Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen3 Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.12.2011, 19:14   #1
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



Hallo, ich habe seit gerade eben Probleme mit oben genannten Trojaner.

Weiß auch aus welcher Datei er stammte...

Hoffe ihr könnt mir helfen und sagen ob ich formatieren muss.....

Danke








OTL logfile created on: 11.12.2011 18:44:47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\incely\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,71% Memory free
4,00 Gb Paging File | 2,53 Gb Available in Paging File | 63,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 19,28 Gb Free Space | 12,94% Space Free | Partition Type: NTFS
Drive D: | 699,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: INCELY-COMP | User Name: incely | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.11 18:44:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\incely\Downloads\OTL.exe
PRC - [2011.12.11 18:43:18 | 000,050,477 | ---- | M] () -- C:\Users\incely\Downloads\Defogger.exe
PRC - [2011.12.11 16:34:06 | 000,083,456 | ---- | M] () -- C:\Users\incely\AppData\Local\Temp\tmp284.exe
PRC - [2011.11.09 11:47:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.08.31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011.06.30 14:46:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.26 21:23:02 | 000,223,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.04.26 21:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.10.29 17:06:44 | 000,157,456 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2009.10.29 17:06:42 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2009.06.22 15:13:48 | 000,304,592 | ---- | M] () -- C:\Programme\XSManager\WTGService.exe
PRC - [2008.02.09 19:33:54 | 000,136,192 | -HS- | M] () -- C:\Users\incely\Network\wmpkh32.exe


========== Modules (No Company Name) ==========

MOD - [2011.12.11 18:43:18 | 000,050,477 | ---- | M] () -- C:\Users\incely\Downloads\Defogger.exe
MOD - [2011.12.11 16:34:06 | 000,083,456 | ---- | M] () -- C:\Users\incely\AppData\Local\Temp\tmp284.exe
MOD - [2011.11.09 11:47:43 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.04.26 21:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.02.09 19:33:54 | 000,136,192 | -HS- | M] () -- C:\Users\incely\Network\wmpkh32.exe


========== Win32 Services (SafeList) ==========

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.06.30 14:46:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.26 21:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.04.16 12:49:28 | 000,073,520 | ---- | M] (ElcomSoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe -- (EWSASERV)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.08 13:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010.12.08 13:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.11.08 12:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009.10.29 17:06:42 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.22 15:13:48 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Programme\XSManager\WTGService.exe -- (WTGService)


========== Driver Services (SafeList) ==========

DRV - [2011.12.11 18:33:40 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2011.06.30 14:46:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 14:46:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011.03.31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011.02.07 16:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010.12.08 13:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.17 15:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010.09.17 15:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010.09.14 14:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.07.29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.04 13:34:09 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.05.04 13:34:08 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.04.01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.12.12 18:17:08 | 000,691,696 | ---- | M] () [Kernel | Disabled | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009.05.08 10:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2009.03.27 12:23:12 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.03.06 10:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.01.29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.10.31 15:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007.11.02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.09.26 05:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006.11.14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.08.17 23:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 13 2A 85 97 D0 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://hukd.mydealz.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\incely\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\incely\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\incely\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\incely\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.28 15:05:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.03.22 15:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 11:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.12 10:22:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.12 10:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.12 10:22:53 | 000,000,000 | ---D | M]

[2010.04.09 14:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions
[2010.04.09 14:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.18 17:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.12.04 17:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions
[2011.02.28 23:46:56 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011.12.04 17:01:48 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2011.11.19 01:48:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.10.07 15:08:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.04 16:58:20 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.10.16 15:23:08 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\firefox@tvunetworks.com
[2010.08.15 11:26:55 | 000,002,252 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\askcom.xml
[2009.12.16 16:43:08 | 000,005,318 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\com-searchde.xml
[2010.10.10 18:15:12 | 000,002,059 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\daemon-search.xml
[2011.12.07 23:35:40 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-1.xml
[2010.07.24 23:41:56 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-2.xml
[2010.08.13 13:50:59 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-3.xml
[2010.09.24 14:42:48 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-4.xml
[2010.10.05 16:38:34 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-5.xml
[2010.10.28 15:43:22 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-6.xml
[2010.12.10 15:48:57 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-7.xml
[2011.03.02 16:13:34 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-8.xml
[2010.07.19 16:02:12 | 000,001,056 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin.xml
[2011.12.04 16:58:09 | 000,003,915 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\sweetim.xml
[2011.11.09 11:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.05 19:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\INCELY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YOMQYBRK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 11:47:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.15 11:31:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.10.10 21:53:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.10 21:53:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.10 21:53:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 21:53:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.13 11:45:51 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.10 21:53:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 21:53:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\gears.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\incely\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\incely\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_1\

