9016D9099}" = dir=out | app=%programfiles%\logitech\lws\webcam software\launcher_main.exe |
"{7B552D93-3E67-4F09-BC8A-E51FEFFE863B}" = dir=out | app=%programfiles%\microsoft games\mahjong\mahjong.exe |
"{7B9D42DB-4ADB-4759-AC1E-C8345135B7EE}" = dir=out | app=%programfiles%\common files\logishrd\wuapp32.exe |
"{7C9CA0E4-BF2A-49BF-BDD8-5FD180140529}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsynclv.exe |
"{7CAB45A9-B07D-4577-BE47-B27FD48F92A7}" = dir=out | app=%programfiles%\logitech\lws\webcam software\motiondetection.exe |
"{7E33C7F2-D8A7-4A93-BEAA-5A25D50095B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\videomanager.exe |
"{7F88B92B-342E-4B73-97F1-02D010A38F95}" = dir=out | app=%programfiles%\rainlendar2\rainlendar2.exe |
"{826BC003-D6A3-4D96-B92C-596A9479D212}" = dir=out | app=%programfiles%\paint.net\setupngen.exe |
"{82A1E441-9567-4857-833C-70B5EFA75301}" = dir=out | app=%programfiles%\microsoft silverlight\4.1.10329.0\silverlight.configuration.exe |
"{840467FE-789E-40E4-94E1-51DB3EECD0BC}" = dir=out | app=%programfiles%\ea sports\fifa 09\fifa09.exe |
"{842C5A14-6376-46DE-926D-3D15ECA48A87}" = dir=out | app=%programfiles%\hp\digital imaging\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup.exe |
"{8583CCCF-939F-4584-979C-B3049987E06C}" = dir=out | app=%programfiles%\common files\dvdvideosoft\fixcomponents.exe |
"{861F0389-B226-422A-B3BA-1DCBD1D1B255}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unopkg.exe |
"{88C4E078-8825-40D7-8675-BF9F2E1B8EF9}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\smath.exe |
"{89CD7F1A-38F8-48CC-8FF2-B71590B56239}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe |
"{8CC2A0F0-F5F8-4B6F-8B35-F20F1BEE0CA9}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\earegister.exe |
"{8CFD21C5-CC02-4ADA-A752-29DA758E7DEB}" = dir=out | app=%programfiles%\microsoft games\hearts\hearts.exe |
"{8EA5AFC0-17C4-49D8-8473-857871392636}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe |
"{92543C76-1252-4DAC-B7AA-54E47CC31F63}" = dir=out | app=%programfiles%\microsoft games\spidersolitaire\spidersolitaire.exe |
"{9486A45A-C8AF-4ACB-9B5A-5B39CD7555FB}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebasegui.exe |
"{95ED97C4-735D-4969-9ABF-DA4484F56834}" = dir=out | app=%programfiles%\common files\dvdvideosoft\freestudiomanager.exe |
"{978C1F79-CC11-4D1E-90EC-47670A6DE634}" = dir=out | app=%programfiles%\ea sports\fifa 09\support\eadm\eadm-installer.exe |
"{9DB418D7-6A03-4A8B-8E11-48D582733978}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\xmas05.exe |
"{9E53457C-8AEB-4D28-B9D3-82FAB2A02546}" = dir=out | app=%programfiles%\logitech\lws\video mask maker\videomaskmaker.exe |
"{9F8EEFF6-A27F-49B3-B6E0-4255D98CEFEA}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mskey.exe |
"{A0705658-781B-40B8-A505-39D0D178A47E}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\setup.exe |
"{A30516E7-B2FD-4737-8FF4-F0F968E2CF61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A33FC3D3-BDB1-4194-A4CE-767CB0CD28B1}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\getconnected.exe |
"{A50B5113-B9B5-4FAB-85F5-75F80D7045B0}" = dir=out | app=%programfiles%\microsoft mathematics\triangletool.exe |
"{A5F9C162-A7F6-4B52-9DB0-1D67AB074EB2}" = dir=out | app=%programfiles%\audiograbber\lame.exe |
"{A75A25C1-2824-4697-94BE-E42E3ABCC6A8}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmservice.exe |
"{A7A1526E-131C-4D35-A486-DE71444674DE}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{A8069ED4-B198-4382-BE3F-1DA5D5921C42}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\applicationinstaller.exe |
"{A98ECF79-D641-4C26-9F8B-EEFA520F59CA}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\unins000.exe |
"{A9DC367D-DFBD-4686-A51E-2935D027C795}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\kte.exe |
"{AAADD2EB-785C-4C13-8FA5-6CB1A0CDC692}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\python.exe |
"{AB5B109B-9EF3-47B3-A44B-922B5CDCCBA6}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzscr01.exe |
"{AE337DB1-7B54-4B7B-8AF6-9D6DBDC5553B}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\edmanager09.exe |
