| Roger2013 | 02.07.2013 09:47 |
Polizei Trojaner GVU
Hallo Trojaner-Board,
leider hat´s uns auch erwischt.
Ein Polizei Bundestrojaner GVU, der Desktop vom Kollegen wurde gesperrt.
An bei die ersten Logdaten
Sorry, bin in Foren sehr unbeholfen.:pfeiff:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:37 on 02/07/2013 (Buero)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL Logfile: Code:
OTL logfile created on: 02.07.2013 09:58:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Users\Trommi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,40 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 55,64% Memory free
6,81 Gb Paging File | 4,89 Gb Available in Paging File | 71,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 92,78 Gb Total Space | 36,28 Gb Free Space | 39,11% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 43,84 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive E: | 49,59 Gb Total Space | 36,66 Gb Free Space | 73,94% Space Free | Partition Type: NTFS
Drive G: | 279,45 Gb Total Space | 192,02 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 16,99 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
Drive I: | 36,36 Gb Total Space | 3,82 Gb Free Space | 10,51% Space Free | Partition Type: NTFS
Computer Name: BUERO-PC | User Name: Buero | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.07.02 09:38:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Users\Trommi\Desktop\OTL.exe
PRC - [2013.06.21 13:36:55 | 002,095,944 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe
PRC - [2013.06.12 13:01:11 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- G:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) -- G:\Programme\Internet Explorer\iexplore.exe
PRC - [2013.04.16 03:09:04 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- G:\Programme\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013.04.16 03:07:06 | 000,039,056 | ---- | M] () -- G:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) -- G:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013.03.22 05:04:17 | 001,444,304 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2013.03.22 04:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2013.03.22 04:50:20 | 002,362,744 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe
PRC - [2013.03.20 14:38:50 | 000,162,856 | ---- | M] (Geek Software GmbH) -- G:\Programme\PDF24\pdf24.exe
PRC - [2013.03.18 13:01:06 | 000,745,472 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\MsSpellCheckingFacility.exe
PRC - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- G:\Programme\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- G:\Programme\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- G:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- G:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- G:\Windows\System32\taskhost.exe
PRC - [2012.07.19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) -- G:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.12.13 10:34:54 | 000,671,552 | ---- | M] (TuneUp Software) -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.11.15 19:20:26 | 000,078,192 | ---- | M] (Dyn, Inc.) -- G:\Programme\Dyn Updater\DynTray.exe
PRC - [2011.07.22 15:26:40 | 000,690,472 | ---- | M] (Nero AG) -- G:\Programme\Nero\Update\NASvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- G:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- G:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- G:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- G:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
========== Modules (No Company Name) ==========
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- G:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV - [2013.06.25 12:31:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- G:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.21 13:36:55 | 002,095,944 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2013.06.12 14:01:11 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- G:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- G:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013.03.22 11:13:36 | 001,957,840 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013.03.22 04:50:20 | 002,362,744 | ---- | M] (G Data Software AG) [On_Demand | Running] -- G:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- G:\Programme\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- G:\Programme\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- G:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.29 12:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- G:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- G:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- G:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.08.25 03:10:01 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- G:\Windows\System32\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.19 09:53:10 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- G:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.13 10:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.13 10:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- G:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.11.15 19:20:26 | 000,095,608 | ---- | M] (Dyn, Inc.) [Auto | Stopped] -- G:\Programme\Dyn Updater\DynUpSvc.exe -- (Dyn Updater)
