|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen2 löscht Pfade und löscht progs und VerknüpfungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.11.2011, 16:07 | #1 |
| TR/Crypt.ZPACK.Gen2 löscht Pfade und löscht progs und Verknüpfungen Hallo "Trojaner-Bekämpfungs und Seuchen Killer-Kommando" , habe ein kleines Problem mit nem Trojaner der oben genannt ist in der Überschrift. In diesem Thread ist genau mein Problem schon behandelt wqorden. http://www.trojaner-board.de/96995-t...ht-aerger.html Ich Poste dazu einfach mal die Malware Logs + OTL logs. Hoffe dass Ihr mir weiterhelfen könnt. Viele Dank im voraus schonmal! Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8090 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 05.11.2011 15:53:59 mbam-log-2011-11-05 (15-53-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|) Durchsuchte Objekte: 349862 Laufzeit: 55 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Tina\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38\3f3612a6-53d6c854 (Trojan.FakeAlert.Gen) -> No action taken. Code:
ATTFilter OTL logfile created on: 05.11.2011 13:59:01 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tina\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 56,88% Memory free 6,50 Gb Paging File | 4,89 Gb Available in Paging File | 75,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 575,07 Gb Total Space | 483,80 Gb Free Space | 84,13% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,56% Space Free | Partition Type: NTFS Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tina\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\ieconfig_1und1_svc.exe () PRC - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QxtCore.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\QxtWeb.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\qjson.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\ssoengine.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\securestorage.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () MOD - C:\Programme\COMPUTERBILD-Abzockschutz\Internet Explorer\BandObjectsLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Programme\1&1\1&1 EasyLogin\EasyLoginCrypt.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll () ========== Win32 Services (SafeList) ========== SRV - (serviceIEConfig) -- C:\Windows\System32\ieconfig_1und1_svc.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.1und1.de/links/home IE - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/410" FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.32 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.3.1.00 FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com//web?src=ffb&appid=0&systemid=410&sr=0&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Users\Tina\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.10.07 10:20:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.29 10:27:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.06 10:58:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.10.07 10:20:37 | 000,000,000 | ---D | M] [2011.11.05 13:44:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Extensions [2011.09.28 06:50:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\4316iwzy.default\extensions [2011.10.07 10:18:52 | 000,000,000 | -H-D | M] (Searchqu Toolbar) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\4316iwzy.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.10.07 10:18:51 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\4316iwzy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.07 10:18:51 | 000,000,000 | -H-D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\4316iwzy.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2010.01.20 11:19:10 | 000,000,923 | -H-- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\4316iwzy.default\searchplugins\conduit.xml [2011.09.16 16:11:35 | 000,002,503 | -H-- | M] () -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\4316iwzy.default\searchplugins\SearchResults.xml [2011.09.16 16:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.07 10:20:38 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION [2011.10.07 10:20:29 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.16 16:11:35 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\System32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_7\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000..\Run: [] File not found O4 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) O4 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1460742789-3339115732-553396096-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7114F0A7-643E-4F88-99B7-A02D831FE369}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\datamngr.dll) -C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WIA6EB~1\Datamngr\IEBHO.dll) -C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 60 Days ========== [2011.11.05 13:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.11.05 13:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.11.05 13:31:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.10.13 06:29:32 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.10.13 06:29:31 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.10.13 06:29:20 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.10.13 06:29:11 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.10.13 06:29:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.10.13 06:29:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.10.13 06:29:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.10.13 06:29:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.10.06 