O1 HOSTS File: ([2010.01.05 00:30:37 | 000,001,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\IEPro\IEProRecorder.dll ()
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\IEPro\IEProRecorder.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\incely\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [WinMedia Server] C:\Users\incely\Network\wmpkh32.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\incely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A59DDFA-7CF2-4CC8-8150-465CDB022B59}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C23B500A-E036-42BD-BFDB-B4AA53BFC1F1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03becb74-119d-11e0-94a2-00188bc92795}\Shell - "" = AutoRun
O33 - MountPoints2\{03becb74-119d-11e0-94a2-00188bc92795}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{6cf99174-5760-11df-9198-00188bc92795}\Shell - "" = AutoRun
O33 - MountPoints2\{6cf99174-5760-11df-9198-00188bc92795}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{9813c1a8-e1c3-11df-b3f4-00188bc92795}\Shell - "" = AutoRun
O33 - MountPoints2\{9813c1a8-e1c3-11df-b3f4-00188bc92795}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.12.11 18:33:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.11 18:33:22 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Malwarebytes
[2011.12.11 18:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.11 18:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.11 18:33:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.11 18:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.11 15:59:49 | 000,000,000 | -HSD | C] -- C:\Users\incely\Network
[2011.12.08 06:55:19 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\Facebook
[2011.12.04 17:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2011.12.04 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2011.12.04 16:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2011.12.04 16:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2011.12.03 02:16:15 | 000,000,000 | ---D | C] -- C:\Users\incely\ntb-eleven-xvid
[2011.12.03 01:53:33 | 000,000,000 | ---D | C] -- C:\Users\incely\bright-fl-xvid
[2011.11.21 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011.11.20 18:30:14 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free
[2011.11.20 18:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free
[2011.11.20 18:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
[2011.11.19 22:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.19 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\Logitech® Webcam-Software
[2011.11.19 16:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011.11.19 16:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011.11.19 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011.11.19 16:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011.11.19 16:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011.11.19 14:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2011.11.15 09:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
[2011.11.15 09:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2011.11.15 09:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft
[2011.11.15 09:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft Password Recovery
[2011.11.13 22:23:38 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\MetaGeek,_LLC
[2011.11.13 22:16:46 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2011.11.13 22:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\inSSIDer 2.0
[2011.11.13 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Makayama Interactive
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\incely\Documents\*.tmp files -> C:\Users\incely\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.11 18:44:29 | 000,000,176 | ---- | M] () -- C:\Users\incely\defogger_reenable
[2011.12.11 18:33:40 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.11 18:33:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 18:06:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.11 17:53:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job
[2011.12.11 16:08:50 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 16:08:50 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 16:03:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.11 16:02:53 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011.12.11 16:02:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.11 16:02:37 | 1609,383,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.11 16:00:35 | 000,047,109 | -H-- | M] () -- C:\Users\incely\userdiff.sav
[2011.12.11 16:00:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job
[2011.12.08 07:00:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job
[2011.12.07 18:04:44 | 296,474,112 | ---- | M] () -- C:\Users\incely\Desktop\AutoScreenRecorder_02 Dec. 07 18.04.avi
[2011.12.06 10:53:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job
[2011.12.06 05:41:29 | 000,001,082 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.11.25 14:22:28 | 004,298,746 | ---- | M] () -- C:\Users\incely\Desktop\Tequila_Song_(2005).mp3
[2011.11.25 11:13:11 | 000,253,720 | ---- | M] () -- C:\Users\incely\Desktop\Tutorien_WS_11_12.pdf
[2011.11.20 22:23:21 | 000,062,061 | ---- | M] () -- C:\Users\incely\Documents\216288_188488611196477_100001060174934_463816_2052238_n.jpg
[2011.11.20 22:22:24 | 000,081,406 | ---- | M] () -- C:\Users\incely\Documents\206682_188488627863142_100001060174934_463817_2030799_n.jpg
[2011.11.20 18:30:14 | 000,002,030 | ---- | M] () -- C:\Users\incely\Desktop\AutoScreenRecorder 3.1 Free.lnk
[2011.11.19 22:08:15 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.19 16:12:37 | 000,001,582 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011.11.17 19:43:44 | 000,029,084 | ---- | M] () -- C:\Users\incely\Documents\ajk.jpg
[2011.11.13 22:16:46 | 000,003,027 | ---- | M] () -- C:\Users\incely\Desktop\inSSIDer 2.0.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\incely\Documents\*.tmp files -> C:\Users\incely\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.11 18:43:53 | 000,000,176 | ---- | C] () -- C:\Users\incely\defogger_reenable
[2011.12.11 18:33:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 16:00:35 | 000,047,109 | -H-- | C] () -- C:\Users\incely\userdiff.sav
[2011.12.08 06:55:26 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job
[2011.12.08 06:55:25 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job
[2011.12.07 17:53:37 | 296,474,112 | ---- | C] () -- C:\Users\incely\Desktop\AutoScreenRecorder_02 Dec. 07 18.04.avi
[2011.12.06 05:41:29 | 000,001,082 | ---- | C] () -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.11.25 14:22:04 | 004,298,746 | ---- | C] () -- C:\Users\incely\Desktop\Tequila_Song_(2005).mp3
[2011.11.25 11:13:11 | 000,253,720 | ---- | C] () -- C:\Users\incely\Desktop\Tutorien_WS_11_12.pdf
[2011.11.20 22:23:16 | 000,062,061 | ---- | C] () -- C:\Users\incely\Documents\216288_188488611196477_100001060174934_463816_2052238_n.jpg
[2011.11.20 22:22:18 | 000,081,406 | ---- | C] () -- C:\Users\incely\Documents\206682_188488627863142_100001060174934_463817_2030799_n.jpg
[2011.11.20 18:30:14 | 000,002,030 | ---- | C] () -- C:\Users\incely\Desktop\AutoScreenRecorder 3.1 Free.lnk
[2011.11.19 22:08:15 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.19 16:12:37 | 000,001,582 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2011.11.17 19:43:34 | 000,029,084 | ---- | C] () -- C:\Users\incely\Documents\ajk.jpg
[2011.11.13 22:16:46 | 000,003,027 | ---- | C] () -- C:\Users\incely\Desktop\inSSIDer 2.0.lnk
[2011.09.30 13:54:03 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.09.30 13:54:03 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.09.25 20:12:48 | 000,007,602 | ---- | C] () -- C:\Users\incely\AppData\Local\Resmon.ResmonCfg
[2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.02 17:28:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.02 17:25:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.05 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.02.26 23:54:10 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.02.06 23:45:44 | 000,000,094 | ---- | C] () -- C:\Users\incely\AppData\Local\fusioncache.dat
[2011.01.17 16:49:27 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.11.30 15:03:08 | 000,021,504 | ---- | C] () -- C:\Users\incely\AppData\Local\WebpageIcons.db
[2010.11.10 14:11:08 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2010.05.04 13:34:09 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.05.04 13:34:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.04.07 10:42:55 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2010.03.18 13:25:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.02.17 12:30:39 | 000,009,216 | ---- | C] () -- C:\Users\incely\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.11 18:36:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.23 19:54:40 | 000,000,000 | ---- | C] () -- C:\Users\incely\AppData\Roaming\AVSMediaPlayer.m3u
[2009.12.23 19:52:48 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.23 19:52:48 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.22 11:41:50 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2009.12.22 11:41:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.22 11:41:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.19 01:12:52 | 000,000,059 | ---- | C] () -- C:\Users\incely\AppData\Roaming\GoodnightTimer.ini
[2009.12.14 17:59:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.12 18:17:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,537,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.04.27 19:28:44 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2007.10.08 13:21:46 | 000,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2005.05.06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2011.09.30 12:48:19 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Atari
[2011.09.21 22:07:05 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\BOM
[2010.04.04 10:15:34 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Canneverbe Limited
[2009.12.12 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DAEMON Tools Lite
[2011.02.28 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Dropbox
[2011.10.07 15:08:24 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DVDVideoSoft
[2011.10.07 15:08:12 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.04 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Foxit Software
[2011.06.07 22:46:07 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Free Download Manager
[2010.04.07 10:49:51 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\FreeFLVConverter
[2010.10.23 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Friday's games
[2011.08.21 13:48:38 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\GameRanger
[2011.01.22 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\GrabPro
[2011.12.04 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ICQ
[2011.04.23 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ImgBurn
[2011.08.30 14:21:18 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Kalypso Media
[2011.09.29 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Leadertech
[2010.11.24 23:39:31 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2011.02.26 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\MiniDm
[2010.04.25 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\MudTV
[2009.12.14 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\OpenOffice.org
[2010.03.31 07:06:25 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Opera
[2010.09.09 16:59:03 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ProtectDISC
[2011.10.24 16:54:54 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Screaming Bee
[2010.02.17 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ShareTV
[2010.04.06 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Softi Software
[2010.03.18 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Songbird2
[2011.07.17 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Sports Interactive
[2011.03.22 15:09:36 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Swiss Academic Software
[2010.04.09 14:33:05 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Thunderbird
[2011.01.02 12:47:42 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Tific
[2011.11.20 22:27:40 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\TS3Client
[2009.12.14 13:37:25 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\TuneUp Software
[2011.05.06 01:47:16 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Tunngle
[2011.04.25 21:45:20 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Ubisoft
[2010.02.11 19:50:26 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Xilisoft
[2010.10.28 19:45:59 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\XSManager
[2010.05.03 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Z-Software
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.12.11 16:02:53 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011.12.08 07:00:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job
[2011.12.11 16:00:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job
[2011.10.13 11:08:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Alt 11.12.2011, 19:15   #2
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