SRV - [2011.07.22 15:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- G:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- G:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- G:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- G:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- G:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- G:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Unknown] -- G:\Users\Buero\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013.06.26 17:11:20 | 000,054,104 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\gdwfpcd32.sys -- (gdwfpcd)
DRV - [2013.06.17 09:12:13 | 000,051,032 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2013.06.17 09:11:44 | 000,096,344 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- G:\Windows\System32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2013.06.17 09:11:44 | 000,045,912 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2013.04.17 09:33:35 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- G:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.04.11 08:48:24 | 000,030,896 | ---- | M] (G Data Software) [Kernel | System | Running] -- G:\Windows\System32\drivers\GRD.sys -- (GRD)
DRV - [2013.04.08 09:12:37 | 000,052,056 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV - [2013.02.26 01:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013.01.28 10:30:24 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.03 17:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.07.02 15:16:00 | 000,055,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2012.06.19 16:39:09 | 000,289,792 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2012.05.20 18:25:32 | 000,793,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV - [2012.05.20 18:25:32 | 000,350,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- G:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub)
DRV - [2012.05.20 18:25:32 | 000,015,680 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV - [2011.07.13 14:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.07.13 14:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- G:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.04.29 11:55:12 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011.04.29 11:55:12 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.03.18 14:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011.02.10 10:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- G:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.26 23:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- G:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- G:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 72 4C 47 99 63 CA 01 [binary data]
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes,DefaultScope = {BB041AC8-2009-4E10-B22F-84039E70B373}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{51BF1669-9387-407F-B07F-97817C8BC21A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=9M&apn_dtid=%5E&apn_uid=CA61A9C8-4166-45F8-9368-8439BA854CCE&apn_sauid=EF1EC9DA-2F4B-4EE8-8665-E6DD8C94BD34
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{9CCBD921-FBD7-4816-A930-7AAB447F724E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\SearchScopes\{BB041AC8-2009-4E10-B22F-84039E70B373}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A A9 BC 0A 4B 70 CB 01 [binary data]
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes,DefaultScope = {BB041AC8-2009-4E10-B22F-84039E70B373}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{065D5CF5-6E0E-42A8-86DF-6862F065A665}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{5D59D326-FA9C-4D9D-8F13-EABD5B52E182}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{9CCBD921-FBD7-4816-A930-7AAB447F724E}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\SearchScopes\{BB041AC8-2009-4E10-B22F-84039E70B373}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2432144436-981379088-275475555-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: G:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: G:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: G:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: g:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: G:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: G:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: G:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: G:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: G:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: g:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: g:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: G:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: G:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.06.12 11:21:43 | 000,000,000 | ---D | M]