"{B18B0D2D-5219-45CA-B64D-73F01E7227CA}" = dir=out | app=%programfiles%\windows media player\setup_wm.exe |
"{B1D5416B-AEDB-4C9A-9D2B-7EB4061AADD7}" = dir=out | app=%programfiles%\winamp\winamp.exe |
"{B2F4443A-BA33-43C5-9697-300C1545A68B}" = dir=out | app=%programfiles%\digital publishing\isrs1_16_689518\isrs1.exe |
"{B35D0E49-F205-4AF1-B54F-7547368DFDFD}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\silverlight.configuration.exe |
"{B419DD5D-ECF7-4696-85E7-B8A08AE94945}" = dir=out | app=%programfiles%\windows media player\wmpconfig.exe |
"{B43EE9AE-8E3D-4883-9D0D-339476B2312F}" = dir=out | app=%programfiles%\microsoft games\minesweeper\minesweeper.exe |
"{B621870B-E97F-4B00-AB49-65BA256329A5}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\adrlist.exe |
"{B752FEFA-7470-4A6B-876E-4F4E40B05FC3}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\tmmonitor.exe |
"{B9637847-0009-40FD-BFA9-3D14B26780CB}" = dir=out | app=%programfiles%\western digital\wd smartware\wd drive manager\wddmstatus.exe |
"{BA4D3944-83F7-4563-A842-371EC8811308}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\imagestore.exe |
"{BB9C3583-AE3A-447C-9901-88EE6708F236}" = dir=out | app=%programfiles%\motogp\motogp.exe |
"{BBA76351-3959-4EBD-BF08-773D92539526}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\unoinfo.exe |
"{BDB1136C-D200-4FBA-AA90-908C2289594A}" = dir=out | app=%programfiles%\videolan\vlc\vlc.exe |
"{BE8D3ABA-C74B-402A-BDDF-627268FFB7CB}" = dir=out | app=%programfiles%\ml\englisch\englisch.exe |
"{C12ED538-6440-4315-99C6-DC6D8F02822B}" = dir=out | app=%programfiles%\microsoft games\purble place\purbleplace.exe |
"{C341059B-172B-42CC-BCBB-4608E09251B9}" = dir=out | app=%programfiles%\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C57031BE-06BC-4573-8092-B64F450243E1}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe |
"{C585C3F7-4A21-4179-989D-282E6EB0F2AF}" = dir=out | app=%programfiles%\windows live\photo gallery\wlxphotogalleryrepair.exe |
"{C58F63C5-2E98-40A3-88A8-41140C67840E}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\eauninstall.exe |
"{C59C3094-246A-4315-984F-6EE216516178}" = dir=out | app=%programfiles%\windows media player\wmpnscfg.exe |
"{C85DD59E-BDA1-4D50-97FB-9C84DC254B66}" = dir=out | app=%programfiles%\windows live\photo gallery\moviemaker.exe |
"{C9A830FA-D5D4-4309-9533-615784E70F19}" = dir=out | app=%programfiles%\activision\thps2\thawk2.exe |
"{CD511695-B3E9-4EC3-83D2-82D8520D8898}" = dir=out | app=%programfiles%\winamp\winamp.exe |
"{CE905723-5A37-4F9C-B914-1622EAFF2653}" = dir=out | app=%programfiles%\dvd maker\dvdmaker.exe |
"{CEA3EB6D-DA03-47C0-B65C-874A449F6657}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{D4D1FC55-C095-4E31-A9F6-36EDE4BAE514}" = dir=out | app=%programfiles%\microsoft mathematics\mathset.exe |
"{D6DF2EF7-6701-4CCF-BAB5-984A78C1CBD2}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\rebaseoo.exe |
"{D86185A4-27A2-42C0-949F-AF1584B82F43}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\pcsuite.exe |
"{DF74A2A2-36E3-4212-AB9B-2E969E14FAF7}" = dir=out | app=%programfiles%\hp\temp\{b61ed343-0b14-4241-999c-490cb1a20da4}\setup\hpzstub.exe |
"{E02F8F20-486A-4485-846D-C2BE8C0A3FE8}" = dir=out | app=%programfiles%\nokia\connectivity cable driver\setupextcmb.exe |
"{E0FB6FE3-88C4-4181-B595-CEA7AD9684A8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E2871BA3-E8B1-4152-AD65-86193DAD5F70}" = dir=out | app=%programfiles%\audiograbber\audiograbber.exe |
"{E45626BE-6909-43D5-AFE7-3E1198874033}" = dir=out | app=%programfiles%\ea sports\fussball manager 09\manager09.exe |
"{E654EFE8-D247-45BD-9F2A-B2B07C579979}" = dir=out | app=%programfiles%\paint.net\paintdotnet.exe |
"{E7786615-0B9D-4EF2-80A4-5F764E541F3A}" = dir=out | app=c:\program files\windows media player |
"{E7FE04B3-EFC3-4789-99DB-B82FDE5E27C6}" = dir=out | app=%programfiles%\freepdf_xp\freepdf.exe |
"{E9D3D17A-AC28-4047-9038-55E28B5AE28F}" = dir=out | app=%programfiles%\protectdisc driver installer\uninstall_v10.exe |
"{EACEDC3E-A669-49CC-843F-B6A38175DB8F}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\dbstart.exe |
"{EB0B22FA-169D-4892-B687-6910C8F6A853}" = dir=out | app=%programfiles%\microsoft games\chess\chess.exe |
