| |
| |||||||
Log-Analyse und Auswertung: Backdoor.Trojan Befall: dxgiau.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.06.2013, 12:59
| #1 |
| |  Backdoor.Trojan Befall: dxgiau.exe Hallo an die Gemeinschaft! Gestern ist es mir passiert: Nach all den Jahren - Anhang geöffnet ( ein Zip file) mit vermeintlicher O2 Rechnung... mein Norton hat nicht gemault, und seitdem hatte ich alle Hände voll zu tun. Hier mal die Historie von Norton : Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 26.06.2013 09:42:12,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 25.06.2013 16:33:21,Hoch,Backdoor.Trojan erkannt von Virenscanner,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\desktop\ihre_o2_bestellung-8615095878.zip 25.06.2013 15:36:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 15:30:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 15:24:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 15:23:51,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\dxgiau.exe 25.06.2013 15:18:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 15:12:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 15:06:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 15:00:45,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 14:58:18,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\dxgiau.exe 25.06.2013 14:56:09,Hoch,dxgiau.exe (WS.Trojan.H) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\dxgiau.exe 25.06.2013 14:54:03,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 14:48:03,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 14:42:02,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 14:36:02,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 14:30:02,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Blockiert,Behoben - Keine Aktion erforderlich, 25.06.2013 14:30:00,Hoch,dxgiau.exe (Backdoor.Trojan) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\dxgiau.exe 25.06.2013 13:51:26,Hoch,1365380237.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\local\temp\1365380237.exe 25.06.2013 13:48:57,Hoch,1365404668.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\local\temp\1365404668.exe 25.06.2013 13:47:33,Hoch,1365395751.exe (SONAR.Heuristic) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\***\appdata\local\temp\1365395751.exe Damit schon mal die einzelnen Namen drin: dxgiau, 1365380237, 1365404668 und 1365395751 Norton hat dann ein Entfernungstool ins Spiel gebracht und anschließend gemeldet, dass Backdoor.Trojan volständig entfernt wurde - das ist nun die Frage... Ich habe entsprechend logfiles erstellt: OTL: Code:
ATTFilter OTL logfile created on: 26.06.2013 10:56:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 51,21% Memory free 6,07 Gb Paging File | 4,54 Gb Available in Paging File | 74,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,35 Gb Total Space | 31,41 Gb Free Space | 14,13% Space Free | Partition Type: NTFS Drive D: | 10,53 Gb Total Space | 1,36 Gb Free Space | 12,96% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe PRC - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE PRC - [2013.03.31 14:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2013.03.19 12:55:46 | 000,169,096 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe PRC - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2012.05.07 13:11:42 | 004,174,848 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2010.04.02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe PRC - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006.12.22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe PRC - [2006.03.01 16:06:22 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 07:28:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013.05.16 07:25:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013.05.16 07:23:40 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2673a8a481ae675588349b79b521cec1\PresentationFramework.ni.dll MOD - [2013.05.16 07:22:43 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a3968930e9e2ae833447b0a280082073\PresentationCore.ni.dll MOD - [2013.05.16 07:21:58 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fe2a238282c6fedc2a21b3dd25885437\WindowsBase.ni.dll MOD - [2013.01.10 09:41:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll MOD - [2013.01.10 09:25:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 09:25:20 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.ni.dll MOD - [2013.01.10 09:25:20 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.Wrapper.dll MOD - [2013.01.10 09:25:18 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll MOD - [2013.01.10 09:23:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7d59f2903b3f994f38b160cd32ccd1a0\System.Xml.ni.dll MOD - [2013.01.10 09:21:30 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 09:19:47 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll MOD - [2013.01.10 09:19:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 09:15:54 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 09:15:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.04.11 04:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2008.09.30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008.09.30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008.09.30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008.09.30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008.09.30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008.09.30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008.09.30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008.09.30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008.09.23 18:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007.08.14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2004.12.26 20:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) SRV - File not found [Auto | Stopped] -- C:\Program Files\ZBD Displays\Bounce\BounceComms\RFV3\BounceCommV3Service.exe -- (BounceCommV3) SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2013.06.12 09:39:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate) SRV - [2013.04.02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc) SRV - [2013.03.19 12:55:46 | 000,169,096 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2011.03.11 14:00:12 | 003,492,624 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Sage Online-Backup Client\hrfscore.exe -- (humyo.com) SRV - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013.05.31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA) DRV - [2013.05.22 07:15:21 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130625.023\NAVEX15.SYS -- (NAVEX15) DRV - [2013.05.22 07:15:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.05.22 07:15:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130625.023\NAVENG.SYS -- (NAVENG) DRV - [2013.05.21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS) DRV - [2013.05.16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP) DRV - [2013.04.25 02:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv) DRV - [2013.04.16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.sys -- (ccSet_NIS) DRV - [2013.03.19 17:12:42 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130625.001\IDSvix86.sys -- (IDSVix86) DRV - [2013.03.15 13:52:10 | 000,608,136 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2013.03.15 13:52:10 | 000,295,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2013.03.15 13:52:10 | 000,244,040 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2013.03.13 22:39:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2013.03.05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ironx86.sys -- (SymIRON) DRV - [2013.03.05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX) DRV - [2012.08.09 09:07:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.03.31 16:38:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.03.11 14:01:12 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\hrfsmrx.sys -- (hrfsmrx) DRV - [2010.09.26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3) DRV - [2009.07.27 16:27:10 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009.05.08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev) DRV - [2008.10.03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.17 18:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid) DRV - [2008.06.29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.03 10:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.11.06 16:01:52 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} IE - HKLM\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/webResults.html?src=ieb&q={searchTerms} IE - HKLM\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588 IE - HKCU\..\SearchScopes\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=4A1CEBC2-BBED-458A-9060-24499D9A9D6F&apn_sauid=E0DCB415-2087-4B71-884C-A966358A60C6 IE - HKCU\..\SearchScopes\{7A360BA4-1A8F-4280-B75A-B45DB875B389}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKCU\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{90EFC701-DD47-46FD-98EB-1773869B5FA2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/webResults.html?src=ieb&q={searchTerms} IE - HKCU\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18 IE - HKCU\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{ED65710C-4D6F-444A-81CD-D82C168490B1}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms} IE - HKCU\..\SearchScopes\Bing: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..network.proxy.ftp: "219.234.82.84" FF - prefs.js..network.proxy.ftp_port: 33948 FF - prefs.js..network.proxy.http: "219.234.82.84" FF - prefs.js..network.proxy.http_port: 33948 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "219.234.82.84" FF - prefs.js..network.proxy.ssl_port: 33948 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.06.26 09:55:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.20 10:18:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 21:01:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 21:01:55 | 000,000,000 | ---D | M] [2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.06.19 12:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions [2010.04.28 15:36:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.23 09:33:16 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2013.04.24 10:55:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.05.06 13:17:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\DTToolbar@toolbarnet.com [2013.04.26 08:26:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\foxyproxy@eric.h.jung [2013.06.19 12:06:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\toolbar@ask.com [2012.10.16 22:45:32 | 000,087,753 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\ciuvo-extension@billiger.de.xpi [2011.09.22 15:40:19 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\finder@meingutscheincode.de.xpi [2013.04.25 09:38:01 | 000,455,995 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\toolbar_MP3RV6@apn.ask.com.xpi [2013.03.30 20:05:49 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\ask-search.xml [2013.06.19 12:06:29 | 000,002,308 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\askcom.xml [2011.03.31 16:38:21 | 000,002,059 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\daemon-search.xml [2009.11.29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\iMeshWebSearch.xml [2011.05.24 15:38:34 | 000,002,449 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\safesearch.xml [2013.04.24 10:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.11.04 20:06:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.20 10:18:27 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPLGN [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.10 12:06:02 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.11.29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: ChromeUtilPlugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\11.40869_0\background/ChromeUtilPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: MP3 Rocket Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\15.49998_0\ CHR - Extension: Ask Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\ O1 HOSTS File: ([2013.03.27 18:41:59 | 000,000,793 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 licensing1.infoware.de O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.) O2 - BHO: (MP3 Rocket Toolbar) - {4D503352-5636-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\MP3RV6\Passport.dll (APN LLC.) O2 - BHO: (billiger.de Sparberater) - {52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9} - C:\Program Files\billigerde\Internet Explorer\billigerde.dll (solute gmbh) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {4D503352-5636-006A-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\MP3RV6\Passport.dll (APN LLC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: posbote.de ([tagwerk-design] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {63716E54-1D85-481D-8D58-65507E16F25E} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EF9CC3-56C9-4D93-944A-406D3693BE15}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE39BE4F-B7E7-469F-9CC1-61EBF2C02C0A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{279c4ce7-3a32-11e1-9cd4-001f16673918}\Shell - "" = AutoRun O33 - MountPoints2\{279c4ce7-3a32-11e1-9cd4-001f16673918}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{279c4cfa-3a32-11e1-9cd4-001e101f63cf}\Shell - "" = AutoRun O33 - MountPoints2\{279c4cfa-3a32-11e1-9cd4-001e101f63cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{30cf4449-0752-11de-ba3a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{30cf4449-0752-11de-ba3a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe O33 - MountPoints2\{3dad766c-6241-11e1-8a53-001e101f79c9}\Shell - "" = AutoRun O33 - MountPoints2\{3dad766c-6241-11e1-8a53-001e101f79c9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a4fc17e0-0894-11de-9340-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a4fc17e0-0894-11de-9340-806e6f6e6963}\Shell\AutoRun\command - "" = F:\starter.exe O33 - MountPoints2\{fb96b869-d4db-11e0-a542-001f16673918}\Shell - "" = AutoRun O33 - MountPoints2\{fb96b869-d4db-11e0-a542-001f16673918}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\ShelExec.exe Index.html O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.25 15:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.25 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Piyndy [2013.06.25 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avqo [2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vak [2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Obypy [2013.06.25 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Puuswi [2013.06.25 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Fedaaf [2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yka [2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muyci [2013.06.19 12:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2013.06.06 15:10:28 | 000,000,000 | ---D | C] -- C:\Windows\Options [2013.06.06 15:09:44 | 000,426,075 | ---- | C] (Atheros) -- C:\Windows\System32\wgapi.dll [2013.06.06 15:09:44 | 000,413,765 | ---- | C] (Atheros) -- C:\Windows\System32\wcapi.dll [2013.06.06 15:09:44 | 000,335,964 | ---- | C] (Atheros) -- C:\Windows\System32\wcapiU.dll [2013.06.06 15:09:44 | 000,094,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg11resloc.dll [2013.06.06 15:09:44 | 000,086,016 | ---- | C] (Atheros) -- C:\Windows\System32\wgapiloc.dll [2013.06.06 15:09:43 | 000,311,391 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20U.dll [2013.06.06 15:09:43 | 000,299,080 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20.dll [2013.06.06 15:09:43 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20resU.dll [2013.06.06 15:09:43 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20res.dll [2013.05.29 21:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.29 21:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009.07.11 16:05:48 | 001,560,952 | ---- | C] (Microsoft Corporation) -- C:\Users\***\MGADiag.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.26 10:51:50 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.26 10:38:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.26 10:34:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.26 09:56:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.26 09:55:26 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.06.26 09:55:15 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.26 09:55:15 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.26 09:55:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.26 09:53:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.06.26 09:52:03 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.26 00:47:10 | 000,001,799 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [2013.06.25 17:16:10 | 000,002,272 | ---- | M] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5} [2013.06.25 16:33:21 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\Ihre_O2_Bestellung-8615095878.zip [2013.06.25 15:43:00 | 000,003,773 | ---- | M] () -- C:\Users\***\Desktop\Ihre O2 DSL Bestellung (Kundennummer DE98260281).eml.7z [2013.06.25 15:37:55 | 000,003,384 | ---- | M] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74} [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.25 15:21:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.06.20 14:21:13 | 000,662,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.20 14:21:13 | 000,130,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.20 14:21:12 | 000,698,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.20 14:21:12 | 000,155,734 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.20 12:29:20 | 002,542,953 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB [2013.06.20 08:46:56 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.19 10:52:31 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.06.19 10:09:25 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.06.19 10:09:25 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013.06.12 08:36:16 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2013.06.11 09:21:43 | 000,165,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.06 15:41:18 | 000,073,047 | ---- | M] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf [2013.06.04 22:44:47 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.04 22:37:21 | 436,955,763 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.04 22:06:35 | 000,000,048 | ---- | M] () -- C:\Users\Public\Documents\_rgpl [2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini [2013.06.03 22:00:01 | 000,000,052 | ---- | M] () -- C:\Windows\seumain.INI [2013.05.29 21:01:16 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.26 10:51:49 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.26 09:51:24 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.25 17:16:10 | 000,002,272 | ---- | C] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5} [2013.06.25 15:43:00 | 000,003,773 | ---- | C] () -- C:\Users\***\Desktop\Ihre O2 DSL Bestellung (Kundennummer DE98260281).eml.7z [2013.06.25 15:37:54 | 000,003,384 | ---- | C] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74} [2013.06.25 15:36:00 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\Ihre_O2_Bestellung-8615095878.zip [2013.06.25 15:21:27 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.06.06 15:41:18 | 000,073,047 | ---- | C] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf [2013.06.04 22:44:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.06.04 22:37:21 | 436,955,763 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.04 22:06:04 | 000,000,048 | ---- | C] () -- C:\Users\Public\Documents\_rgpl [2013.05.29 21:01:15 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.01.30 16:41:35 | 000,038,423 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR [2013.01.30 15:48:13 | 000,009,313 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.EML [2013.01.30 15:47:55 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2012.12.11 09:03:24 | 001,358,802 | ---- | C] () -- C:\Users\***\Wildkirsche.jpg [2012.10.25 18:03:20 | 000,008,136 | ---- | C] () -- C:\Users\***\sa_1011_real_engl_kl7_nr1_bldbay_m111519_b49360_vsmed_p01.gif [2012.10.22 21:07:46 | 000,658,433 | ---- | C] () -- C:\Users\***\EG.jpg [2012.09.21 08:17:24 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.09.17 23:11:42 | 000,364,503 | ---- | C] () -- C:\Users\***\Aaron_Jacob_Zoo2012.jpg [2012.04.13 13:03:46 | 000,024,870 | ---- | C] () -- C:\Users\***\Sage OP-Liste.pdf [2012.04.09 22:34:35 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2012.04.05 21:50:19 | 009,706,654 | ---- | C] () -- C:\Users\***\homeway-katalog.pdf [2012.02.08 00:31:04 | 000,068,427 | ---- | C] () -- C:\Users\***\jonez-3.jpg [2012.02.06 17:45:36 | 000,096,120 | ---- | C] () -- C:\Users\***\Unbenannt-1.psd [2011.10.19 19:01:15 | 000,013,214 | ---- | C] () -- C:\Users\***\K-38372379-49 Kündigung solaris-music.pdf [2011.06.30 11:00:53 | 000,000,019 | ---- | C] () -- C:\Windows\RETRIEVE.INI [2011.05.26 01:39:41 | 000,002,033 | ---- | C] () -- C:\Users\***\Google Earth.lnk [2011.04.14 22:48:44 | 001,162,866 | ---- | C] () -- C:\Users\***\Leasingunterlagen FIAT Qubo.pdf [2011.03.18 15:51:56 | 001,836,910 | ---- | C] () -- C:\Users\***\bg2.jpg [2011.02.23 13:07:49 | 000,084,105 | ---- | C] () -- C:\Users\***\RFID und Q-Thek.pdf [2011.02.09 00:26:25 | 000,329,940 | ---- | C] () -- C:\Users\***\stabau_ia.pdf [2011.02.09 00:25:03 | 000,478,457 | ---- | C] () -- C:\Users\***\stabau_iiib.pdf [2011.02.09 00:24:14 | 000,518,328 | ---- | C] () -- C:\Users\***\stabau_iiia.pdf [2010.10.20 15:24:52 | 000,002,622 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.04.19 09:01:57 | 000,000,235 | ---- | C] () -- C:\ProgramData\.old [2009.12.13 18:14:22 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image.Cache [2009.09.22 17:40:42 | 000,004,981 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2009.07.29 10:26:28 | 000,000,935 | ---- | C] () -- C:\Users\***\walli.lnk [2009.07.15 17:47:24 | 000,820,210 | ---- | C] () -- C:\Users\***\win.xps [2009.06.26 15:13:16 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.06.02 12:31:20 | 000,165,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.21 22:35:12 | 001,829,235 | ---- | C] () -- C:\Users\***\kraudn_sepp_booklet.pdf [2009.02.02 06:58:26 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.12.08 22:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT [2013.06.25 13:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avqo [2010.06.09 22:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoCreate [2011.03.31 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.04.29 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook [2013.06.25 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fedaaf [2013.03.20 18:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.04.09 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon [2009.08.25 10:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.03.08 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy [2011.03.10 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec [2011.03.18 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec.net [2013.03.30 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MP3Rocket [2013.06.25 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Muyci [2013.06.25 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Obypy [2010.01.14 19:47:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.01.14 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panasonic [2010.02.07 23:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX [2011.05.24 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup [2013.05.17 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup5 [2013.06.25 13:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Piyndy [2009.05.22 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2010.03.25 16:13:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers [2013.06.25 13:47:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Puuswi [2010.11.03 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2013.05.26 21:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SchnellStart-DVD [2011.06.30 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Schober DVD [2009.08.25 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart Label Printer [2009.12.05 16:24:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity [2010.03.25 16:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2013.02.12 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2013.03.27 13:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.01.08 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica [2010.10.20 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2011.08.19 11:43:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2012.01.15 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2009.07.28 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2011.07.26 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2013.06.25 13:47:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vak [2009.07.23 09:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs [2013.06.25 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yka ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86 < End of report > und Extras: Code:
ATTFilter OTL Extras logfile created on: 26.06.2013 10:56:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 51,21% Memory free