[2012.06.22 15:24:35 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\Extensions
[2013.04.26 10:12:10 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\Firefox\Profiles\938svwi9.default\extensions
[2013.04.26 10:12:10 | 000,817,280 | ---- | M] () (No name found) -- G:\Users\Buero\AppData\Roaming\mozilla\firefox\profiles\938svwi9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.25 12:31:38 | 000,000,000 | ---D | M] (No name found) -- G:\Programme\Mozilla Firefox\browser\extensions
[2013.06.25 12:31:38 | 000,000,000 | ---D | M] (Default) -- G:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - G:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - G:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O3 - HKU\S-1-5-21-2432144436-981379088-275475555-1001\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKU\S-1-5-21-2432144436-981379088-275475555-1005\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [G Data AntiVirus Tray] G:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] G:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IMSS] G:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDFPrint] G:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [USB3MON] G:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1001..\Run: [] G:\Users\Buero\AppData\Local\Temp\krlgsludoasomnsvabjrqava.exe File not found
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1005..\Run: [] G:\Users\Trommi\AppData\Local\Temp\krlgsludoasomnsvabjrqava.exe File not found
O4 - HKU\S-1-5-21-2432144436-981379088-275475555-1005..\Run: [Sony Ericsson PC Companion] G:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] G:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - G:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - G:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - G:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - G:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - G:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} https://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=85748869 (Mail Migration)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E1B26101-23FB-4855-9171-F79F29CC7728} hxxp://doerflerkc.dyndns.biz/UltraCamX.cab (UltraCamX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B985AA6-26D7-4248-B8D1-018DDDB46818}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7811C701-3250-4564-ADCB-6C25C185ABE6}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - G:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - G:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - G:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (G:\Windows\system32\userinit.exe) - G:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (g:\program files\g data\internetsecurity\avkkid\avkcks.exe) - g:\Programme\G Data\InternetSecurity\AVKKid\AVKCKS.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\pdf24-editor.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdf24-fax.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - G:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - G:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.31 16:08:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.03.09 13:40:55 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4cc23fd4-cf84-11de-8b69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4cc23fd4-cf84-11de-8b69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{69a2022a-722b-11e0-9b80-00508d9cd093}\Shell - "" = AutoRun
O33 - MountPoints2\{69a2022a-722b-11e0-9b80-00508d9cd093}\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.28 14:00:16 | 000,155,648 | ---- | C] (Microsoft Corporation) -- G:\ProgramData\09qdo.dat
[2013.06.26 17:11:28 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2014
[2013.06.25 12:31:33 | 000,000,000 | ---D | C] -- G:\Program Files\Mozilla Firefox
[2013.06.13 09:17:48 | 000,000,000 | ---D | C] -- G:\Users\Buero\AppData\Roaming\vlc
[2013.06.13 09:17:42 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.12 11:21:33 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\xing shared
[2013.06.10 14:18:23 | 000,044,544 | ---- | C] (Microsoft Corporation) -- G:\ProgramData\rundll32.exe
========== Files - Modified Within 30 Days ==========