einen malware scan und eset scan mach ich gerade....
__________________


Alt 11.12.2011, 20:38   #3
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8352

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11.12.2011 20:35:41
mbam-log-2011-12-11 (20-35-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 368501
Laufzeit: 2 Stunde(n), 0 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\tm (Trojan.Downloader) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\incely\downloads\elcomsoft.wireless.security.auditor.3.0.2.375\elcomsoft.wireless.security.auditor.3.0.2.375\Patch\elcomsoft.wireless.securit y.auditor.3.0.2.375.patch-jw.exe (RiskWare.Tool.HCK) -> No action taken.
c:\Users\incely\downloads\mini-kms.activator.v1.072.en-plz\mini-kms.activator.v1.072.en-plz\mKMSAct.exe (PUP.Hacktool) -> No action taken.
__________________

Alt 12.12.2011, 10:40   #4
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



C:\Users\incely\laqqxwe.exe Win32/Tofsee.AI trojan
C:\Users\incely\AppData\Local\Temp\tmp284.exe Win32/Injector.MBS trojan
C:\Users\incely\AppData\Local\Temp\tmp285.exe Win32/Injector.MBS trojan
C:\Users\incely\Downloads\SuperOneClickFor2.1.rar Linux/Exploit.Lotoor.AK trojan
C:\Users\incely\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application
C:\Users\incely\Downloads\SuperOneClickFor2.1\SuperOneClickFor2.1\SuperOneClick\rageagainstthecage Linux/Exploit.Lotoor.AK trojan
C:\Users\incely\DS7\DS7\SIED7\Die Siedler 7.iso a variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Exploit.Pdfka.PAV trojan
C:\Users\incely\Network\wmpkh32.exe a variant of Win32/Injector.MBS trojan
C:\Windows\Installer\85c3a3.msi Win32/Adware.Toolbar.Dealio application
Operating memory multiple threats

Alt 12.12.2011, 10:43   #5
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



Hallo, könnte mit bitte jemand sagen wie folgenschwer der Befall ist und wie ich weiter vorgehen soll. Vielen Dank!