6,07 Gb Paging File | 4,54 Gb Available in Paging File | 74,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,35 Gb Total Space | 31,41 Gb Free Space | 14,13% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,36 Gb Free Space | 12,96% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0285DC9B-0012-4ACF-B1DF-421D90574A82}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0ACFD205-C401-4BD8-8A6C-78F26DDDCDD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{153EFBF6-165F-4271-9F58-73F1AB7A9F56}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2F34D1FE-D80F-4C82-B981-BDCF4A4A3B9E}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{3B3342B8-8399-40C1-823B-1DDACBA03F7C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8EF61537-1605-4F55-9B2D-89AA7817295D}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{9297B568-291E-4A4F-9C94-B279885ADCFA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92EA76AA-EFD8-44D1-BD80-D2E94A122DDE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A03BBBC7-4245-4173-B48F-97E437637A2A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{AA076183-14AA-4BB9-9CFB-117F9612122C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AEACFD36-46A8-4B80-9998-7EC5D26D9A87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2D268DC-0557-4FA5-9247-FDB1EA0D9D15}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9BA6642-2DA2-4592-AE49-C1E0F0D3CAD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD5A56B5-BDD9-41D5-85FA-84E03C68B8DB}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{EA1CDFF8-28F5-465D-B47F-CC58089AB6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BB0D89-24A5-436B-BC66-E1D17D6BFD29}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{07DF8700-3F3D-4539-B8E6-C9A5205F166F}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{149DE439-BC19-44C3-BC0B-B1DC2DB07C62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{18195013-26E5-4AE9-A1D1-BBD1AF9BF8B4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2239D7C9-2FFD-43DA-89A8-DDF85D21655D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{29982E9D-7369-446A-84C4-CC2E8E2EEB7E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2DD3C8EF-E168-4B87-97F4-9CA1040ED307}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F6E0103-ABA0-4A64-AFFC-8566BFB1A205}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{40DBB88A-C74A-4F05-991A-44D21D6591A6}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\dtag_dvd\dvd-start.exe |
"{4508BEE3-9A9F-452C-A607-AC5EC2B5EDAC}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{5318B654-B22F-4CF3-9DD0-1DF7615FAC4B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{59F43363-34BC-4FA0-B80C-C6981978AFA4}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{5A3B7728-F073-4621-AB7A-E58F37B81167}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5B4EF787-A103-435F-AAD9-166645554D1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E213115-65F0-41CC-BC83-6E34CEB10C92}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5FEACC46-2B1F-4872-BAC6-9E4A88FD5F3A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6072FADB-E015-4D13-BD72-73AA54EF92C4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{615A31A5-A001-4C56-BF86-6E68101E37C3}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"{65FD6B52-F3A1-46FC-A5D2-A168287ADC12}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{759865ED-A157-4E0E-95B9-0F5AB84A176D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7BE0AF97-87FB-4164-B1B8-4EB060D94E5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{892A28F2-2D54-4C0A-93BC-22C2610AE768}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8CE15FCE-597C-4792-9591-F69D56B93D55}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\dtag_dvd\dvd-start.exe |
"{92095FBD-ED68-4AF1-A284-465A44EE3C39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A23008FF-1F68-450F-9210-97D2739D6745}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ADE22E19-029D-49AB-84FE-8C7BD96090FF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C68AA946-AB6D-4282-BCBB-749BE49129CA}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"{C803A6D9-F061-408B-B169-216BEFE3F157}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CB2F176E-1443-40FA-8DB3-B8DAC5D54F0C}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"{D489ACF7-58B1-4B03-906F-A14189E4CA1B}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"{DA569BEC-BC66-4E4A-B618-77816A019387}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E526A77F-A6E2-4736-A2F8-4A0867A24B90}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E8B22305-8E68-48C7-8B03-4A176FADCC26}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\dtag_dvd\dvd-start.exe |
"{E950C2D7-C167-4915-859F-452CFC30FDCE}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EA8D5ABA-1E46-4EE2-B802-50611A11700D}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"{FE04E1AC-4A1F-48ED-A144-F551C7B96D42}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\dtag_dvd\dvd-start.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0823C022-7F0E-429E-880E-55615C3C3D9D}" = Smart Label Printer 6.9.1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0D48749F-2552-43F0-87F5-36DB92B3B251}" = Sagede.Shared.Elster.Setup
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0E89442B-18D4-4415-A325-64AFA80AEF2A}" = easySales CRM (PE)
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLBOUNCE)
"{2b829d90-b307-4922-a0ad-d71a193a4224}" = PC-Kaufmann Komplettpaket 2013
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BFD212-A55E-4D1A-9E42-DB3764B761B8}" = Sage HBCI-Kontaktverwaltung
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{38676C9C-270F-43D1-926A-E45DE8820A6B}" = BlackBerry Device Software Updater
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D503352-5636-006A-76A7-A758B70B0701}" = MP3 Rocket Toolbar
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9}" = billiger.de Sparberater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59BFA963-DDEC-40B6-889F-271C38673795}" = Sagede.Shared.Elster.Setup
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A67911E-8EB5-4F9A-8D8E-1C4CC590B914}" = Motorola Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79C61990-79BE-495C-A70E-78AA63E84CD2}" = Sage SAIP
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87B20D4E-9AD9-4B4E-9CDA-43F9711CE91A}" = OutlookSynchronisation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{883E3F79-5DC5-4126-8486-8D280F6D1D8D}" = Sagede.Shared.Elster.Setup
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A282012D-1D21-4BD9-AB1B-0F8FDEE90F60}" = RSDLite 3.9.1
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFF5CBD2-4D16-4908-864C-50BA5C10CCD1}" = Sage BankCom
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D17F7D3E-809A-4380-B001-7082C38B7767}" = eBay
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D21C9D95-DDBA-4962-899D-D1D350186555}" = WISE-FTP 5
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D958A9B6-8126-4E21-BAA9-3F2E76B20200}" = Cockpit
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E461E45A-2B48-42FA-90E1-6F36D85DF101}" = Bing Bar
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5EFAEAF-CD5F-4D63-9C69-99F941639629}" = Sage HBCI-Kontaktverwaltung
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E704A-F387-41C7-A25D-4325168390EF}" = Sagede.Shared.Elster.Setup
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"AVS Image Converter_is1" = AVS Image Converter 1.2.1.100
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"eWallet" = eWallet for Windows PCs
"EZ Audio Converter by MixMeister_is1" = EZ Audio Converter 6.0 by MixMeister
"FBDBServer_2_0_is1" = Firebird 2.0.1
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Flash&Backup3" = Flash&Backup
"FLV Player" = FLV Player 2.0 (build 25)
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HFRS_is1" = Sage Online-Backup Client
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Rocket" = MP3 Rocket
"NEATO MediaFACE" = NEATO MediaFACE
"Netzmanager" = Netzmanager
"NIS" = Norton Internet Security
"Personal Backup 5_is1" = Personal Backup 5.3
"Personal Backup_is1" = Personal Backup 4.5
"PROHYBRIDR" = 2007 Microsoft Office system
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Revo Uninstaller" = Revo Uninstaller 1.87
"Startup_Manager_is1" = Startup Manager 2.4.2
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = MP3 Rocket Toolbar Updater
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.06.2013 10:25:19 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
konnte nicht gefunden werden. bei System.IO.__Error.WinIOError(Int32 errorCode,
String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode,
FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share, Int32 bufferSize) bei System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) bei System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) bei System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml
Error - 25.06.2013 18:27:58 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.06.2013 18:29:57 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
konnte nicht gefunden werden. bei System.IO.__Error.WinIOError(Int32 errorCode,
String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode,
FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share, Int32 bufferSize) bei System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) bei System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) bei System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml
Error - 25.06.2013 18:44:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 25.06.2013 18:46:05 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
konnte nicht gefunden werden. bei System.IO.__Error.WinIOError(Int32 errorCode,
String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode,
FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share, Int32 bufferSize) bei System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) bei System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) bei System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml
Error - 26.06.2013 03:09:30 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.06.2013 03:10:14 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
konnte nicht gefunden werden. bei System.IO.__Error.WinIOError(Int32 errorCode,
String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode,
FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share, Int32 bufferSize) bei System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) bei System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) bei System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 26.06.2013 03:58:19 | Computer Name = ***-PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
konnte nicht gefunden werden. bei System.IO.__Error.WinIOError(Int32 errorCode,
String maybeFullPath) bei System.IO.FileStream.Init(String path, FileMode mode,
FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)
bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
FileShare share, Int32 bufferSize) bei System.Xml.XmlDownloadManager.GetStream(Uri
uri, ICredentials credentials) bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
String role, Type ofObjectToReturn) bei System.Xml.XmlReader.Create(String inputUri,
XmlReaderSettings settings, XmlParserContext inputContext) bei System.Xml.Schema.XmlSchemaSet.Add(String
targetNamespace, String schemaUri) bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
path) ValidateDocument failed Business\SearchTargets.xml
Error - 26.06.2013 04:02:05 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3024
Description =
[ Media Center Events ]
Error - 19.08.2009 16:45:24 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ ODiag Events ]
Error - 23.04.2013 20:12:17 | Computer Name = ***-PC | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 74z7. Error code: N/A
[ OSession Events ]
Error - 29.04.2013 14:07:35 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6351
seconds with 60 seconds of active time. This session ended with a crash.
Error - 03.05.2013 06:03:58 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 164
seconds with 120 seconds of active time. This session ended with a crash.
Error - 08.05.2013 15:17:49 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 534
seconds with 300 seconds of active time. This session ended with a crash.
Error - 14.05.2013 15:07:14 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2577
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.05.2013 16:48:22 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 189
seconds with 120 seconds of active time. This session ended with a crash.
Error - 21.05.2013 10:48:35 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 112
seconds with 60 seconds of active time. This session ended with a crash.
Error - 21.05.2013 10:51:21 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 122
seconds with 0 seconds of active time. This session ended with a crash.
Error - 22.05.2013 08:31:01 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 286
seconds with 120 seconds of active time. This session ended with a crash.
Error - 27.05.2013 10:08:54 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 149
seconds with 60 seconds of active time. This session ended with a crash.