[2013.07.02 10:01:00 | 000,000,884 | ---- | M] () -- G:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.02 09:36:30 | 000,000,000 | ---- | M] () -- G:\Users\Buero\defogger_reenable
[2013.07.02 08:39:47 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 08:39:47 | 000,013,216 | -H-- | M] () -- G:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.02 08:32:33 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2013.07.02 08:32:27 | 2741,313,536 | -HS- | M] () -- G:\hiberfil.sys
[2013.07.01 17:41:47 | 095,023,320 | ---- | M] () -- G:\ProgramData\odq90.pad
[2013.07.01 13:59:48 | 000,002,608 | ---- | M] () -- G:\ProgramData\odq90.js
[2013.06.29 18:10:00 | 000,001,422 | ---- | M] () -- G:\Windows\tasks\hpwebreg_CN1CO4564X05JZ.job
[2013.06.28 10:18:52 | 000,000,000 | ---- | M] () -- G:\ProgramData\jmlorqe.dat
[2013.06.27 09:45:25 | 095,023,320 | ---- | M] () -- G:\ProgramData\eqrolmj.pad
[2013.06.26 17:11:28 | 000,001,945 | ---- | M] () -- G:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
[2013.06.26 17:11:20 | 000,054,104 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\gdwfpcd32.sys
[2013.06.25 14:36:36 | 000,696,848 | ---- | M] () -- G:\Windows\System32\perfh007.dat
[2013.06.25 14:36:36 | 000,652,166 | ---- | M] () -- G:\Windows\System32\perfh009.dat
[2013.06.25 14:36:36 | 000,148,144 | ---- | M] () -- G:\Windows\System32\perfc007.dat
[2013.06.25 14:36:36 | 000,121,098 | ---- | M] () -- G:\Windows\System32\perfc009.dat
[2013.06.17 10:56:23 | 000,000,000 | ---- | M] () -- G:\ProgramData\zdfrt.dat
[2013.06.17 09:12:13 | 000,051,032 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\HookCentre.sys
[2013.06.17 09:11:44 | 000,096,344 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\MiniIcpt.sys
[2013.06.17 09:11:44 | 000,045,912 | ---- | M] (G Data Software AG) -- G:\Windows\System32\drivers\GDBehave.sys
[2013.06.13 09:17:42 | 000,001,033 | ---- | M] () -- G:\Users\Public\Desktop\VLC media player.lnk
[2013.06.12 11:21:45 | 000,001,102 | ---- | M] () -- G:\Users\Public\Desktop\RealPlayer.lnk
[2013.06.12 11:21:21 | 000,272,896 | ---- | M] (Progressive Networks) -- G:\Windows\System32\pncrt.dll
[2013.06.10 16:57:42 | 095,023,320 | ---- | M] () -- G:\ProgramData\ij4i.pad
[2013.06.03 10:13:29 | 000,000,053 | ---- | M] () -- G:\stdout.out
[2013.06.03 10:11:17 | 000,000,000 | ---- | M] () -- G:\stderr.out
========== Files Created - No Company Name ==========
[2013.07.02 09:36:30 | 000,000,000 | ---- | C] () -- G:\Users\Buero\defogger_reenable
[2013.07.01 13:59:48 | 000,002,608 | ---- | C] () -- G:\ProgramData\odq90.js
[2013.06.28 14:00:17 | 095,023,320 | ---- | C] () -- G:\ProgramData\odq90.pad
[2013.06.24 11:04:51 | 095,023,320 | ---- | C] () -- G:\ProgramData\eqrolmj.pad
[2013.06.24 11:04:50 | 000,000,000 | ---- | C] () -- G:\ProgramData\jmlorqe.dat
[2013.06.17 09:12:20 | 000,001,945 | ---- | C] () -- G:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
[2013.06.14 16:34:00 | 000,000,000 | ---- | C] () -- G:\ProgramData\zdfrt.dat
[2013.06.13 09:17:42 | 000,001,033 | ---- | C] () -- G:\Users\Public\Desktop\VLC media player.lnk
[2013.06.12 11:21:45 | 000,001,102 | ---- | C] () -- G:\Users\Public\Desktop\RealPlayer.lnk
[2013.06.10 14:18:24 | 095,023,320 | ---- | C] () -- G:\ProgramData\ij4i.pad
[2013.04.24 10:12:17 | 000,001,500 | ---- | C] () -- G:\Users\Buero\.recently-used.xbel
[2013.04.17 09:36:32 | 000,293,889 | ---- | C] () -- G:\Windows\System32\drivers\RTAIODAT.DAT
[2013.04.17 09:35:03 | 000,598,780 | ---- | C] () -- G:\Windows\System32\igvpkrng700.bin
[2013.04.17 09:35:03 | 000,094,208 | ---- | C] () -- G:\Windows\System32\IccLibDll.dll
[2013.04.17 09:35:03 | 000,064,512 | ---- | C] () -- G:\Windows\System32\igdde32.dll
[2013.04.17 09:35:03 | 000,009,728 | ---- | C] ( ) -- G:\Windows\System32\IGFXDEVLib.dll
[2013.04.17 09:35:02 | 000,755,048 | ---- | C] () -- G:\Windows\System32\igcodeckrng700.bin
[2013.04.17 09:35:02 | 000,000,255 | ---- | C] () -- G:\Windows\System32\GfxUI.exe.config
[2013.04.16 22:53:37 | 000,000,010 | ---- | C] () -- G:\Windows\GSetup.ini
[2012.12.03 17:13:07 | 000,003,273 | ---- | C] () -- G:\Windows\SceneLib24.ini
[2012.12.03 15:20:16 | 000,001,239 | ---- | C] () -- G:\Windows\Track.INI
[2012.11.23 10:10:03 | 000,171,008 | ---- | C] () -- G:\Windows\System32\RPTlprUi.dll
[2012.11.23 10:10:03 | 000,042,496 | ---- | C] () -- G:\Windows\System32\RPTlpr.dll
[2012.11.19 10:50:50 | 002,953,448 | ---- | C] () -- G:\Windows\System32\nvcoproc.bin
[2012.06.22 17:07:41 | 000,017,408 | ---- | C] () -- G:\Users\Buero\AppData\Local\WebpageIcons.db
[2011.03.22 12:18:44 | 000,000,017 | ---- | C] () -- G:\Users\Buero\AppData\Local\resmon.resmoncfg
[2009.11.12 15:51:17 | 000,000,227 | ---- | C] () -- G:\Program Files\PanaHDS.ini
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- G:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.02.06 11:52:46 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\FreeVideoConverter