Alt 12.12.2011, 12:59   #6
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



Soll ich noch irgendwelche tests durchführen oder könnt ihr damit schon was anfangen?

Alt 12.12.2011, 20:55   #7
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



Schade, mir mag wohl keiner helfen

Alt 12.12.2011, 20:57   #8
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8355

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12.12.2011 20:54:33
mbam-log-2011-12-12 (20-54-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 362259
Laufzeit: 1 Stunde(n), 17 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig (Trojan.Agent) -> Value: MSConfig -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\incely\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\ICQTTKJL\3x1[1].zip (Trojan.Agent) -> No action taken.
c:\Users\incely\laqqxwe.exe (Trojan.Agent) -> No action taken.

Alt 12.12.2011, 22:55   #9
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8355

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12.12.2011 22:54:14
mbam-log-2011-12-12 (22-54-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 363019
Laufzeit: 1 Stunde(n), 39 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 13.12.2011, 13:36   #10
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=90957aa4dcd8cf4db0544eb62d871897
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-12 02:52:18
# local_time=2011-12-12 03:52:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 21879 60187646 28548 0
# compatibility_mode=5893 16776574 100 94 13554957 75282016 0 0
# compatibility_mode=8192 67108863 100 0 28054 28054 0 0
# scanned=177472
# found=44
# cleaned=0
# scan_time=7555
C:\spiele\Die Siedler 7\Data\Base\_Dbg\Bin\Release\1911.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\laqqxwe.exe Win32/Tofsee.AI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Temp\tmp284.exe Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Temp\tmp285.exe Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\Downloads\SuperOneClickFor2.1.rar Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\Downloads\SuperOneClickFor2.1\SuperOneClickFor2.1\SuperOneClick\rageagainstthecage Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\DS7\DS7\SIED7\Die Siedler 7.iso a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Exploit.Pdfka.PAV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\Network\wmpkh32.exe a variant of Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\85c3a3.msi Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=90957aa4dcd8cf4db0544eb62d871897
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-13 12:08:00
# local_time=2011-12-13 01:08:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 134209 60299976 140878 0
# compatibility_mode=5893 16776574 100 94 13667287 75394346 0 0
# compatibility_mode=8192 67108863 100 0 140384 140384 0 0
# scanned=170412
# found=47
# cleaned=0
# scan_time=14946
C:\Users\incely\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z9K8A0S\1aj[1].zip a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z9K8A0S\1nd[1].zip a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1Z9K8A0S\au[1].zip a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\77LPSQ9B\1nd[1].zip a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Temp\tmp284.exe Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Temp\tmp285.exe Win32/Injector.MBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Temp\tmp288.exe a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Temp\tmp33.exe a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\AppData\Local\Temp\tmp4.exe a variant of Win32/Injector.MCC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\Downloads\SuperOneClickFor2.1.rar Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\Downloads\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\Downloads\SuperOneClickFor2.1\SuperOneClickFor2.1\SuperOneClick\rageagainstthecage Linux/Exploit.Lotoor.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\DS7\DS7\SIED7\Die Siedler 7.iso a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\incely\emeien_13.188.LPG_softarchive.net\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Trackware.ReadNotify.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\85c3a3.msi Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I

Alt 13.12.2011, 14:03   #11
juha260
 
TR/Crypt.XPACK.Gen3 Trojaner - Standard

TR/Crypt.XPACK.Gen3 Trojaner



Hier der neuste OTL scan ausgeführt vom Desktop:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.12.2011 13:49:15 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\****\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,15% Memory free
4,00 Gb Paging File | 2,65 Gb Available in Paging File | 66,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 27,76 Gb Free Space | 18,63% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\incely\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Programme\XSManager\WTGService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Yahoo!\Messenger\yui.dll ()
MOD - C:\Programme\Yahoo!\Messenger\pcre.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (EWSASERV) -- C:\Program Files\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv.exe (ElcomSoft Co. Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Programme\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (EverestDriver) -- C:\Programme\EVEREST Home Edition\kerneld.wnt ()
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 13 2A 85 97 D0 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://hukd.mydealz.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\incely\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\incely\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\incely\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\incely\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.08.28 15:05:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.03.22 15:00:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.09 11:47:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.12 10:22:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.12 10:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.12 10:22:53 | 000,000,000 | ---D | M]
 