Error - 03.06.2013 04:26:10 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 624
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 26.06.2013 03:09:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.06.2013 03:09:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.06.2013 03:09:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.06.2013 03:09:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.06.2013 03:13:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 26.06.2013 03:16:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.06.2013 03:56:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Ich bedanke mich schon mal im Voraus und freue mich auf den weiteren Verlauf - das beunruhigt schon sehr, wenn man nicht weiß was los ist..... Viele Grüße vom G.Vadda  |
|
26.06.2013, 13:11
| #2 | |
| /// TB-Ausbilder   | Backdoor.Trojan Befall: dxgiau.exe Hallo,
__________________Zitat:
Klappt es jetzt?
__________________ |
|
27.06.2013, 08:07
| #3 |
| | Backdoor.Trojan Befall: dxgiau.exe Guten Morgen!
__________________wow....das hat funktioniert und die ganze Nacht gerödelt. Habe wohl zuviele Daten auf meinem Rechner...  Hier das GMER file: Code:
ATTFilter GMER Logfile: G.Vadda Habe gerade eine "Dateiausführungsverhinderung" gehabt: mein WIN schreibt mir dazu: Die Datenausführungsverhinderung (Data Execution Prevention, DEP) ist ein Sicherheitsfeature, das den Computer vor Schäden durch Viren und andere Sicherheitsbedrohungen schützen kann. Gefährliche Programme können Windows angreifen und dabei versuchen, Code in Systemspeicherbereichen auszuführen, der für Windows und andere autorisierte Programme reserviert ist. Derartige Angriffe können Programme und Dateien beschädigen. Die Datenausführungsverhinderung kann zum Schutz des Computers beitragen, indem die Programme überwacht werden. Auf diese Weise wird sichergestellt, dass der Systemspeicher von den betreffenden Programmen gefahrlos verwendet werden kann. Falls von der Datenausführungsverhinderung festgestellt wird, dass ein Programm auf dem Computer in unzulässiger Weise auf den Speicher zugreift, wird das Programm geschlossen, und Sie werden benachrichtigt. Es wurde ein Symantec Produkt geschlossen.... ich habe eine derartige Aktion bisher noch nicht am PC gehabt. Scheint also in Zusammenhang mit meinem "Befall" zu stehen - vielleicht ja auch nicht, aber ich soll ja alles schreiben was mir auffällig erscheint.... |
|
27.06.2013, 11:09
| #4 |
| /// TB-Ausbilder | Backdoor.Trojan Befall: dxgiau.exe Hi, was das mit der Datenausführungsverhinderung auf sich hat, kann ich im Moment noch nicht sagen. Aber ist immer gut, solche Auffälligkeiten zu melden. Schauen wir mal weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
27.06.2013, 18:22
| #5 |
| | Backdoor.Trojan Befall: dxgiau.exe Hallo Leo, jetzt hab ich alles zusammen: muss 140 Zeichn löscehn, dass ich posten kann - setz ich gleich dansch ein sind die ersten Zeichen aus Log Adwcleaner: Code:
ATTFilter Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\Program Files\Winload
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\Admin\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Ordner Gelöscht : C:\Users\***\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Winload
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\Conduit
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\ConduitCommon
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\CT2319825
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\extensions\DTToolbar@toolbarnet.com
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Winload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winload Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D09661A-BD11-476A-9C07-587A5FF119FD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Viewpoint
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D09661A-BD11-476A-9C07-587A5FF119FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27879A6A-F246-4B94-9B94-0903E0CF55A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A1E830F-61B7-4926-9C78-A318AD43B3EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9300796-4985-4EF1-8985-E8D11120E714}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3D09661A-BD11-476A-9C07-587A5FF119FD}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winload Toolbar
Schlüssel Gelöscht : HKLM\Software\OpenCandy
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\Software\Winload
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\usxmcvdg.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2319825..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2319825.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2319825.AppTrackingLastCheckTime", "Wed Mar 30 2011 13:53:07 GMT+0200");
Gelöscht : user_pref("CT2319825.BrowserCompStateIsOpen_129714600517272937", true);
Gelöscht : user_pref("CT2319825.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.CommunitiesChangesLastCheckTime", "0");
Gelöscht : user_pref("CT2319825.CurrentServerDate", "28-12-2012");
Gelöscht : user_pref("CT2319825.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2319825.DialogsGetterLastCheckTime", "Fri Dec 28 2012 13:27:02 GMT+0100");
Gelöscht : user_pref("CT2319825.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2319825.EMailNotifierPollDate", "Wed Jun 13 2012 16:48:29 GMT+0200");
Gelöscht : user_pref("CT2319825.FeedPollDate11908299", "Wed Jun 13 2012 16:43:32 GMT+0200");
Gelöscht : user_pref("CT2319825.FirstServerDate", "28-1-2011");
Gelöscht : user_pref("CT2319825.FirstTime", true);
Gelöscht : user_pref("CT2319825.FirstTimeFF3", true);
Gelöscht : user_pref("CT2319825.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2319825.GroupingInvalidateCache", false);
Gelöscht : user_pref("CT2319825.GroupingLastCheckTime", "0");
Gelöscht : user_pref("CT2319825.GroupingLastServerUpdateTime", "0");
Gelöscht : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2319825.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2319825.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2319825.Initialize", true);
Gelöscht : user_pref("CT2319825.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2319825.InstalledDate", "Fri Jan 28 2011 11:21:49 GMT+0100");
Gelöscht : user_pref("CT2319825.InvalidateCache", false);
Gelöscht : user_pref("CT2319825.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2319825.IsGrouping", false);
Gelöscht : user_pref("CT2319825.IsMulticommunity", false);
Gelöscht : user_pref("CT2319825.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2319825.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2319825.LanguagePackLastCheckTime", "Fri Dec 28 2012 13:27:01 GMT+0100");
Gelöscht : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2319825.LastLogin_2.5.8.6", "Wed Mar 30 2011 10:04:33 GMT+0200");
Gelöscht : user_pref("CT2319825.LastLogin_3.13.0.6", "Mon Jul 23 2012 19:40:31 GMT+0200");
Gelöscht : user_pref("CT2319825.LastLogin_3.14.1.0", "Tue Oct 16 2012 22:41:45 GMT+0200");
Gelöscht : user_pref("CT2319825.LastLogin_3.15.1.0", "Tue Dec 18 2012 00:44:47 GMT+0100");
Gelöscht : user_pref("CT2319825.LastLogin_3.16.0.3", "Fri Dec 28 2012 13:27:00 GMT+0100");
Gelöscht : user_pref("CT2319825.LastLogin_3.3.3.2", "Thu Sep 22 2011 14:13:31 GMT+0200");
Gelöscht : user_pref("CT2319825.LastLogin_3.6.0.10", "Wed Jun 13 2012 16:43:21 GMT+0200");
Gelöscht : user_pref("CT2319825.LatestVersion", "3.16.0.3");
Gelöscht : user_pref("CT2319825.Locale", "de");
Gelöscht : user_pref("CT2319825.LoginCache", 4);
Gelöscht : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2319825.RadioIsPodcast", false);
Gelöscht : user_pref("CT2319825.RadioLastCheckTime", "Wed Jun 13 2012 16:52:33 GMT+0200");
Gelöscht : user_pref("CT2319825.RadioLastUpdateIPServer", "0");
Gelöscht : user_pref("CT2319825.RadioMediaID", "11949532");
Gelöscht : user_pref("CT2319825.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Gelöscht : user_pref("CT2319825.RadioShrinkedFromSetup", false);
Gelöscht : user_pref("CT2319825.RadioStationName", "1Live");
Gelöscht : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Gelöscht : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2319825.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2319825.SearchEngineBeforeUnload", "Search the web (Babylon)");
Gelöscht : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Fri Dec 28 2012 13:26:59 GMT+0100");
Gelöscht : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2319825.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2319825.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2319825.ServiceMapLastCheckTime", "Fri Dec 28 2012 13:26:56 GMT+0100");
Gelöscht : user_pref("CT2319825.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2319825.SettingsLastCheckTime", "Fri Dec 28 2012 13:26:58 GMT+0100");
Gelöscht : user_pref("CT2319825.SettingsLastUpdate", "1356544299");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Tue Dec 18 2012 00:44:46 GMT+0100");
Gelöscht : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1331806000");
Gelöscht : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Gelöscht : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2319825.UserID", "UN17688443275430016");
Gelöscht : user_pref("CT2319825.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2319825.WeatherNetwork", "");
Gelöscht : user_pref("CT2319825.WeatherPollDate", "Wed Jun 13 2012 16:43:18 GMT+0200");
Gelöscht : user_pref("CT2319825.WeatherUnit", "C");
Gelöscht : user_pref("CT2319825.alertChannelId", "715912");
Gelöscht : user_pref("CT2319825.backendstorage.id", "33333538383638");
Gelöscht : user_pref("CT2319825.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2319825.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2319825.components.1000034", false);
Gelöscht : user_pref("CT2319825.components.1000082", false);
Gelöscht : user_pref("CT2319825.components.1000234", false);
Gelöscht : user_pref("CT2319825.components.128903248917881403", false);
Gelöscht : user_pref("CT2319825.components.129136390572498374", false);
Gelöscht : user_pref("CT2319825.components.129264494738128351", false);
Gelöscht : user_pref("CT2319825.components.129264512281565287", false);
Gelöscht : user_pref("CT2319825.components.129277509933662715", false);
Gelöscht : user_pref("CT2319825.components.129309281463312841", false);
Gelöscht : user_pref("CT2319825.components.129769053852558608", false);
Gelöscht : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Fri Dec 28 2012 13:27:04 GMT+0100");
Gelöscht : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2319825.initDone", true);
Gelöscht : user_pref("CT2319825.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2319825.isFirstRadioInstallation", false);
Gelöscht : user_pref("CT2319825.myStuffEnabled", true);
Gelöscht : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,1000082,12976905385255[...]