[2012.02.09 10:23:30 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\gotomaxx
[2013.04.24 10:12:17 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\gtk-2.0
[2011.06.24 10:09:55 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\LG Electronics
[2012.05.23 13:10:38 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\ScanSoft
[2011.04.01 09:31:16 | 000,000,000 | ---D | M] -- G:\Users\Buero\AppData\Roaming\TuneUp Software
[2012.11.08 14:27:27 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Audacity
[2012.05.14 10:01:03 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Duden
[2011.04.28 12:10:04 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\EPSON
[2012.12.27 14:07:20 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\G Data
[2013.06.10 14:18:42 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Giki
[2012.09.11 10:41:40 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\gotomaxx
[2013.05.13 15:53:04 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\gtk-2.0
[2013.06.10 14:18:25 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Igduiq
[2013.02.05 15:28:20 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\PriceGong
[2012.05.23 13:10:38 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\ScanSoft
[2013.05.02 14:50:31 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\SuperMailer
[2013.02.19 16:34:38 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\TeamViewer
[2011.04.01 09:58:19 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\TuneUp Software
[2013.06.10 14:18:42 | 000,000,000 | ---D | M] -- G:\Users\Cheffe\AppData\Roaming\Zaiv
[2013.04.24 12:47:16 | 000,000,000 | ---D | M] -- G:\Users\Newsletter\AppData\Roaming\TuneUp Software
[2013.04.27 09:21:59 | 000,000,000 | ---D | M] -- G:\Users\Newsletter.Buero-PC\AppData\Roaming\G Data
[2013.06.04 12:58:09 | 000,000,000 | ---D | M] -- G:\Users\Newsletter.Buero-PC\AppData\Roaming\SuperMailer
[2013.04.27 09:22:00 | 000,000,000 | ---D | M] -- G:\Users\Newsletter.Buero-PC\AppData\Roaming\TeamViewer
[2013.04.24 13:07:08 | 000,000,000 | ---D | M] -- G:\Users\Newsletter.Buero-PC\AppData\Roaming\TuneUp Software
[2012.02.09 10:17:10 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\7-PDFMaker
[2013.06.19 10:54:17 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\Audacity
[2012.05.14 09:30:00 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\Duden
[2011.04.26 14:45:26 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\EPSON
[2012.02.09 10:25:03 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\gotomaxx
[2013.05.29 16:32:14 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\gtk-2.0
[2012.05.23 13:10:38 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\ScanSoft
[2013.04.30 10:01:20 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\SuperMailer
[2013.02.20 11:23:17 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\TeamViewer
[2011.04.01 09:39:26 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\TuneUp Software
[2010.10.20 12:30:24 | 000,000,000 | ---D | M] -- G:\Users\Trommi\AppData\Roaming\Windows Live Writer
[2013.01.09 17:17:14 | 000,000,000 | ---D | M] -- G:\Users\Werzl\AppData\Roaming\G Data
[2013.02.19 17:24:24 | 000,000,000 | ---D | M] -- G:\Users\Werzl\AppData\Roaming\TeamViewer
[2011.04.09 10:52:59 | 000,000,000 | ---D | M] -- G:\Users\Werzl\AppData\Roaming\TuneUp Software
[2012.05.14 14:15:29 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\Duden
[2013.01.14 14:20:47 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\G Data
[2013.02.28 14:50:24 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\gtk-2.0
[2012.05.23 13:10:38 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\ScanSoft
[2013.02.20 12:19:18 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\TeamViewer
[2011.05.04 13:47:19 | 000,000,000 | ---D | M] -- G:\Users\Zaworski\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 02.07.2013 09:58:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\Users\Trommi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,40 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 55,64% Memory free
6,81 Gb Paging File | 4,89 Gb Available in Paging File | 71,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files
Drive C: | 92,78 Gb Total Space | 36,28 Gb Free Space | 39,11% Space Free | Partition Type: NTFS
Drive D: | 43,95 Gb Total Space | 43,84 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
Drive E: | 49,59 Gb Total Space | 36,66 Gb Free Space | 73,94% Space Free | Partition Type: NTFS
Drive G: | 279,45 Gb Total Space | 192,02 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive H: | 78,13 Gb Total Space | 16,99 Gb Free Space | 21,74% Space Free | Partition Type: NTFS
Drive I: | 36,36 Gb Total Space | 3,82 Gb Free Space | 10,51% Space Free | Partition Type: NTFS