"{EC2836AB-0BA8-4D49-BEC9-F44CEB2E7BAC}" = dir=out | app=%programfiles%\microsoft silverlight\sllauncher.exe |
"{F051501F-952C-43BA-8572-E2050A1DC6F4}" = dir=out | app=%programfiles%\sun\sun odf plugin for microsoft office 3.2\program\soffice.exe |
"{F0F1D133-763F-4ACB-944D-AA45DE994F9E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\communicationcentre.exe |
"{F33C87A1-017E-4AC1-871E-8616BDABC6E2}" = dir=out | app=%programfiles%\winamp\elevator.exe |
"{F348BD7D-88BB-4A8F-9E18-36C751B4290F}" = dir=out | app=%programfiles%\tv ir\tv ir.exe |
"{F81631AF-6C58-4862-8296-191EAE156646}" = dir=out | app=%programfiles%\difx\270581355a767bf1\dpinst.exe |
"{FB7B74AD-70C9-4B61-B553-A2037D609BFD}" = dir=out | app=%programfiles%\data becker\weihnachts-druckerei\jpg2pdf.exe |
"{FC87C50B-7DBB-4E01-AC4F-51069C090792}" = dir=out | app=%programfiles%\microsoft silverlight\5.1.10411.0\coregen.exe |
"{FD2C9A1A-F4B8-45DC-8D21-6493C4C8B208}" = dir=out | app=%programfiles%\microsoft mouse and keyboard center\mousekeyboardcenter.exe |
"{FD4A40BC-739A-4D50-B462-BD10D2A4067E}" = dir=out | app=%programfiles%\nokia\nokia pc suite 7\contentcopier.exe |
"{FD73DA9A-3DF9-4E7F-A2CE-A172885B0DEC}" = dir=out | app=%programfiles%\digital publishing\kte_16_689498\!kte.exe |
"{FE7EEA89-DDCC-44E1-890C-1D38DECAE1F2}" = dir=out | app=%programfiles%\paint.net\wiaproxy32.exe |
"{FFFA4A84-1142-47B0-8E30-776E34240446}" = dir=out | app=%programfiles%\hp\hp software update\hpwuschd2.exe |
"TCP Query User{36E2BCBB-4AB4-455D-BC6E-E6626F03B7EB}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{50311390-6BF5-4351-A028-59AD01948D14}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CC40E7FE-AE68-4529-A2DE-E35E61885611}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"TCP Query User{FF98523B-F2D5-4351-9BFB-54A2043AEF5E}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{0017E05A-4333-4407-8566-4E976F48465A}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{0655DFA6-6095-48F1-8A4F-9BCC0F5D25C9}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{41D3BBE5-9B5A-4431-BF74-0DF8DE67B6B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{480DDFD5-2EB1-43F4-BEA8-49487A321A9B}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B8EC0AD1-E8E3-42C3-9BAB-6A14E96FD136}" = Microsoft-Maus- und Tastatur-Center
"{BC3804E5-77CC-47A0-8BD5-797355A26BA3}" = WD SmartWare
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1FD1627-2EAF-48CB-A333-42D39BCB096D}" = TV IR
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7B205927ED4CE1D9763ED45C77FBF03B695208C0" = Windows-Treiberpaket - Ricoh R5U870 (UVC) (02/28/2007 6.1008.207.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 9.4.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.6
"FreePDF_XP" = FreePDF (Remove only)
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"InstallShield_{0CE5D71A-15AE-477A-BD1F-5347562CB0BC}" = MD86351 driver install
"ISRS1_16_689518" = Interaktive Sprachreise - Sprachkurs 1 Español
"KTE_16_689498" = Interaktive Sprachreise - Kommunikationstrainer English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatlabR2010b" = MATLAB R2010b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"MotoGP_is1" = MotoGP
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiLingua Vokabeltrainer Englisch" = MultiLingua Vokabeltrainer Englisch
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PaperCut NG Client_is1" = PaperCut NG Client 10.7
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Trillian" = Trillian
"TVWiz" = Intel(R) TV Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.03.2013 16:27:57 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 12.03.2013 16:27:57 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 12.03.2013 16:46:09 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 12.03.2013 16:46:09 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 12.03.2013 21:05:25 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 12.03.2013 21:05:25 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 12.03.2013 21:30:34 | Computer Name = Robert-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
Error - 12.03.2013 21:30:34 | Computer Name = Robert-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x8007043c).