[2010.04.09 14:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions
[2010.04.09 14:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.18 17:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.12.04 17:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions
[2011.02.28 23:46:56 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011.12.04 17:01:48 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2011.11.19 01:48:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.10.07 15:08:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.04 16:58:20 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.10.16 15:23:08 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\incely\AppData\Roaming\mozilla\Firefox\Profiles\yomqybrk.default\extensions\firefox@tvunetworks.com
[2010.08.15 11:26:55 | 000,002,252 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\askcom.xml
[2009.12.16 16:43:08 | 000,005,318 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\com-searchde.xml
[2010.10.10 18:15:12 | 000,002,059 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\daemon-search.xml
[2011.12.07 23:35:40 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-1.xml
[2010.07.24 23:41:56 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-2.xml
[2010.08.13 13:50:59 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-3.xml
[2010.09.24 14:42:48 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-4.xml
[2010.10.05 16:38:34 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-5.xml
[2010.10.28 15:43:22 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-6.xml
[2010.12.10 15:48:57 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-7.xml
[2011.03.02 16:13:34 | 000,000,950 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin-8.xml
[2010.07.19 16:02:12 | 000,001,056 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\icqplugin.xml
[2011.12.04 16:58:09 | 000,003,915 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Mozilla\Firefox\Profiles\yomqybrk.default\searchplugins\sweetim.xml
[2011.11.09 11:47:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.05 19:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\INCELY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YOMQYBRK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.09 11:47:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.15 11:31:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.10.10 21:53:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.10 21:53:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.10 21:53:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 21:53:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.13 11:45:51 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.10 21:53:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 21:53:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\incely\AppData\Local\Google\Chrome\Application\13.0.782.215\gears.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\incely\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\incely\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_1\
 