Computer Name: BUERO-PC | User Name: Buero | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- G:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- G:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- G:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "G:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "G:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0983FDFC-7500-46AA-A3DA-EEA8A4DF1A13}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0AF3024A-631C-43E2-83D2-11888830AAE7}" = lport=6004 | protocol=17 | dir=in | app=g:\program files\microsoft office\office14\outlook.exe |
"{0DF1AF9D-209F-4FCC-BE14-E9F7D87FA6C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12B61BB1-CEA8-4382-8CF0-69BF1957450D}" = lport=445 | protocol=6 | dir=in | app=system |
"{153F8C02-87F4-478F-A0E7-45C2F38693F3}" = lport=139 | protocol=6 | dir=in | app=system |
"{20836249-2402-44D7-8035-6989442AA9DF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{29AD7437-9BC8-47A1-AF55-C917A2934476}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3921E03E-BCBF-417E-A92C-DDA8F766F65B}" = rport=139 | protocol=6 | dir=out | app=system |
"{418BFDF7-CFC2-47EB-9B9E-6C01E8C2FF96}" = lport=10243 | protocol=6 | dir=in | app=system |
"{49724BD5-19AA-4E5B-84BF-3721F36B04FE}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D4B764D-C07D-40B9-B476-2488BE9EC2E2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{627D7580-D112-499C-99AD-2A477A7A0D3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6E814DAC-30B1-46A1-AFDE-2551D6302939}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{761ACED5-5E4D-44BD-B70E-2F667AF94447}" = lport=137 | protocol=17 | dir=in | app=system |
"{76A2BD24-5D2B-43CE-9B89-118485960C5C}" = rport=137 | protocol=17 | dir=out | app=system |
"{8EFA5102-A3B8-49CE-8EA2-61F4AD023481}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{990FC001-82C0-41B2-95F0-E7866DDDE650}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1C605B9-BCCF-4B72-9D8F-DCE75F902C1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB3EB8DC-5F2C-4304-9120-978CA6DE9F4B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B016E129-7782-44DB-AA59-9519B472C47B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B13C41BE-E9DA-49D6-8169-DDBCAFBBAA76}" = rport=138 | protocol=17 | dir=out | app=system |
"{BF71B0DE-378A-4D6A-8529-B6FCA16347BE}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1CFFC4F-DF4F-459C-A69A-17A75AD8C200}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5BED03E-4158-4FD2-8BE4-8F8325EBFC2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F5EECB98-523D-42F2-B363-D2B8FC35B6D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB592DD5-7F8C-4766-8CCF-C0487012C0BC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A346F69-C5A8-43EA-B9AE-07A322518F3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B4A1793-1513-4BC9-93D5-EC9986B6E1D4}" = protocol=6 | dir=in | app=g:\program files\webcamxp 5\wlite.exe |
"{0DBC480B-36CE-45CE-B168-F0EC10FAA0B2}" = protocol=17 | dir=in | app=g:\program files\microsoft office\office14\groove.exe |
"{189E7CF2-3C8B-470E-BB97-EF86E12E38C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31B1649C-FB5D-410D-B5FA-3DCAFF17782A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{349B96F5-5659-485B-A6C6-0EAEEA38FCE6}" = protocol=17 | dir=in | app=g:\program files\webcamxp 5\wservice.exe |
"{3CAE5411-A680-4751-A94A-353C11A206CA}" = protocol=6 | dir=in | app=g:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{48F42BEA-9DD8-41B6-97C5-F2EA4E3E23CA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B6BD222-B291-463D-928A-4098C4391A68}" = protocol=17 | dir=in | app=g:\program files\teamviewer\version8\teamviewer_service.exe |
"{4BE07446-26AF-4E5B-8E95-E67BBE9C8AFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DD12FD7-AEEC-42DF-9F96-7F7D2D801ABC}" = protocol=17 | dir=in | app=g:\program files\webcamxp 5\wlite.exe |
"{54255A87-DE03-444E-BF37-675C6F7ED811}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{585D1DC9-4404-4094-AC4A-77436F1A4728}" = protocol=6 | dir=in | app=g:\program files\teamviewer\version8\teamviewer_service.exe |
"{5A810C9A-AFBE-4E5E-A0FD-F5F2A07266E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B2DD4CD-0E9C-43A4-B8BD-062AD5DFF467}" = protocol=6 | dir=in | app=g:\program files\microsoft office\office14\groove.exe |
"{5DB0D476-5CE3-433A-86C3-C54A9D259C5D}" = protocol=17 | dir=in | app=g:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{64680FBA-AC2F-4172-A12D-AC9A6529F822}" = dir=in | app=g:\program files\windows live\contacts\wlcomm.exe |
"{6E7063B6-80ED-4C4B-8488-AF5E3A2076D8}" = protocol=6 | dir=in | app=g:\program files\webcamxp 5\wservice.exe |