Gelöscht : user_pref("CT2319825.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2319825.testingCtid", "");
Gelöscht : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Fri Dec 28 2012 13:27:02 GMT+0100");
Gelöscht : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Tue Dec 18 2012 00:44:49 GMT+0100");
Gelöscht : user_pref("CT2319825.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2319825.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2319825&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"559[...]
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\***\\AppData\\Roaming\\Mozilla\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "winload");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.imesh.com/webResults.html?[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 30 2011 13:52:37 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed May 25 2011 17:24:37 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Sep 22 2011 14:13:26 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "e7852db8-b6ca-4a90-b56d-4215fa08a30a");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jun 13 2012 16:43:17 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "79f9a47a-90b2-4689-a8e8-63ba1acf3e17");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Dec 28 2012 13:27:1[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Dec 28 2012 13:27:17 GMT+010[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Dec 28 2012 13:27:07 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "ade6516d-004f-483d-88d1-ebfb6330da29");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://search.imesh.com/webResults.html?s[...]
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 26);
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "IT");
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "37A5A89AF9D971048D26F056EEE6F07A");
Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "26");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 26);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "20.0");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 105517570);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Gelöscht : user_pref("extensions.MP3RV6.previous-keyword-url", "\"hxxp://search.imesh.com/webResults.html?src=f[...]
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("extensions.ui.lastCategory", "addons://search/Babylon");
Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fh46v78e.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.2528] : urls_to_restore_on_startup = [ "hxxp://www.search.ask.com/?l=dis&o=APN10719cr&gct=hp&apn_ptnr[...]
*************************
AdwCleaner[S1].txt - [37524 octets] - [27/06/2013 13:53:33]
########## EOF - C:\AdwCleaner[S1].txt - [37585 octets] ##########
Log Combofix: Code:
ATTFilter Combofix Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.06.2013 15:02:22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 51,75% Memory free 6,06 Gb Paging File | 4,58 Gb Available in Paging File | 75,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,35 Gb Total Space | 31,53 Gb Free Space | 14,18% Space Free | Partition Type: NTFS Drive D: | 10,53 Gb Total Space | 1,36 Gb Free Space | 12,96% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe PRC - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE PRC - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2012.05.07 13:11:42 | 004,174,848 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2010.04.02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe PRC - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 07:28:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013.05.16 07:25:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013.05.16 07:23:40 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2673a8a481ae675588349b79b521cec1\PresentationFramework.ni.dll MOD - [2013.05.16 07:22:43 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a3968930e9e2ae833447b0a280082073\PresentationCore.ni.dll MOD - [2013.05.16 07:21:58 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fe2a238282c6fedc2a21b3dd25885437\WindowsBase.ni.dll MOD - [2013.01.10 09:41:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll MOD - [2013.01.10 09:25:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 09:25:20 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.ni.dll MOD - [2013.01.10 09:25:20 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.Wrapper.dll MOD - [2013.01.10 09:25:18 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll MOD - [2013.01.10 09:23:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7d59f2903b3f994f38b160cd32ccd1a0\System.Xml.ni.dll MOD - [2013.01.10 09:21:30 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 09:19:47 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll MOD - [2013.01.10 09:19:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 09:15:54 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 09:15:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.04.11 04:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2008.09.30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008.09.30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008.09.30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008.09.30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008.09.30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008.09.30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008.09.30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008.09.30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008.09.23 18:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007.08.14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) SRV - File not found [Auto | Stopped] -- C:\Program Files\ZBD Displays\Bounce\BounceComms\RFV3\BounceCommV3Service.exe -- (BounceCommV3) SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2013.06.12 09:39:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate) SRV - [2013.04.02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2011.03.11 14:00:12 | 003,492,624 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Sage Online-Backup Client\hrfscore.exe -- (humyo.com) SRV - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013.05.31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA) DRV - [2013.05.22 07:15:21 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130626.022\NAVEX15.SYS -- (NAVEX15) DRV - [2013.05.22 07:15:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.05.22 07:15:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130626.022\NAVENG.SYS -- (NAVENG) DRV - [2013.05.21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS) DRV - [2013.05.16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP) DRV - [2013.04.25 02:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv) DRV - [2013.04.16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.sys -- (ccSet_NIS) DRV - [2013.03.19 17:12:42 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130626.001\IDSvix86.sys -- (IDSVix86) DRV - [2013.03.15 13:52:10 | 000,608,136 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2013.03.15 13:52:10 | 000,295,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2013.03.15 13:52:10 | 000,244,040 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2013.03.13 22:39:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2013.03.05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ironx86.sys -- (SymIRON) DRV - [2013.03.05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX) DRV - [2012.08.09 09:07:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.03.31 16:38:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.03.11 14:01:12 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\hrfsmrx.sys -- (hrfsmrx) DRV - [2010.09.26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3) DRV - [2009.07.27 16:27:10 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009.05.08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev) DRV - [2008.10.03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.17 18:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid) DRV - [2008.06.29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.03 10:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.11.06 16:01:52 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=4A1CEBC2-BBED-458A-9060-24499D9A9D6F&apn_sauid=E0DCB415-2087-4B71-884C-A966358A60C6 IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{7A360BA4-1A8F-4280-B75A-B45DB875B389}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{90EFC701-DD47-46FD-98EB-1773869B5FA2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{ED65710C-4D6F-444A-81CD-D82C168490B1}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms} IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\Bing: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..network.proxy.ftp: "219.234.82.84" FF - prefs.js..network.proxy.ftp_port: 33948 FF - prefs.js..network.proxy.http: "219.234.82.84" FF - prefs.js..network.proxy.http_port: 33948 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "219.234.82.84" FF - prefs.js..network.proxy.ssl_port: 33948 FF - prefs.js..network.proxy.type: 1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.06.27 13:58:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.20 10:18:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 21:01:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 21:01:55 | 000,000,000 | ---D | M] [2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.06.27 13:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions [2010.04.28 15:36:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.24 10:55:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.26 08:26:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\foxyproxy@eric.h.jung [2012.10.16 22:45:32 | 000,087,753 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\ciuvo-extension@billiger.de.xpi [2011.09.22 15:40:19 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\finder@meingutscheincode.de.xpi [2013.04.25 09:38:01 | 000,455,995 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\toolbar_MP3RV6@apn.ask.com.xpi [2013.03.30 20:05:49 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\ask-search.xml [2009.11.29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\iMeshWebSearch.xml [2013.04.24 10:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.11.04 20:06:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.20 10:18:27 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPLGN [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: ChromeUtilPlugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\11.40869_0\background/ChromeUtilPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: MP3 Rocket Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\15.49998_0\ O1 HOSTS File: ([2013.06.27 14:33:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (billiger.de Sparberater) - {52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9} - C:\Program Files\billigerde\Internet Explorer\billigerde.dll (solute gmbh) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Domains: posbote.de ([tagwerk-design] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {63716E54-1D85-481D-8D58-65507E16F25E} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EF9CC3-56C9-4D93-944A-406D3693BE15}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE39BE4F-B7E7-469F-9CC1-61EBF2C02C0A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.27 14:41:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.27 14:08:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.27 14:08:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.27 14:08:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.27 14:07:51 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.27 14:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.27 14:05:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.27 13:26:29 | 005,083,698 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.26 11:49:42 | 000,103,680 | ---- | C] (GMER) -- C:\pwdiyfob.sys [2013.06.25 15:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.25 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avqo [2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vak [2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Obypy [2013.06.25 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Puuswi [2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yka [2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muyci [2013.06.06 15:10:28 | 000,000,000 | ---D | C] -- C:\Windows\Options [2013.06.06 15:09:44 | 000,426,075 | ---- | C] (Atheros) -- C:\Windows\System32\wgapi.dll [2013.06.06 15:09:44 | 000,413,765 | ---- | C] (Atheros) -- C:\Windows\System32\wcapi.dll [2013.06.06 15:09:44 | 000,335,964 | ---- | C] (Atheros) -- C:\Windows\System32\wcapiU.dll [2013.06.06 15:09:44 | 000,094,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg11resloc.dll [2013.06.06 15:09:44 | 000,086,016 | ---- | C] (Atheros) -- C:\Windows\System32\wgapiloc.dll [2013.06.06 15:09:43 | 000,311,391 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20U.dll [2013.06.06 15:09:43 | 000,299,080 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20.dll [2013.06.06 15:09:43 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20resU.dll [2013.06.06 15:09:43 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20res.dll [2013.05.29 21:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.29 21:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009.07.11 16:05:48 | 001,560,952 | ---- | C] (Microsoft Corporation) -- C:\Users\***\MGADiag.exe ========== Files - Modified Within 30 Days ========== [2013.06.27 14:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.27 14:34:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.27 14:33:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.27 13:58:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.27 13:57:54 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.06.27 13:57:53 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.27 13:57:53 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.27 13:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.27 13:56:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.06.27 13:26:54 | 005,083,698 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.27 13:26:01 | 000,648,201 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.27 08:41:48 | 000,001,799 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [2013.06.26 12:35:12 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.26 11:49:42 | 000,103,680 | ---- | M] (GMER) -- C:\pwdiyfob.sys [2013.06.26 09:52:03 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.25 17:16:10 | 000,002,272 | ---- | M] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5} [2013.06.25 15:37:55 | 000,003,384 | ---- | M] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74} [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.25 15:21:28 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.06.20 14:21:13 | 000,662,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.20 14:21:13 | 000,130,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.20 14:21:12 | 000,698,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.20 14:21:12 | 000,155,734 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.20 12:29:20 | 002,542,953 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB [2013.06.20 08:46:56 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.19 10:52:31 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.06.19 10:09:25 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.06.19 10:09:25 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013.06.12 08:36:16 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2013.06.11 09:21:43 | 000,165,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.06 15:41:18 | 000,073,047 | ---- | M] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf [2013.06.04 22:44:47 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.04 22:37:21 | 436,955,763 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.04 22:06:35 | 000,000,048 | ---- | M] () -- C:\Users\Public\Documents\_rgpl [2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini [2013.06.03 22:00:01 | 000,000,052 | ---- | M] () -- C:\Windows\seumain.INI [2013.05.29 21:01:16 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk ========== Files Created - No Company Name ========== [2013.06.27 14:08:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.27 14:08:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.27 14:08:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.27 14:08:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.27 14:08:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.27 13:26:00 | 000,648,201 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.26 12:35:12 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.06.26 09:51:24 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.25 17:16:10 | 000,002,272 | ---- | C] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5} [2013.06.25 15:37:54 | 000,003,384 | ---- | C] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74} [2013.06.25 15:21:27 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.06.06 15:41:18 | 000,073,047 | ---- | C] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf [2013.06.04 22:44:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.06.04 22:37:21 | 436,955,763 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.04 22:06:04 | 000,000,048 | ---- | C] () -- C:\Users\Public\Documents\_rgpl [2013.05.29 21:01:15 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.01.30 16:41:35 | 000,038,423 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR [2013.01.30 15:48:13 | 000,009,313 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.EML [2013.01.30 15:47:55 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2012.12.11 09:03:24 | 001,358,802 | ---- | C] () -- C:\Users\***\Wildkirsche.jpg [2012.10.25 18:03:20 | 000,008,136 | ---- | C] () -- C:\Users\***\sa_1011_real_engl_kl7_nr1_bldbay_m111519_b49360_vsmed_p01.gif [2012.10.22 21:07:46 | 000,658,433 | ---- | C] () -- C:\Users\***\EG.jpg [2012.09.21 08:17:24 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.09.17 23:11:42 | 000,364,503 | ---- | C] () -- C:\Users\***\Aaron_Jacob_Zoo2012.jpg [2012.04.13 13:03:46 | 000,024,870 | ---- | C] () -- C:\Users\***\Sage OP-Liste.pdf [2012.04.09 22:34:35 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2012.04.05 21:50:19 | 009,706,654 | ---- | C] () -- C:\Users\***\homeway-katalog.pdf [2012.02.08 00:31:04 | 000,068,427 | ---- | C] () -- C:\Users\***\jonez-3.jpg [2012.02.06 17:45:36 | 000,096,120 | ---- | C] () -- C:\Users\***\Unbenannt-1.psd [2011.10.19 19:01:15 | 000,013,214 | ---- | C] () -- C:\Users\***\K-38372379-49 Kündigung solaris-music.pdf [2011.06.30 11:00:53 | 000,000,019 | ---- | C] () -- C:\Windows\RETRIEVE.INI [2011.05.26 01:39:41 | 000,002,033 | ---- | C] () -- C:\Users\***\Google Earth.lnk [2011.04.14 22:48:44 | 001,162,866 | ---- | C] () -- C:\Users\***\Leasingunterlagen FIAT Qubo.pdf [2011.03.18 15:51:56 | 001,836,910 | ---- | C] () -- C:\Users\***\bg2.jpg [2011.02.23 13:07:49 | 000,084,105 | ---- | C] () -- C:\Users\***\RFID und Q-Thek.pdf [2011.02.09 00:26:25 | 000,329,940 | ---- | C] () -- C:\Users\***\stabau_ia.pdf [2011.02.09 00:25:03 | 000,478,457 | ---- | C] () -- C:\Users\***\stabau_iiib.pdf [2011.02.09 00:24:14 | 000,518,328 | ---- | C] () -- C:\Users\***\stabau_iiia.pdf [2010.10.20 15:24:52 | 000,002,622 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.04.19 09:01:57 | 000,000,235 | ---- | C] () -- C:\ProgramData\.old [2009.12.13 18:14:22 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image.Cache [2009.09.22 17:40:42 | 000,004,981 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2009.07.29 10:26:28 | 000,000,935 | ---- | C] () -- C:\Users\***\walli.lnk [2009.07.15 17:47:24 | 000,820,210 | ---- | C] () -- C:\Users\***\win.xps [2009.06.26 15:13:16 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.06.02 12:31:20 | 000,165,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.21 22:35:12 | 001,829,235 | ---- | C] () -- C:\Users\***\kraudn_sepp_booklet.pdf [2009.02.02 06:58:26 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.04.09 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AceBIT [2010.04.09 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smart Label Printer [2009.12.08 22:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT [2013.06.25 13:53:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avqo [2010.06.09 22:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoCreate [2011.03.31 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.04.29 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook [2013.03.20 18:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.04.09 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon [2009.08.25 10:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.03.08 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy [2011.03.10 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec [2011.03.18 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec.net [2013.03.30 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MP3Rocket [2013.06.25 13:43:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Muyci [2013.06.25 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Obypy [2010.01.14 19:47:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.01.14 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panasonic [2010.02.07 23:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX [2011.05.24 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup [2013.05.17 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup5 [2009.05.22 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2010.03.25 16:13:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers [2013.06.25 13:47:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Puuswi [2010.11.03 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2013.05.26 21:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SchnellStart-DVD [2011.06.30 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Schober DVD [2009.08.25 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart Label Printer [2009.12.05 16:24:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity [2010.03.25 16:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2013.02.12 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2013.03.27 13:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.01.08 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica [2010.10.20 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2011.08.19 11:43:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2012.01.15 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2009.07.28 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2011.07.26 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2013.06.25 13:47:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vak [2009.07.23 09:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs [2013.06.25 13:43:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yka ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86 < End of report > Viele Grüße vom G.Vadda  |
|
27.06.2013, 18:24
| #6 |
| | Backdoor.Trojan Befall: dxgiau.exeCode:
ATTFilter # AdwCleaner v2.303 - Datei am 27/06/2013 um 13:53:33 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : APNMCP
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\imeshwebsearch.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Viele Grüße, G.Vadda |
|
28.06.2013, 00:57
| #7 |
| /// TB-Ausbilder | Backdoor.Trojan Befall: dxgiau.exe Hallo, wie läuft der Rechner jetzt? Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
[2009.09.22 17:40:42 | 000,004,981 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2013.06.25 13:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avqo
[2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vak
[2013.06.25 13:47:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Obypy
[2013.06.25 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Puuswi
[2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yka
[2013.06.25 13:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Muyci
[2013.03.30 20:05:49 | 000,002,515 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\ask-search.xml
[2009.11.29 13:51:40 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\iMeshWebSearch.xml
FF - prefs.js..network.proxy.ftp: "219.234.82.84"
FF - prefs.js..network.proxy.ftp_port: 33948
FF - prefs.js..network.proxy.http: "219.234.82.84"
FF - prefs.js..network.proxy.http_port: 33948
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "219.234.82.84"
FF - prefs.js..network.proxy.ssl_port: 33948
FF - prefs.js..network.proxy.type: 1
IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=4A1CEBC2-BBED-458A-9060-24499D9A9D6F&apn_sauid=E0DCB415-2087-4B71-884C-A966358A60C6
:commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Schritt 5 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
29.06.2013, 11:10
| #8 |
| | Backdoor.Trojan Befall: dxgiau.exe Hallo Leo, hier die gewünschten logs: Fixlog von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:888AFB86 deleted successfully.
C:\ProgramData\mtbjfghn.xbe moved successfully.
C:\Users\***\AppData\Roaming\Avqo folder moved successfully.
C:\Users\***\AppData\Roaming\Vak folder moved successfully.
C:\Users\***\AppData\Roaming\Obypy folder moved successfully.
C:\Users\***\AppData\Roaming\Puuswi folder moved successfully.
C:\Users\***\AppData\Roaming\Yka folder moved successfully.
C:\Users\***\AppData\Roaming\Muyci folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\ask-search.xml moved successfully.
C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\searchplugins\iMeshWebSearch.xml moved successfully.