O1 HOSTS File: ([2010.01.05 00:30:37 | 000,001,021 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\IEPro\IEProRecorder.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\IEPro\IEProRecorder.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\incely\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\incely\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A59DDFA-7CF2-4CC8-8150-465CDB022B59}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C23B500A-E036-42BD-BFDB-B4AA53BFC1F1}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03becb74-119d-11e0-94a2-00188bc92795}\Shell - "" = AutoRun
O33 - MountPoints2\{03becb74-119d-11e0-94a2-00188bc92795}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{6cf99174-5760-11df-9198-00188bc92795}\Shell - "" = AutoRun
O33 - MountPoints2\{6cf99174-5760-11df-9198-00188bc92795}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{9813c1a8-e1c3-11df-b3f4-00188bc92795}\Shell - "" = AutoRun
O33 - MountPoints2\{9813c1a8-e1c3-11df-b3f4-00188bc92795}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.13 13:48:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\incely\Desktop\OTL(1).exe
[2011.12.12 19:43:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.12 18:50:22 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\ImgBurn
[2011.12.12 18:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011.12.12 18:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011.12.12 15:00:05 | 000,000,000 | ---D | C] -- C:\Users\incely\MW7Ex86-mm
[2011.12.12 13:41:24 | 000,000,000 | ---D | C] -- C:\Users\incely\various
[2011.12.11 18:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.11 18:58:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\incely\Desktop\esetsmartinstaller_enu.exe
[2011.12.11 18:33:22 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Malwarebytes
[2011.12.11 18:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.11 18:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.11 18:33:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.11 18:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.11 15:59:49 | 000,000,000 | -HSD | C] -- C:\Users\incely\Network
[2011.12.08 06:55:19 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\Facebook
[2011.12.04 17:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2011.12.04 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong
[2011.12.03 02:16:15 | 000,000,000 | ---D | C] -- C:\Users\incely\ntb-eleven-xvid
[2011.12.03 01:53:33 | 000,000,000 | ---D | C] -- C:\Users\incely\bright-fl-xvid
[2011.11.21 00:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011.11.20 18:30:14 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free
[2011.11.20 18:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wisdom-soft AutoScreenRecorder 3 Free
[2011.11.20 18:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
[2011.11.19 22:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.19 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\Logitech® Webcam-Software
[2011.11.19 16:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011.11.19 16:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2011.11.19 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011.11.19 16:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2011.11.19 16:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011.11.19 14:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2011.11.15 09:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elcomsoft Password Recovery
[2011.11.15 09:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Elcomsoft Password Recovery
[2011.11.15 09:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft
[2011.11.15 09:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Elcomsoft Password Recovery
[2011.11.13 22:23:38 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Local\MetaGeek,_LLC
[2011.11.13 22:16:46 | 000,000,000 | ---D | C] -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
[2011.11.13 22:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\inSSIDer 2.0
[2011.11.13 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Makayama Interactive
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\incely\Documents\*.tmp files -> C:\Users\incely\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.13 13:53:14 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job
[2011.12.13 13:52:47 | 007,077,888 | -HS- | M] () -- C:\Users\incely\ntuser.dat
[2011.12.13 13:48:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\incely\Desktop\OTL(1).exe
[2011.12.13 13:06:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.13 13:00:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job
[2011.12.13 10:53:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job
[2011.12.13 08:51:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.13 08:48:48 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.13 08:48:48 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.13 08:43:26 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2011.12.13 08:43:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011.12.13 08:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.13 08:43:10 | 1609,383,936 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.13 00:58:04 | 002,582,468 | -H-- | M] () -- C:\Users\incely\AppData\Local\IconCache.db
[2011.12.12 21:05:01 | 001,527,504 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011.12.12 21:05:01 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.12 21:05:01 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.12 21:05:01 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.12 21:05:01 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.12 18:41:08 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011.12.12 07:00:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job
[2011.12.12 01:01:35 | 000,047,109 | -H-- | M] () -- C:\Users\incely\userdiff.sav
[2011.12.11 18:59:03 | 002,322,184 | ---- | M] (ESET) -- C:\Users\incely\Desktop\esetsmartinstaller_enu.exe
[2011.12.11 18:44:29 | 000,000,176 | ---- | M] () -- C:\Users\incely\defogger_reenable
[2011.12.11 18:33:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.07 18:04:44 | 296,474,112 | ---- | M] () -- C:\Users\incely\Desktop\AutoScreenRecorder_02 Dec. 07 18.04.avi
[2011.12.06 05:41:29 | 000,001,082 | ---- | M] () -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.11.30 11:26:08 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2011.11.25 14:22:28 | 004,298,746 | ---- | M] () -- C:\Users\incely\Desktop\Tequila_Song_(2005).mp3
[2011.11.25 11:13:11 | 000,253,720 | ---- | M] () -- C:\Users\incely\Desktop\Tutorien_WS_11_12.pdf
[2011.11.25 10:32:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.20 22:23:21 | 000,062,061 | ---- | M] () -- C:\Users\incely\Documents\216288_188488611196477_100001060174934_463816_2052238_n.jpg
[2011.11.20 22:22:24 | 000,081,406 | ---- | M] () -- C:\Users\incely\Documents\206682_188488627863142_100001060174934_463817_2030799_n.jpg
[2011.11.20 18:30:14 | 000,002,030 | ---- | M] () -- C:\Users\incely\Desktop\AutoScreenRecorder 3.1 Free.lnk
[2011.11.19 22:08:15 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.19 16:12:37 | 000,001,582 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2011.11.17 19:43:44 | 000,029,084 | ---- | M] () -- C:\Users\incely\Documents\ajk.jpg
[2011.11.13 22:16:46 | 000,003,027 | ---- | M] () -- C:\Users\incely\Desktop\inSSIDer 2.0.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[3 C:\Users\incely\Documents\*.tmp files -> C:\Users\incely\Documents\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.12 20:57:37 | 002,582,468 | -H-- | C] () -- C:\Users\incely\AppData\Local\IconCache.db
[2011.12.12 18:41:08 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011.12.12 18:41:08 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011.12.11 18:43:53 | 000,000,176 | ---- | C] () -- C:\Users\incely\defogger_reenable
[2011.12.11 18:33:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.11 16:00:35 | 000,047,109 | -H-- | C] () -- C:\Users\incely\userdiff.sav
[2011.12.08 06:55:26 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job
[2011.12.08 06:55:25 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job
[2011.12.07 17:53:37 | 296,474,112 | ---- | C] () -- C:\Users\incely\Desktop\AutoScreenRecorder_02 Dec. 07 18.04.avi
[2011.12.06 05:41:29 | 000,001,082 | ---- | C] () -- C:\Users\incely\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.11.25 14:22:04 | 004,298,746 | ---- | C] () -- C:\Users\incely\Desktop\Tequila_Song_(2005).mp3
[2011.11.25 11:13:11 | 000,253,720 | ---- | C] () -- C:\Users\incely\Desktop\Tutorien_WS_11_12.pdf
[2011.11.20 22:23:16 | 000,062,061 | ---- | C] () -- C:\Users\incely\Documents\216288_188488611196477_100001060174934_463816_2052238_n.jpg
[2011.11.20 22:22:18 | 000,081,406 | ---- | C] () -- C:\Users\incely\Documents\206682_188488627863142_100001060174934_463817_2030799_n.jpg
[2011.11.20 18:30:14 | 000,002,030 | ---- | C] () -- C:\Users\incely\Desktop\AutoScreenRecorder 3.1 Free.lnk
[2011.11.19 22:08:15 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.19 16:12:37 | 000,001,582 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2011.11.17 19:43:34 | 000,029,084 | ---- | C] () -- C:\Users\incely\Documents\ajk.jpg
[2011.11.13 22:16:46 | 000,003,027 | ---- | C] () -- C:\Users\incely\Desktop\inSSIDer 2.0.lnk
[2011.09.30 13:54:03 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011.09.30 13:54:03 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2011.09.25 20:12:48 | 000,007,602 | ---- | C] () -- C:\Users\incely\AppData\Local\Resmon.ResmonCfg
[2011.08.19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.02 17:28:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.02 17:25:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.07.02 17:25:53 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2011.05.05 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.02.26 23:54:10 | 000,004,997 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.02.06 23:45:44 | 000,000,094 | ---- | C] () -- C:\Users\incely\AppData\Local\fusioncache.dat
[2011.01.17 16:49:27 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.11.30 15:03:08 | 000,021,504 | ---- | C] () -- C:\Users\incely\AppData\Local\WebpageIcons.db
[2010.11.10 14:11:08 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2010.05.04 13:34:09 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.05.04 13:34:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.04.07 10:42:55 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2010.02.17 12:30:39 | 000,009,216 | ---- | C] () -- C:\Users\incely\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.11 18:36:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.23 19:54:40 | 000,000,000 | ---- | C] () -- C:\Users\incely\AppData\Roaming\AVSMediaPlayer.m3u
[2009.12.23 19:52:48 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.23 19:52:48 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.22 11:41:50 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2009.12.22 11:41:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.12.22 11:41:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.12.21 17:36:27 | 000,142,960 | ---- | C] () -- C:\Users\incely\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.12.19 01:12:52 | 000,000,059 | ---- | C] () -- C:\Users\incely\AppData\Roaming\GoodnightTimer.ini
[2009.12.14 17:59:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.12 18:17:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.10 19:44:42 | 001,527,504 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,537,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:57 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2009.07.14 03:04:23 | 000,000,478 | ---- | C] () -- C:\Windows\win.ini
[2009.07.14 03:04:23 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 22:41:05 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2009.07.13 22:41:04 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2009.07.13 22:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2009.07.13 22:41:02 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2009.07.13 22:41:01 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2009.07.13 22:40:59 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2009.07.13 22:40:57 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2009.07.13 22:40:57 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2009.07.13 22:40:56 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2009.07.13 22:40:54 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2009.07.13 22:40:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2009.07.13 22:40:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2009.07.13 22:40:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2009.07.13 22:40:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2009.07.13 22:40:48 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2009.07.13 22:40:44 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2009.07.13 22:40:43 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2009.07.13 22:40:43 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2009.07.13 22:40:41 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2009.07.13 22:40:40 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2009.07.13 22:40:39 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2009.07.13 22:40:35 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2009.07.13 22:40:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2009.07.13 22:40:27 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2009.07.13 22:40:23 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2009.07.13 22:40:19 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2009.07.13 22:40:17 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2009.07.13 22:40:15 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2009.07.13 22:40:13 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2009.07.13 22:40:11 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009.07.13 21:29:46 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2009.06.10 22:42:32 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2009.06.10 22:39:59 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.04.27 19:28:44 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2007.10.08 13:21:46 | 000,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2005.05.06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2011.09.30 12:48:19 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Atari
[2011.09.21 22:07:05 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\BOM
[2010.04.04 10:15:34 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Canneverbe Limited
[2009.12.12 18:21:11 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DAEMON Tools Lite
[2011.02.28 16:27:17 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Dropbox
[2011.10.07 15:08:24 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DVDVideoSoft
[2011.10.07 15:08:12 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.04 23:03:49 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Foxit Software
[2011.06.07 22:46:07 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Free Download Manager
[2010.04.07 10:49:51 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\FreeFLVConverter
[2010.10.23 15:17:35 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Friday's games
[2011.08.21 13:48:38 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\GameRanger
[2011.01.22 16:20:18 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\GrabPro
[2011.12.04 17:09:59 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ICQ
[2011.12.12 18:52:25 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ImgBurn
[2011.08.30 14:21:18 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Kalypso Media
[2011.09.29 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Leadertech
[2010.11.24 23:39:31 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2011.02.26 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\MiniDm
[2010.04.25 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\MudTV
[2009.12.14 15:20:16 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\OpenOffice.org
[2010.03.31 07:06:25 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Opera
[2010.09.09 16:59:03 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ProtectDISC
[2011.10.24 16:54:54 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Screaming Bee
[2010.02.17 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\ShareTV
[2010.04.06 13:44:14 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Softi Software
[2010.03.18 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Songbird2
[2011.07.17 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Sports Interactive
[2011.03.22 15:09:36 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Swiss Academic Software
[2010.04.09 14:33:05 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Thunderbird
[2011.01.02 12:47:42 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Tific
[2011.11.20 22:27:40 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\TS3Client
[2009.12.14 13:37:25 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\TuneUp Software
[2011.05.06 01:47:16 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Tunngle
[2011.04.25 21:45:20 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Ubisoft
[2010.02.11 19:50:26 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Xilisoft
[2010.10.28 19:45:59 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\XSManager
[2010.05.03 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\incely\AppData\Roaming\Z-Software
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2010.03.25 11:05:10 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.12.13 08:43:26 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011.12.12 07:00:01 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001Core.job
[2011.12.13 13:00:02 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2876474578-1761696293-1767001252-1001UA.job
[2011.10.13 11:08:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---







OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.12.2011 13:49:15 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\****Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 44,15% Memory free
4,00 Gb Paging File | 2,65 Gb Available in Paging File | 66,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 27,76 Gb Free Space | 18,63% Space Free | Partition Type: NTFS
 
Computer Name: ************** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00106F6E-29AA-4F6A-B5F2-04A13DFEF6A5}" = RSDLite
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CC46434-C9F1-4091-9F45-DBCCF929543F}" = Opera 11.51
"{0E9905FD-6D7A-4506-BF99-8928F38F105F}_is1" = ICQ 6.5 Build #2024 Banner Remover 1.0
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{220688FD-4E64-4810-B31A-32C3895DFDFA}_is1" = Auto Shutdown
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555A05F8-4069-4503-8476-C8AE6DB7BD80}" = Anno 1404 Rechner
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62DAB694-358E-4C6F-82BF-26DA64B297A6}" = MorphVOX Pro
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AC9D9EA-5BB0-472E-9E3E-161A0616DB63}" = TSDoctor
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77BFC300-FFBB-4841-8A55-CAB7BAC68422}" = Elcomsoft Wireless Security Auditor
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = 
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABBACAD2-4DAF-490E-932B-E330B33FCF98}" = Softi FreeOCR
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B433B7D6-0A97-4ED4-BE64-863A0B3A0776}_is1" = YouFreeTV Version 0.02
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E20B2BBD-28B8-4378-97AD-C30F40ED13D2}" = Motorola Software Update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}" = IP Camera Adapter
"{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CCleaner" = CCleaner
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"cdrtools Frontend_is1" = cdrtfe 1.3.9
"CloneDVD2" = CloneDVD2
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00
"Football Manager 2011" = Football Manager 2011
"Foxit Reader" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GOM Player" = GOM Player
"Goodnight Timer_is1" = Goodnight Timer 1.1
"HaaliMkx" = Haali Media Splitter
"IE7Pro" = IE7Pro
"ImgBurn" = ImgBurn
"IsoBuster_is1" = IsoBuster 2.8.5
"JDownloader" = JDownloader
"Kyocera Product Library" = Kyocera Product Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MKV Player_is1" = MKV Player 1.0
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MPC Homecinema_is1" = MPC Homecinema
"MzGameAccelerator_is1" = Mz Game Accelerator
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"Polipo" = Polipo 1.0.4.1
"Port_Detective_2.0" = Port Detective
"PriceGong" = PriceGong 2.5.4
"ProInst" = Intel(R) PROSet/Wireless Software
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"S4Uninst" = Die Siedler IV
"Shockwave" = Shockwave
"Songbird-release-1438" = Songbird 1.4.3 (Build 1438)
"SopCast" = SopCast 3.3.2
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Tor" = Tor 0.2.1.30
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV" = Veetle TV 0.9.18
"Vidalia" = Vidalia 0.2.10
"VLC media player" = VLC media player 1.1.11
"VLC Setup Helper_is1" = VLC Setup Helper 4.05
"vShare" = vShare Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wisdom-soft Set up ASR 3.1 Free" = Wisdom-soft Set up ASR 3.1 Free
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"XSManager" = XSManager
"XTreme-G Drivers_is1" = XTreme-G 190.62m Vista Win 7 32bit
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GameRanger" = GameRanger
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.12.2011 06:00:55 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-11 10:00:55 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 11.12.2011 11:03:39 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-11 15:03:39 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 11.12.2011 15:42:53 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-11 19:42:53 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 11.12.2011 16:02:16 | Computer Name = incely-COMP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Launcher_Main.exe, Version: 13.30.1379.0,
 Zeitstempel: 0x4e457c4c  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0x80000003  Fehleroffset: 0x00033e2e  ID des fehlerhaften
 Prozesses: 0xef0  Startzeit der fehlerhaften Anwendung: 0x01ccb83fafdc5dca  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Logitech\LWS\Webcam Software\Launcher_Main.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 05e3ea4f-2433-11e1-bca6-00188bc92795
 