07:18:02 | 000,000,000 | -H-D | C] -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore [2011.09.23 07:15:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.09.16 16:11:37 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCT232.OCX [2011.09.16 16:11:35 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll [2011.09.16 16:11:35 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll [2011.09.16 16:11:35 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll [2011.09.16 16:11:35 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll [2011.09.16 16:11:35 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll [2011.09.16 16:11:35 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll [2011.09.16 16:11:35 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll [2011.09.16 16:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar [2011.09.16 16:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2011.09.16 16:11:34 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll [2011.09.16 16:11:34 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2011.09.16 16:11:34 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX [2011.09.16 16:11:34 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX [2011.09.16 16:11:34 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCFR.DLL [2011.09.16 16:11:34 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6FR.DLL [2011.09.16 16:11:34 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.OCX [2011.09.16 16:11:34 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL [2011.09.16 16:11:34 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscc2fr.dll [2011.09.16 16:11:34 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGFR.DLL [2011.09.16 16:11:34 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTFR.DLL [2011.09.16 16:11:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetfr.DLL [2011.09.16 16:11:33 | 000,000,000 | -H-D | C] -- C:\Users\Tina\AppData\Roaming\FreeAudioPack [2011.09.16 15:36:56 | 000,000,000 | -H-D | C] -- C:\Users\Tina\Desktop\Bilder Handy [2011.09.16 15:33:01 | 000,000,000 | -H-D | C] -- C:\Users\Tina\AppData\Local\NokiaAccount [2011.09.16 15:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2011.09.14 12:45:45 | 000,978,576 | ---- | C] (mquadr.at software engineering und consulting GmbH) -- C:\Windows\System32\ieconfig_1und1.dll [2011.09.14 12:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{411234A5-A7C5-4628-A4D3-64C942F8C38C} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 60 Days ========== [2011.11.05 13:47:12 | 000,001,459 | ---- | M] () -- C:\Users\Tina\Desktop\iexplore - Verknüpfung.lnk [2011.11.05 13:33:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.05 13:31:05 | 000,001,220 | ---- | M] () -- C:\Users\Tina\Desktop\Spybot - Search & Destroy.lnk [2011.11.05 12:06:49 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.05 12:06:49 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.05 12:04:20 | 000,662,254 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.05 12:04:20 | 000,624,136 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.05 12:04:20 | 000,133,190 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.05 12:04:20 | 000,109,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.05 11:59:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.05 11:59:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.05 11:58:58 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2011.10.24 17:03:27 | 000,023,552 | ---- | M] () -- C:\Users\Tina\Documents\neckermann_bestellung_24.10.11.wps [2011.10.22 10:38:00 | 000,009,728 | ---- | M] () -- C:\Users\Tina\Lebenslauf3. wps.wps [2011.10.13 17:23:33 | 000,368,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.06 07:19:08 | 000,000,456 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk [2011.10.06 07:18:02 | 000,000,320 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.10.06 07:18:02 | 000,000,240 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.10.01 03:42:56 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.09.23 07:15:48 | 286,572,605 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.15 10:38:15 | 000,081,408 | -H-- | M] () -- C:\Users\Tina\Documents\Familienkasse_15.09.11.wps [2011.09.15 10:38:15 | 000,009,482 | -H-- | M] () -- C:\Users\Tina\AppData\Roaming\wklnhst.dat [2011.09.14 12:45:46 | 001,053,848 | ---- | M] () -- C:\Windows\System32\ieconfig_1und1_svc.exe [2011.09.14 12:45:45 | 000,978,576 | ---- | M] (mquadr.at software engineering und consulting GmbH) -- C:\Windows\System32\ieconfig_1und1.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.05 13:47:12 | 000,001,459 | ---- | C] () -- C:\Users\Tina\Desktop\iexplore - Verknüpfung.lnk [2011.11.05 13:31:05 | 000,001,220 | ---- | C] () -- C:\Users\Tina\Desktop\Spybot - Search & Destroy.lnk [2011.10.24 17:03:27 | 000,023,552 | ---- | C] () -- C:\Users\Tina\Documents\neckermann_bestellung_24.10.11.wps [2011.10.22 10:36:59 | 000,009,728 | ---- | C] () -- C:\Users\Tina\Lebenslauf3. wps.wps [2011.10.06 07:18:02 | 000,000,320 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk [2011.10.06 07:18:02 | 000,000,240 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr [2011.10.06 07:18:00 | 000,000,456 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk [2011.09.23 07:15:48 | 286,572,605 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.09.16 16:11:35 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx [2011.09.15 10:27:30 | 000,081,408 | -H-- | C] () -- C:\Users\Tina\Documents\Familienkasse_15.09.11.wps [2011.09.14 12:45:46 | 001,053,848 | ---- | C] () -- C:\Windows\System32\ieconfig_1und1_svc.exe [2011.08.25 17:13:26 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2011.03.21 12:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.05.08 20:14:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.01.10 09:47:01 | 000,000,017 | -H-- | C] () -- C:\Users\Tina\AppData\Local\resmon.resmoncfg [2010.01.03 17:07:39 | 000,009,482 | -H-- | C] () -- C:\Users\Tina\AppData\Roaming\wklnhst.dat [2009.11.05 17:09:07 | 000,000,042 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2009.11.05 16:54:13 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.11.05 16:54:13 | 000,195,854 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.11.05 16:54:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009.10.06 11:51:33 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.09.25 11:39:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 09:47:43 | 000,662,254 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,133,190 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,368,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,624,136 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,109,580 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FC4EA67C @Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:3B812EE0 @Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:F1175E1D @Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:270A3983 @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:4EE95FE7 @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:6C5EC3CD @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:99A29126 @Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:5BC73C48 @Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:C20426BD @Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:7BA83BF4 @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:7A0FEE87 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:2B1EA607 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:140AD176 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C48A983C @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5D10C56A @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:8BFA0030 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0D278FB5 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:123A86B5 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4B1195DD @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:FED25C29 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:008586AE @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5080697C @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8F070C2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:DD04902E @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:370E4EFB @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:C8AC644A @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:737160C1 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:CB16385F @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C5E2BAEE @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5C6EBC69 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:072F1F69 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:61F0C8FB @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A3E39C6A @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A2FF62A6 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:598E0FFA @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:870649A4 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:55F44B88 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:AC95B5ED @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:581B0446 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C3C72D5F @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9ACB70D7 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C22674B6 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:32A82570 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BE6B5FC3 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:2F141B68 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:9A6EBBF2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:7B52659E @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:B8384DB6 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:7547DA5B @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:75CC0165 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:0F0A5896 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:90B52091 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:331B76C7 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:0ED4AC2F @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:7C412B92 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:43301D1D @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:561B1D2B @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:225CD7D5 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A7DA2BCD @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:D0668210 @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:090FB735 @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:C07A6A6B @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:08D8BB20 < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.11.2011 13:59:01 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tina\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 56,88% Memory free 6,50 Gb Paging File | 4,89 Gb Available in Paging File | 75,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 575,07 Gb Total Space | 483,80 Gb Free Space | 84,13% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,56% Space Free | Partition Type: NTFS Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{0E5E6D29-7F0C-6532-6A11-62629649AD3C}" = CCC