Error - 13.03.2013 13:15:41 | Computer Name = Robert-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.03.2013 15:30:18 | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Manager09.exe, Version: 1.0.0.0,
Zeitstempel: 0x48e6586a Name des fehlerhaften Moduls: GfxCore.dll, Version: 0.0.0.0,
Zeitstempel: 0x48e65406 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00296812 ID des fehlerhaften
Prozesses: 0x95c Startzeit der fehlerhaften Anwendung: 0x01ce2021249c1736 Pfad der
fehlerhaften Anwendung: C:\Program Files\EA Sports\FUSSBALL MANAGER 09\Manager09.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\EA Sports\FUSSBALL MANAGER 09\GfxCore.dll
Berichtskennung:
6fca68b3-8c14-11e2-9f23-0013a9c0c8e8
[ OSession Events ]
Error - 17.02.2012 19:35:08 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 714
seconds with 60 seconds of active time. This session ended with a crash.
Error - 17.12.2012 12:41:31 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 237
seconds with 0 seconds of active time. This session ended with a crash.
Error - 20.12.2012 20:00:44 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57352
seconds with 720 seconds of active time. This session ended with a crash.
Error - 27.12.2012 10:00:30 | Computer Name = Robert-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4519
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 14.03.2013 12:14:30 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 14.03.2013 12:14:33 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 14.03.2013 12:18:32 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = PNRPSvc | ID = 102
Description =
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535
Error - 14.03.2013 12:19:16 | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-14 21:14:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 FUJITSU_MHW2120BH rev.00000012 111,79GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\RK\AppData\Local\Temp\kgdiqpow.sys
---- System - GMER 2.1 ----
SSDT 95209306 ZwCreateSection
SSDT 95209310 ZwRequestWaitReplyPort
SSDT 9520930B ZwSetContextThread
SSDT 95209315 ZwSetSecurityObject
SSDT 9520931A ZwSystemDebugControl
SSDT 952092A7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E4C9E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E861C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E8D30C 4 Bytes [06, 93, 20, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82E8D668 4 Bytes [10, 93, 20, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E8D6AC 4 Bytes [0B, 93, 20, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82E8D728 4 Bytes [15, 93, 20, 95]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82E8D77C 4 Bytes [1A, 93, 20, 95]
.text ...
.reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x94DBBB80, 0x37FC7, 0xE0000060]
.reloc C:\Windows\system32\drivers\acedrv10.sys section is executable [0x9816F000, 0x459C1, 0xE0000060]
---- EOF - GMER 2.1 ----
Wie soll ich weiter vorgehen? Ist eine vollständige Bereinigung des Systems möglich? Da ich keine weiteren infizierten Dateien und wenig Zeit für ein Neuaufsetzen des PC's habe, hoffe ich sehr, dass ein Bereinigen des Systems möglich ist!? Ich hoffe sehr, dass Ihr mir weiterhelfen könnt. Vielen Dank für die Mühen schon einmal im Vorraus. RK PS: Leider habe ich es nicht geschafft, die Links von einzelnen Wörtern zu deaktivieren. |
| Themen zu PUP.RewardsArcade in Registrierungsschluessel |
| 2 infizierte dateien, 32 bit, 7-zip, adobe reader xi, antivir, audiograbber, autorun, becker, browser, converter, defender, error, fehler, firefox, flash player, format, frage, ftp, helper, iexplore.exe, install.exe, kaspersky, logfile, lws.exe, mozilla, office 2007, officejet, plug-in, programm, registry, rundll, security, senden, software, udp, wörter |
Baum-Darstellung