Error - 11.12.2011 19:31:03 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-11 23:31:03 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 12.12.2011 06:01:17 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-12 10:01:17 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 12.12.2011 14:12:18 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-12 18:12:18 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 12.12.2011 16:00:37 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-12 20:00:23 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 12.12.2011 19:44:23 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-12 23:44:10 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
Error - 13.12.2011 03:43:45 | Computer Name = incely-COMP | Source = PostgreSQL | ID = 0
Description = 2011-12-13 07:43:45 GMT FATAL:  bogus data in lock file "postmaster.pid":
 "" 
 
[ System Events ]
Error - 12.12.2011 13:53:13 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 13:55:19 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 13:55:19 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 13:55:19 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 14:00:19 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 14:00:19 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 14:00:19 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 14:02:27 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 14:02:27 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.12.2011 14:02:27 | Computer Name = incely-COMP | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---

Antwort

Themen zu TR/Crypt.XPACK.Gen3 Trojaner
ad-aware, antivir, autorun, avira, bho, bonjour, converter, desktop, document, downloader, excel.exe, firefox, free download, google, google earth, home, langs, limited.com/facebook, logfile, lws.exe, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, object, plug-in, preferences, registry, scan, security, senden, software, stick, studio, sweetim, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojane, trojaner, version=1.0, webcheck, windows




Ähnliche Themen: TR/Crypt.XPACK.Gen3 Trojaner


  1. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (13)
  2. Trojaner tr/crypt.xpack.gen3, Windows Vista
    Alles rund um Windows - 16.06.2015 (1)
  3. Trojaner TR/Crypt.XPACK.Gen3 auf meinem Computer
    Log-Analyse und Auswertung - 08.09.2014 (8)
  4. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  5. Trojaner TR/Crypt.XPACK.Gen3 auf Laptop, wie entfernen?
    Log-Analyse und Auswertung - 18.06.2013 (78)
  6. TR/Crypt.XPACK.Gen3 - Trojaner - DSL viel zu langsam
    Log-Analyse und Auswertung - 17.06.2013 (19)
  7. Avira Guard meldet TR/Crypt.XPACK.Gen3 - Trojaner
    Log-Analyse und Auswertung - 26.05.2013 (25)
  8. Trojaner TR/crypt.xpack.gen3 und TR/Fakealert.gbr324 nd gbr278
    Plagegeister aller Art und deren Bekämpfung - 23.05.2013 (1)
  9. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  10. TR/Crypt.XPACK.Gen3 Trojaner gefunden!
    Log-Analyse und Auswertung - 26.06.2011 (1)
  11. Trojaner TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 24.06.2011 (3)
  12. Trojaner TR/Crypt.XPACK.Gen3
    Log-Analyse und Auswertung - 09.06.2011 (17)
  13. Problem mit ein Trojaner TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (56)
  14. Antivir hat die Trojaner Tiny.psa, Dropper.Gen und Crypt.XPACK.Gen3 gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (3)
  15. Virus + Trojaner ( TR/Crypt.XPACK.Gen3 ?)
    Plagegeister aller Art und deren Bekämpfung - 19.10.2010 (0)
  16. Trojaner TR/Crypt.XPACK.Gen3 und TR/Agent.aym.2 in svchost.exe und shell.exe
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  17. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)

Zum Thema TR/Crypt.XPACK.Gen3 Trojaner - Hallo, ich habe seit gerade eben Probleme mit oben genannten Trojaner. Weiß auch aus welcher Datei er stammte... Hoffe ihr könnt mir helfen und sagen ob ich formatieren muss..... Danke - TR/Crypt.XPACK.Gen3 Trojaner...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen3 Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.