Help Finnish "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{1206E622-A6BB-665A-EFE4-AF068CEF85C8}" = Catalyst Control Center InstallProxy "{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2562CC92-BCC6-35A7-F2E2-52E82CC2F746}" = Catalyst Control Center Graphics Full New "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = EzCAP Video Grabber "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver "{2EF0862B-22C7-8AA8-4272-DDB79410C113}" = Catalyst Control Center Graphics Light "{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On "{32A546AD-2626-1DF1-0746-123AFA6E265F}" = ATI Catalyst Install Manager "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FBD5F02-D8CF-5800-6333-E66262831496}" = Catalyst Control Center Core Implementation "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver "{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player "{58A69DDE-F355-8A3B-CF9E-6BC5065A1AE3}" = CCC Help Spanish "{62D90DFE-48E2-E2A4-C38C-8F3FC018463E}" = ccc-utility "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{744FFCE8-3AB1-BA9E-68BF-D3418909C2A2}" = CCC Help Italian "{757A9362-BEBA-82B3-7329-40DA11649186}" = CCC Help German "{759253A9-AB2F-D893-0076-4D61DF925900}" = CCC Help Dutch "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76D57840-661F-5BA8-F9BE-D153227644D7}" = CCC Help French "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{80187789-AC1E-C394-F8A5-1A42C84627F6}" = Catalyst Control Center Graphics Previews Vista "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.0 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8AADC86C-5018-4762-A309-3031F68D1008}" = COMPUTERBILD-Abzockschutz "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BBC5B6BA-A02C-5A78-8767-841733D16451}" = CCC Help English "{BD11E3C6-065E-40BB-A129-435C4530A159}_is1" = Jewel Master - Cradle Of Rome "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution "{C4AD4C15-B39C-5EDB-4776-4B44B5AE770F}" = CCC Help Danish "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C5EA6F92-E34E-555E-47E7-92B1A1E8D1B3}" = ccc-core-static "{CB9CC6C9-185F-E771-0633-B4D20E13D6AB}" = CCC Help Japanese "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E5D06831-77CC-05C5-AA43-42AD1CEB451A}" = CCC Help Norwegian "{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked "{EF41AC64-43B4-44A4-39C5-35B7256ED3ED}" = Catalyst Control Center Localization All "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C28B5F-31A3-ACE3-3D4E-86C487ADC139}" = Catalyst Control Center Graphics Full Existing "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0F55285-D935-9245-34E5-91973D110874}" = CCC Help Swedish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "1&1 EasyLogin" = 1&1 EasyLogin "1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "A0C8AB38D670723BC27436B03381EA98C003CE12" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALDI Foto Service D" = ALDI Foto Service "ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free "Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice "ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "AVS Update Manager_is1" = AVS Update Manager 1.0 "BFG-Abra Academy" = Abra Academy "BFG-Abra Academy - Returning Cast" = Abra Academy™: Returning Cast "BFG-Around the World in 80 Days" = Around the World in 80 Days "BFGC" = Big Fish Games: Game Manager "BFG-Chainz 2 Relinked" = Chainz 2 Relinked "BFG-Curse of the Pharaoh - Die Traenen der Sachmet" = Curse of the Pharaoh: Die Tränen der Sachmet "BFG-Die Gestohlene Venus" = Die Gestohlene Venus "BFG-Dream Day First Home" = Dream Day First Home "BFG-Faded Reality" = Faded Reality "BFG-Fishdom" = Fishdom "BFG-Hidden Mysteries - Buckingham Palace" = Hidden Mysteries™: Buckingham Palace "BFG-Lost Realms - Das Erbe der Sonnenprinzessin" = Lost Realms: Das Erbe der Sonnenprinzessin "BFG-Magic Academy" = Magic Academy "BFG-Mystery PI - The New York Fortune" = Mystery P.I.: The New York Fortune "BFG-Mysteryville" = Mysteryville "BFG-Sarah Maribu und die Vergessene Welt" = Sarah Maribu und die Vergessene Welt "BFG-Schatzinsel 2" = Schatzinsel 2 "BFG-Vacation Quest - The Hawaiian Islands" = Vacation Quest: The Hawaiian Islands "Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Chainz 2" = Chainz 2 "DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.10.722 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "GMX ProfiFax" = GMX ProfiFax "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "MAGIX Filme auf DVD 7 D" = MAGIX Filme auf DVD 7 7.0.3.0 (D) "MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D) "MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "McAfee Security Scan" = McAfee Security Scan Plus "MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.250 (D) "Nokia Ovi Suite" = Nokia Ovi Suite "Picasa 3" = Picasa 3 "Searchqu 0 MediaBar" = Windows Searchqu Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1460742789-3339115732-553396096-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "10 Days Under The Sea Deluxe" = 10 Days Under The Sea Deluxe "1001 Nights - The Adventures of Sindbad Deluxe" = 1001 Nights - The Adventures of Sindbad Deluxe "3 Days - Zoo Mystery Deluxe" = 3 Days - Zoo Mystery Deluxe "Age of Oracles - Tara's Journey Deluxe" = Age of Oracles - Tara's Journey Deluxe "Becky Brogan - The Mystery of Meane Manor Deluxe" = Becky Brogan - The Mystery of Meane Manor Deluxe "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe "Big City Adventure - New York City Deluxe" = Big City Adventure - New York City Deluxe "Cate West - The Vanishing Files Deluxe" = Cate