"{731F34BC-F01B-45F5-A186-B2E9E4E0D880}" = protocol=17 | dir=in | app=g:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{7CD559BB-0367-43D1-BE3F-6B9109D3EBC5}" = protocol=6 | dir=in | app=g:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{8B289105-C9AA-4F0A-A95E-9B54B7EA3A0A}" = protocol=6 | dir=in | app=g:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{8B40D312-FF45-4053-A378-161138C3F1FD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9BD5A20A-6D01-4EA1-8557-5BD50097B7F5}" = protocol=6 | dir=out | app=system |
"{A48AA486-73B2-4F9D-9083-B4D4BF0B91C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A7F0E8C8-0A2D-43DF-BB40-B9E3E4A00048}" = protocol=6 | dir=in | app=g:\program files\teamviewer\version8\teamviewer.exe |
"{A98EF550-91AB-4FCC-A4A9-86C6CE46343F}" = protocol=17 | dir=in | app=g:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{B8311498-A13D-4644-81D4-F4AAE172FD38}" = protocol=17 | dir=in | app=g:\program files\teamviewer\version8\teamviewer.exe |
"{C4C0E8C4-B5C6-4A65-BBE2-622AAC423A32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC4F2FBB-0561-47AF-B9F6-6426303DE984}" = protocol=17 | dir=in | app=g:\program files\microsoft office\office14\onenote.exe |
"{D8141552-344D-41FF-AAF5-435200083669}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E813827F-3488-4268-B260-2762330A8737}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EA3A6F62-3E83-44EC-8D6F-363DAF71229F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EF162207-AC61-4046-91DD-540FA6C01E87}" = protocol=6 | dir=in | app=g:\program files\microsoft office\office14\onenote.exe |
"{EF4D578A-1CDB-427C-898C-7D7FE13A02D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1588B0C-32EC-4632-AFEC-B12BFD4240B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{3DC86687-43B3-4921-94BE-8414328C23BF}G:\service.exe" = protocol=6 | dir=in | app=g:\service.exe |
"TCP Query User{8055FAB7-6275-46AA-B52C-C9700E4E3B9E}G:\devicesearch 1.0.0.27\devicesearch.exe" = protocol=6 | dir=in | app=g:\devicesearch 1.0.0.27\devicesearch.exe |
"UDP Query User{045B043A-80E6-46AF-A2F1-6E318C8C2FFA}G:\service.exe" = protocol=17 | dir=in | app=g:\service.exe |
"UDP Query User{BC9E0808-594A-4C34-BC64-1452C345E853}G:\devicesearch 1.0.0.27\devicesearch.exe" = protocol=17 | dir=in | app=g:\devicesearch 1.0.0.27\devicesearch.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{4162E4B4-DB62-4719-9921-A59B2671C1CB}" = Nero Recode 11
"{44CDB8EC-569D-4C61-B18C-8768A1FC7E15}" = Panasonic RPT Network Printer Port
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{528EC8F4-1C19-41BA-80A1-0B5EA21BA628}" = maxx PDFMAILER Standard
"{53C9D2D8-F188-4D2F-9D42-A1BA359DD096}" = mDecoderTool
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7765322A-8601-47D3-AC60-B66677450D7B}" = G Data InternetSecurity 2014
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78F2FF7C-AC3C-430C-83A7-E2859FBA630A}" = Panasonic Printing System
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8491AD-D0D2-4B51-AA4A-A8B67795A553}" = Nero Burning ROM 11
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A68575CE-050E-4E1F-A053-58BE8D9DE7AB}" = ArcSoft MediaImpression 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E89BAE75-3446-43BA-B180-7F11692A9778}" = nero.prerequisites.msi
"{EB475D31-14C0-4DC3-8E0A-8AE1711399B3}" = Nero 11
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}" = ITE IT8211 ATAPI Controller
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Carrera Streckenplaner_is1" = Carrera Streckenplaner
"DynUpdater" = Dyn Updater
"Edit4Win" = Edit4Win 3.10
"Ext2Fsd_is1" = Ext2Fsd 0.48
"InstallShield_{78F2FF7C-AC3C-430C-83A7-E2859FBA630A}" = Panasonic Printer Drivers
"Lidl-Fotos_is1" = Lidl-Fotos
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NetObjects Fusion Essentials" = NetObjects Fusion Essentials
"Newsletter Software SuperMailer_is1" = SuperMailer 7.10
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ST6UNST #1" = RS-Office Pro V7
"ST6UNST #2" = RS-Office Pro V7 (C:\RSOFFICE\)
"ST6UNST #3" = RS-Office Pro V7 (g:\RSOFFICE\)
"ST6UNST #4" = RS-Office Pro V7 (C:\RSOFFICE\) #3
"TeamViewer 8" = TeamViewer 8
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"wintrack51_is1" = WinTrack 5.1 3D
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2432144436-981379088-275475555-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2432144436-981379088-275475555-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.06.2013 07:28:54 | Computer Name = Buero-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 21.0.0.4879 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15d8 Startzeit:
01ce725dea462f70 Endzeit: 15 Anwendungspfad: G:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
91d1b06c-de53-11e2-a507-94de8005544a
Error - 27.06.2013 05:42:32 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.06.2013 05:42:52 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