Prefs.js: "219.234.82.84" removed from network.proxy.ftp
Prefs.js: 33948 removed from network.proxy.ftp_port
Prefs.js: "219.234.82.84" removed from network.proxy.http
Prefs.js: 33948 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "219.234.82.84" removed from network.proxy.ssl
Prefs.js: 33948 removed from network.proxy.ssl_port
Prefs.js: 1 removed from network.proxy.type
Registry key HKEY_USERS\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Microsoft\Internet Explorer\SearchScopes\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{299AFE7C-082B-494E-AA2C-7715B1B29CAF}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 343929 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4535717 bytes
->Flash cache emptied: 708 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 2006 bytes
->Temporary Internet Files folder emptied: 406381727 bytes
->Java cache emptied: 11551291 bytes
->FireFox cache emptied: 82895994 bytes
->Google Chrome cache emptied: 390159090 bytes
->Flash cache emptied: 2031 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8419555 bytes
RecycleBin emptied: 2989213487 bytes
Total Files Cleaned = 3.713,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06282013_074945
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4PRYDEAR\ads[3].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3BIMZ37O\137219-backdoor-trojan-befall-dxgiau-exe[1].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1Z3FW1GG\ads[5].htm moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.27.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 28.06.2013 08:27:43 mbam-log-2013-06-28 (08-27-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 252584 Laufzeit: 20 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=888d93ebcae2454fb8d3fe242557d196
# engine=14182
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-28 11:46:26
# local_time=2013-06-28 01:46:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 93 279016 135016571 0 0
# compatibility_mode=5892 16776574 100 100 66179391 209952714 0 0
# scanned=107006
# found=0
# cleaned=0
# scan_time=12186
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=888d93ebcae2454fb8d3fe242557d196
# engine=14191
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-29 01:57:19
# local_time=2013-06-29 03:57:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 93 330069 135067624 0 0
# compatibility_mode=5892 16776574 100 100 66230444 210003767 0 0
# scanned=339133
# found=0
# cleaned=0
# scan_time=28156
Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 24 Java 7 Update 25 Java(TM) 6 Update 7 Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 20.0.1 Firefox out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe ESET ESET Online Scanner OnlineScannerApp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.06.2013 11:17:57 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 48,94% Memory free 6,06 Gb Paging File | 4,16 Gb Available in Paging File | 68,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,35 Gb Total Space | 40,56 Gb Free Space | 18,24% Space Free | Partition Type: NTFS Drive D: | 10,53 Gb Total Space | 1,29 Gb Free Space | 12,20% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.06.12 08:39:19 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe PRC - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE PRC - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2012.05.07 13:11:42 | 004,174,848 | ---- | M] (J. Rathlev, IEAP, Uni-Kiel) -- C:\Program Files\Personal Backup 5\Persbackup.exe PRC - [2011.11.02 03:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2010.06.28 16:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe PRC - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe PRC - [2010.04.02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe PRC - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe PRC - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe PRC - [2006.12.22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe PRC - [2006.03.01 16:06:22 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 07:28:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013.05.16 07:25:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013.05.16 07:23:40 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2673a8a481ae675588349b79b521cec1\PresentationFramework.ni.dll MOD - [2013.05.16 07:22:43 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a3968930e9e2ae833447b0a280082073\PresentationCore.ni.dll MOD - [2013.05.16 07:21:58 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fe2a238282c6fedc2a21b3dd25885437\WindowsBase.ni.dll MOD - [2013.01.10 09:41:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll MOD - [2013.01.10 09:25:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 09:25:20 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.ni.dll MOD - [2013.01.10 09:25:20 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.Wrapper.dll MOD - [2013.01.10 09:25:18 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll MOD - [2013.01.10 09:23:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7d59f2903b3f994f38b160cd32ccd1a0\System.Xml.ni.dll MOD - [2013.01.10 09:21:30 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 09:19:47 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll MOD - [2013.01.10 09:19:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 09:15:54 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 09:15:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll MOD - [2009.04.11 04:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2008.09.30 17:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll MOD - [2008.09.30 17:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll MOD - [2008.09.30 17:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll MOD - [2008.09.30 17:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll MOD - [2008.09.30 17:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll MOD - [2008.09.30 17:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll MOD - [2008.09.30 17:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll MOD - [2008.09.30 17:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll MOD - [2008.09.23 18:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007.08.14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2004.12.26 20:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) SRV - File not found [Auto | Stopped] -- C:\Program Files\ZBD Displays\Bounce\BounceComms\RFV3\BounceCommV3Service.exe -- (BounceCommV3) SRV - File not found [Auto | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2013.06.12 09:39:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate) SRV - [2013.04.02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.05 14:22:40 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2011.03.11 14:00:12 | 003,492,624 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Sage Online-Backup Client\hrfscore.exe -- (humyo.com) SRV - [2010.04.02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.10.06 10:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.03.02 15:05:56 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2007.03.02 15:05:50 | 001,994,752 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013.05.31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.05.23 07:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA) DRV - [2013.05.22 07:15:21 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130628.024\NAVEX15.SYS -- (NAVEX15) DRV - [2013.05.22 07:15:21 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013.05.22 07:15:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130628.024\NAVENG.SYS -- (NAVENG) DRV - [2013.05.21 07:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symds.sys -- (SymDS) DRV - [2013.05.16 07:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP) DRV - [2013.04.25 02:43:56 | 000,352,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\symtdiv.sys -- (SYMTDIv) DRV - [2013.04.16 04:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ccsetx86.sys -- (ccSet_NIS) DRV - [2013.03.19 17:12:42 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130628.001\IDSvix86.sys -- (IDSVix86) DRV - [2013.03.15 13:52:10 | 000,608,136 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2013.03.15 13:52:10 | 000,295,944 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2013.03.15 13:52:10 | 000,244,040 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2013.03.13 22:39:44 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2013.03.05 03:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\ironx86.sys -- (SymIRON) DRV - [2013.03.05 03:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX) DRV - [2012.08.09 09:07:21 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.03.31 16:38:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.03.11 14:01:12 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\hrfsmrx.sys -- (hrfsmrx) DRV - [2010.09.26 20:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3) DRV - [2009.07.27 16:27:10 | 000,217,664 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2009.05.08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev) DRV - [2008.10.03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.17 18:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid) DRV - [2008.06.29 16:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.06.03 10:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.11.06 16:01:52 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes,DefaultScope = Bing IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{7A360BA4-1A8F-4280-B75A-B45DB875B389}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{89DFAF95-0F2D-43D7-9AC2-92754FBC44D1}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{90EFC701-DD47-46FD-98EB-1773869B5FA2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\{ED65710C-4D6F-444A-81CD-D82C168490B1}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms} IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\SearchScopes\Bing: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC IE - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..network.proxy.ftp: "" FF - prefs.js..network.proxy.ftp_port: "" FF - prefs.js..network.proxy.http: "" FF - prefs.js..network.proxy.http_port: "" FF - prefs.js..network.proxy.socks_remote_dns: "" FF - prefs.js..network.proxy.ssl: "" FF - prefs.js..network.proxy.ssl_port: "" FF - prefs.js..network.proxy.type: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.06.28 08:00:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.20 10:18:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.29 21:01:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.29 21:01:55 | 000,000,000 | ---D | M] [2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.01.15 13:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.06.27 13:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions [2010.04.28 15:36:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.24 10:55:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.04.26 08:26:47 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\usxmcvdg.default\extensions\foxyproxy@eric.h.jung [2012.10.16 22:45:32 | 000,087,753 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\ciuvo-extension@billiger.de.xpi [2011.09.22 15:40:19 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\finder@meingutscheincode.de.xpi [2013.04.25 09:38:01 | 000,455,995 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\usxmcvdg.default\extensions\toolbar_MP3RV6@apn.ask.com.xpi [2013.04.24 10:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.11.04 20:06:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.20 10:18:27 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPLGN [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: ChromeUtilPlugin (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\11.40869_0\background/ChromeUtilPlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: MP3 Rocket Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaalfcdpfagiijfjeapclohpegmcpml\15.49998_0\ O1 HOSTS File: ([2013.06.27 14:33:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (billiger.de Sparberater) - {52C36BBF-936F-4AC4-9D10-F7DF1AB9BBD9} - C:\Program Files\billigerde\Internet Explorer\billigerde.dll (solute gmbh) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk = C:\Program Files\Personal Backup 5\Persbackup.exe (J. Rathlev, IEAP, Uni-Kiel) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Domains: p***de ([***] http in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet) O15 - HKU\S-1-5-21-2373476304-546822285-3692525387-1000\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {63716E54-1D85-481D-8D58-65507E16F25E} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EF9CC3-56C9-4D93-944A-406D3693BE15}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE39BE4F-B7E7-469F-9CC1-61EBF2C02C0A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.29 10:51:27 | 000,000,000 | ---D | C] -- C:\Programme [2013.06.28 10:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.06.28 