West - The Vanishing Files Deluxe "Chainz 2 Deluxe" = Chainz 2 Deluxe "Delicious 2 Deluxe" = Delicious 2 Deluxe "Fishdom - Frosty Splash Deluxe" = Fishdom - Frosty Splash Deluxe "Fishdom - Spooky Splash Deluxe" = Fishdom - Spooky Splash Deluxe "Fishdom Deluxe" = Fishdom Deluxe "Fishdom H2O - Hidden Odyssey Deluxe" = Fishdom H2O - Hidden Odyssey Deluxe "Hidden Identity - Chicago Blackout Deluxe" = Hidden Identity - Chicago Blackout Deluxe "Hidden Magic Deluxe" = Hidden Magic Deluxe "Jane's Hotel - Family Hero Deluxe" = Jane's Hotel - Family Hero Deluxe "Keys to Manhattan Deluxe" = Keys to Manhattan Deluxe "Pahelika - Secret Legends Deluxe" = Pahelika - Secret Legends Deluxe "Zuma Deluxe" = Zuma Deluxe ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.10.2011 05:59:40 | Computer Name = Tina-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 2.0.0.0, Zeitstempel: 0x49ef8e09 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e2111c0 Ausnahmecode: 0xe0434f4d Fehleroffset: 0x0000d36f ID des fehlerhaften Prozesses: 0x14b0 Startzeit der fehlerhaften Anwendung: 0x01cc8f0ef7f2318b Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 394c035c-fb02-11e0-8258-4061864c8901 Error - 21.10.2011 14:19:10 | Computer Name = Tina-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 2.0.0.0, Zeitstempel: 0x49ef8e09 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e2111c0 Ausnahmecode: 0xe0434f4d Fehleroffset: 0x0000d36f ID des fehlerhaften Prozesses: 0x1448 Startzeit der fehlerhaften Anwendung: 0x01cc901de967400c Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 2b418e5f-fc11-11e0-855c-4061864c8901 Error - 22.10.2011 05:44:48 | Computer Name = Tina-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 80c Startzeit: 01cc909f292904f6 Endzeit: 8 Anwendungspfad: C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID: 709afca1-fc92-11e0-9855-4061864c8901 Error - 24.10.2011 09:10:20 | Computer Name = Tina-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16a8 Startzeit: 01cc924e2faa5755 Endzeit: 6 Anwendungspfad: C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID: 7c529d09-fe41-11e0-ba80-4061864c8901 Error - 24.10.2011 09:13:49 | Computer Name = Tina-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5a0 Startzeit: 01cc924ea9ef6ad8 Endzeit: 8 Anwendungspfad: C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID: f8ccc142-fe41-11e0-ba80-4061864c8901 Error - 24.10.2011 09:16:27 | Computer Name = Tina-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 2.0.0.0, Zeitstempel: 0x49ef8e09 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651, Zeitstempel: 0x4e2111c0 Ausnahmecode: 0xe0434f4d Fehleroffset: 0x0000d36f ID des fehlerhaften Prozesses: 0x14d4 Startzeit der fehlerhaften Anwendung: 0x01cc924f1eda525e Pfad der fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 60a696bc-fe42-11e0-a404-4061864c8901 Error - 29.10.2011 04:09:35 | Computer Name = Tina-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 92c Startzeit: 01cc9611fe392df6 Endzeit: 8 Anwendungspfad: C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID: 4e4348f8-0205-11e1-84fd-4061864c8901 Error - 29.10.2011 05:49:05 | Computer Name = Tina-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1530 Startzeit: 01cc961fe7f8cea3 Endzeit: 5 Anwendungspfad: C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID: 327b6d2b-0213-11e1-bfb0-4061864c8901 Error - 29.10.2011 05:49:30 | Computer Name = Tina-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 954 Startzeit: 01cc96200271c68e Endzeit: 21 Anwendungspfad: C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID: 48e18cb1-0213-11e1-bfb0-4061864c8901 Error - 30.10.2011 05:53:28 | Computer Name = Tina-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 8.0.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1184 Startzeit: 01cc96e9ada4388f Endzeit: 11 Anwendungspfad: C:\Program Files\Internet Explorer\IEXPLORE.EXE Berichts-ID: fa40be47-02dc-11e1-8180-4061864c8901 [ System Events ] Error - 20.10.2011 07:37:41 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 20.10.2011 07:42:45 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 20.10.2011 07:42:47 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 20.10.2011 07:48:24 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 20.10.2011 07:48:26 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 21.10.2011 09:59:50 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 21.10.2011 09:59:50 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 21.10.2011 10:11:38 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 21.10.2011 10:11:40 | Computer Name = Tina-PC | Source = DCOM | ID = 10016 Description = Error - 24.10.2011 02:22:42 | Computer Name = Tina-PC | Source = Microsoft-Windows-Application-Experience | ID = 205 Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht initialisieren. < End of report > ralle69 |
06.11.2011, 10:33 | #2 |
| TR/Crypt.ZPACK.Gen2 löscht Pfade und löscht progs und Verknüpfungen ....push....
__________________ |
Themen zu TR/Crypt.ZPACK.Gen2 löscht Pfade und löscht progs und Verknüpfungen |
alternate, antivir, avira, bandoo, benutzerregistrierung, bho, bingbar, canon, ccc.exe, converter, defender, desktop, druck, error, excel.exe, firefox, flash player, format, google, google earth, helper, home, host.exe, iexplore.exe, install.exe, intranet, logfile, malware, microsoft office word, mp3, office 2007, plug-in, problem, realtek, registry, rundll, safer networking, scan, sched.exe, searchqu toolbar, security, security scan, security update, senden, shell32.dll, software, studio, taskhost.exe, version=1.0, webcheck |