11\nero recode\NeroBRServer.exe.Manifest". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="11.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.06.2013 04:00:23 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.06.2013 04:00:42 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
11\nero recode\NeroBRServer.exe.Manifest". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="11.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.07.2013 09:08:28 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
11\nero backitup\NBVSSTool_x64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.07.2013 09:08:47 | Computer Name = Buero-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "g:\program files\Nero\Nero
11\nero recode\NeroBRServer.exe.Manifest". Die abhängige Assemblierung "ACME,processorArchitecture="x86",type="win32",version="11.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 01.07.2013 11:13:32 | Computer Name = Buero-PC | Source = System Restore | ID = 8200
Description =
Error - 01.07.2013 11:28:44 | Computer Name = Buero-PC | Source = System Restore | ID = 8200
Description =
Error - 01.07.2013 11:38:46 | Computer Name = Buero-PC | Source = System Restore | ID = 8206
Description =
Error - 02.07.2013 03:07:10 | Computer Name = Buero-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00052cc7 ID des fehlerhaften
Prozesses: 0xfe0 Startzeit der fehlerhaften Anwendung: 0x01ce76f208fc7ad2 Pfad der
fehlerhaften Anwendung: G:\Users\Trommi\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: G:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 02f19b82-e2e6-11e2-aa12-94de8005544a
[ System Events ]
Error - 02.07.2013 02:37:42 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%997
Error - 02.07.2013 02:37:42 | Computer Name = Buero-PC | Source = PNRPSvc | ID = 102
Description =
Error - 02.07.2013 02:37:42 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%997
Error - 02.07.2013 02:37:42 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%997
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = PNRPSvc | ID = 102
Description =
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = PNRPSvc | ID = 102
Description =
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%997
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%997
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%997
Error - 02.07.2013 03:36:44 | Computer Name = Buero-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%997
[ TuneUp Events ]
Error - 26.09.2012 08:57:44 | Computer Name = Buero-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
--- --- ---
GMER Logfile: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-02 10:28:04
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB
Running: gmer_2.1.19163.exe; Driver: G:\Users\Buero\AppData\Local\Temp\fwloqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 838589F5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 838921F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? G:\Users\Buero\AppData\Local\Temp\aswMBR.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 2.1 ----
.text G:\Program Files\Internet Explorer\iexplore.exe[1252] shell32.DLL!RealDriveType + 173D 766EFE30 4 Bytes [E5, 36, 80, 70]
.text G:\Program Files\Internet Explorer\iexplore.exe[1252] shell32.DLL!RealDriveType + 1745 766EFE38 8 Bytes [1B, 57, 80, 70, 97, 83, 81, ...]
.text G:\Program Files\Internet Explorer\iexplore.exe[2444] shell32.DLL!RealDriveType + 173D 766EFE30 4 Bytes [E5, 36, 80, 70]
.text G:\Program Files\Internet Explorer\iexplore.exe[2444] shell32.DLL!RealDriveType + 1745 766EFE38 8 Bytes [1B, 57, 80, 70, 97, 83, 81, ...]
.text G:\Program Files\Internet Explorer\iexplore.exe[5948] shell32.DLL!RealDriveType + 173D 766EFE30 4 Bytes [E5, 36, 80, 70]
.text ...
.text G:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[6100] kernel32.dll!SetUnhandledExceptionFilter 778BF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text G:\Program Files\Internet Explorer\iexplore.exe[11692] shell32.DLL!RealDriveType + 173D 766EFE30 4 Bytes [E5, 36, 80, 70]
.text G:\Program Files\Internet Explorer\iexplore.exe[11692] shell32.DLL!RealDriveType + 1745 766EFE38 8 Bytes [1B, 57, 80, 70, 97, 83, 81, ...]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVolUp.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 NBVol.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 NBVolUp.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\3CA63232-5DE6-437F-AE71-DEF503C848E2@IPAddress ::1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\796FE558-16EA-42F7-933E-262618CD0C39@IPAddress 127.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\D4EEDED3-E755-4B50-8154-E8B18E2778CD@IPAddress ::1
---- EOF - GMER 2.1 ----
--- --- --- |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.