08:24:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.06.28 08:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.28 08:24:32 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.28 08:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.28 07:40:42 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.27 14:41:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.27 14:08:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.27 14:08:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.27 14:08:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.27 14:07:51 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.27 14:07:32 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.27 14:05:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.27 13:26:29 | 005,083,698 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.26 11:49:42 | 000,103,680 | ---- | C] (GMER) -- C:\pwdiyfob.sys [2013.06.25 15:21:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.06 15:10:28 | 000,000,000 | ---D | C] -- C:\Windows\Options [2013.06.06 15:09:44 | 000,426,075 | ---- | C] (Atheros) -- C:\Windows\System32\wgapi.dll [2013.06.06 15:09:44 | 000,413,765 | ---- | C] (Atheros) -- C:\Windows\System32\wcapi.dll [2013.06.06 15:09:44 | 000,335,964 | ---- | C] (Atheros) -- C:\Windows\System32\wcapiU.dll [2013.06.06 15:09:44 | 000,094,208 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg11resloc.dll [2013.06.06 15:09:44 | 000,086,016 | ---- | C] (Atheros) -- C:\Windows\System32\wgapiloc.dll [2013.06.06 15:09:43 | 000,311,391 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20U.dll [2013.06.06 15:09:43 | 000,299,080 | ---- | C] (Atheros) -- C:\Windows\System32\athcfg20.dll [2013.06.06 15:09:43 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20resU.dll [2013.06.06 15:09:43 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athcfg20res.dll [2009.07.11 16:05:48 | 001,560,952 | ---- | C] (Microsoft Corporation) -- C:\Users\***\MGADiag.exe ========== Files - Modified Within 30 Days ========== [2013.06.29 11:01:09 | 000,890,988 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe [2013.06.29 10:52:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.29 10:52:27 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.29 10:38:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.29 10:34:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.29 10:31:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.29 03:06:35 | 000,698,856 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.29 03:06:35 | 000,662,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.29 03:06:35 | 000,155,734 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.29 03:06:35 | 000,130,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.28 21:34:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.28 07:57:21 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.06.28 07:54:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.06.28 00:00:35 | 000,001,799 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk [2013.06.27 23:56:59 | 000,000,052 | ---- | M] () -- C:\Windows\seumain.INI [2013.06.27 23:50:34 | 000,165,888 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.27 14:33:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.27 13:26:54 | 005,083,698 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.26 11:49:42 | 000,103,680 | ---- | M] (GMER) -- C:\pwdiyfob.sys [2013.06.26 09:52:03 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.25 17:16:10 | 000,002,272 | ---- | M] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5} [2013.06.25 15:37:55 | 000,003,384 | ---- | M] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74} [2013.06.25 15:21:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.20 12:29:20 | 002,542,953 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\Cat.DB [2013.06.20 08:46:56 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.19 10:52:31 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk [2013.06.19 10:09:25 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2013.06.19 10:09:25 | 000,007,611 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2013.06.19 10:09:25 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2013.06.12 08:36:16 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2013.06.06 15:41:18 | 000,073,047 | ---- | M] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf [2013.06.04 22:44:47 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.06.04 22:37:21 | 436,955,763 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.04 22:06:35 | 000,000,048 | ---- | M] () -- C:\Users\Public\Documents\_rgpl [2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1404000.028\isolate.ini ========== Files Created - No Company Name ========== [2013.06.29 11:01:06 | 000,890,988 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe [2013.06.27 14:08:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.27 14:08:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.27 14:08:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.27 14:08:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.27 14:08:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.26 09:51:24 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.25 17:16:10 | 000,002,272 | ---- | C] () -- C:\{56A089FE-1067-440D-B9B1-5549865BB9B5} [2013.06.25 15:37:54 | 000,003,384 | ---- | C] () -- C:\{2615C536-4160-416F-9BB6-535A9A376D74} [2013.06.06 15:41:18 | 000,073,047 | ---- | C] () -- C:\Users\***\Documents\OP Liste 23.05.2013.pdf [2013.06.04 22:44:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.06.04 22:37:21 | 436,955,763 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.06.04 22:06:04 | 000,000,048 | ---- | C] () -- C:\Users\Public\Documents\_rgpl [2013.01.30 16:41:35 | 000,038,423 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR [2013.01.30 15:48:13 | 000,009,313 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.EML [2013.01.30 15:47:55 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2012.12.11 09:03:24 | 001,358,802 | ---- | C] () -- C:\Users\***\Wildkirsche.jpg [2012.10.25 18:03:20 | 000,008,136 | ---- | C] () -- C:\Users\***\sa_1011_real_engl_kl7_nr1_bldbay_m111519_b49360_vsmed_p01.gif [2012.10.22 21:07:46 | 000,658,433 | ---- | C] () -- C:\Users\***\EG.jpg [2012.09.21 08:17:24 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.09.17 23:11:42 | 000,364,503 | ---- | C] () -- C:\Users\***\***_***_Zoo2012.jpg [2012.04.13 13:03:46 | 000,024,870 | ---- | C] () -- C:\Users\***\Sage OP-Liste.pdf [2012.04.09 22:34:35 | 000,000,021 | ---- | C] () -- C:\Windows\progman.ini [2012.04.05 21:50:19 | 009,706,654 | ---- | C] () -- C:\Users\***\homeway-katalog.pdf [2012.02.08 00:31:04 | 000,068,427 | ---- | C] () -- C:\Users\***\jonez-3.jpg [2012.02.06 17:45:36 | 000,096,120 | ---- | C] () -- C:\Users\***\Unbenannt-1.psd [2011.10.19 19:01:15 | 000,013,214 | ---- | C] () -- C:\Users\***\K-38372379-49 Kündigung sol****ic.pdf [2011.05.26 01:39:41 | 000,002,033 | ---- | C] () -- C:\Users\***\Google Earth.lnk [2011.04.14 22:48:44 | 001,162,866 | ---- | C] () -- C:\Users\***\Leasingunterlagen FIAT Qubo.pdf [2011.03.18 15:51:56 | 001,836,910 | ---- | C] () -- C:\Users\***\bg2.jpg [2011.02.23 13:07:49 | 000,084,105 | ---- | C] () -- C:\Users\***\RFID und Q-Thek.pdf [2011.02.09 00:26:25 | 000,329,940 | ---- | C] () -- C:\Users\***\stabau_ia.pdf [2011.02.09 00:25:03 | 000,478,457 | ---- | C] () -- C:\Users\***\stabau_iiib.pdf [2011.02.09 00:24:14 | 000,518,328 | ---- | C] () -- C:\Users\***\stabau_iiia.pdf [2010.10.20 15:24:52 | 000,002,622 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.04.19 09:01:57 | 000,000,235 | ---- | C] () -- C:\ProgramData\.old [2009.12.13 18:14:22 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image.Cache [2009.07.29 10:26:28 | 000,000,935 | ---- | C] () -- C:\Users\***\wal**.lnk [2009.07.15 17:47:24 | 000,820,210 | ---- | C] () -- C:\Users\***\win.xps [2009.06.26 15:13:16 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.06.02 12:31:20 | 000,165,888 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.21 22:35:12 | 001,829,235 | ---- | C] () -- C:\Users\***\kraudn_sepp_booklet.pdf [2009.02.02 06:58:26 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.04.09 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AceBIT [2010.04.09 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Smart Label Printer [2009.12.08 22:51:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AceBIT [2010.06.09 22:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoCreate [2011.03.31 16:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.04.29 11:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook [2013.03.20 18:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.04.09 22:34:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HaCon [2009.08.25 10:56:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2009.03.08 15:32:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Magic Academy [2011.03.10 19:55:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec [2011.03.18 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Maytec.net [2013.03.30 20:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MP3Rocket [2010.01.14 19:47:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2010.01.14 19:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Panasonic [2010.02.07 23:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC-FAX TX [2011.05.24 14:36:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup [2013.05.17 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersBackup5 [2009.05.22 00:52:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDisc [2010.03.25 16:13:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers [2010.11.03 23:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Research In Motion [2013.05.26 21:08:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SchnellStart-DVD [2011.06.30 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Schober DVD [2009.08.25 11:02:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart Label Printer [2009.12.05 16:24:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softplicity [2010.03.25 16:12:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2013.02.12 14:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2013.03.27 13:45:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2012.01.08 22:35:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica [2010.10.20 15:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2011.08.19 11:43:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific [2012.01.15 13:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2009.07.28 11:02:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2011.07.26 22:51:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2009.07.23 09:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs ========== Purity Check ========== < End of report > Puh - sorry, hat etwas gedauert. Rechner läuft einwandfrei, nichts hat mehr "gemault" - alles ruhig.... Freue mich auf deine Beurteilung/ nächste Schritte - viele Grüße! G.Vadda |
|
29.06.2013, 13:36
| #9 |
| /// TB-Ausbilder | Backdoor.Trojan Befall: dxgiau.exe Hallo, die Logs sehen jetzt besser aus. Jetzt muss noch die veraltete Software runter und dann räumen wir auf. Schritt 1 Du hast unter anderem veraltete Java-Versionen installiert. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 25.
Schritt 2 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Schritt 3 Dein Firefox ist nicht mehr aktuell. Starte deinen Firefox als Administrator, klicke Hilfe --> Über Firefox und führe das angebotene Update durch. Wiederhole diesen Schritt, bis Firefox als aktuell angezeigt wird. Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
02.07.2013, 08:46
| #10 |
| | Backdoor.Trojan Befall: dxgiau.exe Hallo Leo, hab jetzt alles gemacht wie von dir vorgeschlagen - ich möchte mich bei dir 1000x bedanken für deine super Unterstützung !!!! Neben dieser ernüchternden Erfahrung mit einem malware Befall habe ich dank dir viel dazugelernt im zeitgemäßen Umgang mit dem Web und ich kann nur sagen, zum Glück gibt es das Trojaner Board mit Leuten wie dir, die usern wie mir wieder auf die Füße helfen!! Ich hab heute mit Freude gespendet, ich hoffe, dass von meiner Seite ein kleiner monetärer Beitrag etwas dazubeiträgt euch als guardian angels online zu haben! Viele Grüße und nochmals : G.Vadda |
|
02.07.2013, 10:51
| #11 |
| /// TB-Ausbilder | Backdoor.Trojan Befall: dxgiau.exe Danke für die Rückmeldung. Und im Namen des Teams vielen Dank für die Spende! Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Backdoor.Trojan Befall: dxgiau.exe |
| 7-zip, absturz, askpartnernetwork, aufgegeben, autorun, bho, bingbar, blockiert, converter, desktop, diagnostics, downloader, dsl, error, excel, failed, firefox, flash player, home, install.exe, installation, intranet, kunde, mozilla, plug-in, realtek, registry, revo uninstaller, scan, security, software, super, svchost.exe, symantec, usb, vista, visual studio, winload toolbar |
Textbox. 
Linear-Darstellung
