| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java-Scriptvirus JS/Decdec.pscWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.02.2012, 20:42
| #1 |
 |  Java-Scriptvirus JS/Decdec.psc Hallo! Als Ersteller von privaten Homepages habe ich dass Problem, dass vor kurzem ein paar der Seiten vom Javascript-Virus JS/Decdec.ps (Meldung aus Avira) heimgesucht wurden. Auf meinem PC wurde nichts gefunden! Also habe ich die Seiten gelöscht, neu beladen und alles war gut. Nach ca. 2 Wochen erneut Virenbefall! Kann ich mich vor neuem Befall irgendwie schützen? Wie soll ich prüfen, ob der Virus nicht doch auf meinem PC ist (Malwarebytes und Avira melden nichts)? Liegt das evtl. an einer alten Webdesigner-Software? Vielen Dank für einen Kontakt (hat mir schonmal sehr geholfen)! |
|
07.02.2012, 08:56
| #2 | |||
| /// Helfer-Team    | Java-Scriptvirus JS/Decdec.psc Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter Zitat:
Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
kira
__________________ |
|
07.02.2012, 20:34
| #3 |
| | Java-Scriptvirus JS/Decdec.psc Hallo und vielen Dank, dass Du Dich meines Problems annimmst
__________________ Dann wollen wir mal starten. Logfile HijackThis: Code:
ATTFilter HiJackthis Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.02.2012 20:25:46 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Stefan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,02% Memory free 4,23 Gb Paging File | 2,99 Gb Available in Paging File | 70,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,60 Gb Total Space | 178,38 Gb Free Space | 40,03% Space Free | Partition Type: NTFS Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32 Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe () PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe () PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\Program Files\Iminent\IMBooster\IMBooster.exe (Iminent) PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\afde06a0045b8eff499236a7a9d4115a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\84dc06c59f7bce1e6b0a1792ac24d60f\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\edf330ecd1bef0a27c0d74d6503c77f7\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5aed030616241447754922b488372ae3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe () MOD - C:\Program Files\Evernote\Evernote\libtidy.dll () MOD - C:\Program Files\Evernote\Evernote\libxml2.dll () MOD - C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Services.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll () MOD - C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe () SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (EUFS) -- C:\Windows\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (EUBAKUP) -- C:\Windows\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (EuDisk) -- C:\Windows\System32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (SKYNET) -- C:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 17:11:53 | 000,000,000 | ---D | M] [2011.04.01 22:15:34 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2010.12.21 23:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14729 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TrayServer] C:\MAGIX\Video_deluxe_2007_PLUS\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [hama.exe] C:\Users\Stefan\AppData\Roaming\Byotov\hama.exe File not found O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9) O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B37002-36E9-4A77-9DC4-D081363E3413}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F590491-063E-4E74-978F-82A33451A8F9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F076153C-EE15-41C0-8EB0-C3697B4B3D66}: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell - "" = AutoRun O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\Shell\AutoRun\command - "" = K:\PhotoViewerAP_V207.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.07 19:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.02.07 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.02.07 19:33:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.02.01 18:22:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2012.02.01 18:22:13 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Stefan\Desktop\MinecraftSP.exe [2012.01.23 22:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.01.23 22:47:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.01.23 22:47:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.01.23 22:47:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.01.20 19:31:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\dvdcss [2012.01.11 15:32:55 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 15:32:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 15:32:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 15:32:51 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.01.11 15:32:51 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.07 19:54:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.07 19:54:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.07 19:51:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.07 19:51:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.07 19:51:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.07 19:47:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.07 19:46:57 | 000,002,485 | ---- | M] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk [2012.02.07 19:43:57 | 000,000,160 | ---- | M] () -- C:\Users\Stefan\Desktop\Neue Internetverknüpfung.url [2012.02.07 19:37:16 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.07 19:33:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.02.06 21:02:48 | 000,604,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.06 19:14:18 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.06 19:11:54 | 000,000,926 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.02.06 19:11:54 | 000,000,906 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.21 11:13:22 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.21 11:13:22 | 000,607,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.21 11:13:22 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.21 11:13:22 | 000,108,406 | ---- | M] () -- C:\Windows\System32\perfc009.dat [10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.07 19:43:51 | 000,000,160 | ---- | C] () -- C:\Users\Stefan\Desktop\Neue Internetverknüpfung.url [2012.02.07 19:37:16 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.07 19:34:07 | 000,002,485 | ---- | C] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk [2012.01.23 16:38:52 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.11.20 16:35:13 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL [2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.07.13 13:24:53 | 000,038,433 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.04.04 18:15:27 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2 [2011.03.16 21:43:07 | 000,000,098 | ---- | C] () -- C:\Windows\Videodeluxe.INI [2011.03.13 13:33:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT [2011.03.04 18:11:40 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.03.04 18:11:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.01.23 14:19:04 | 000,038,426 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011.01.20 18:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini [2010.12.24 10:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2010.09.29 22:29:14 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat [2010.09.27 20:44:34 | 000,006,138 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin [2010.08.22 15:45:41 | 000,139,152 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PnkBstrK.sys [2010.08.22 15:45:41 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.08.22 15:45:23 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.08.22 15:45:19 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.08.22 15:45:19 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.02.23 19:17:08 | 000,103,951 | ---- | C] () -- C:\Windows\System32\dtnet.dat [2009.11.09 21:26:45 | 000,038,425 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2009.07.01 14:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.01 14:55:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.02.22 14:54:02 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.24 19:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.12.13 01:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Default.PLS [2008.09.24 19:30:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.07 16:37:52 | 000,067,616 | ---- | C] () -- C:\Windows\unTMV.exe [2008.07.12 17:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat [2008.05.27 18:12:09 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini [2008.04.02 15:00:56 | 000,000,557 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\TheLastRipper.xml [2008.03.31 20:49:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.03.19 17:41:12 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll [2008.03.15 19:55:36 | 000,091,136 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.02 23:05:12 | 000,000,480 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.02.22 20:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.22 13:44:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat [2008.02.22 13:33:27 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.16 14:05:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.01.16 14:05:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.01.14 13:02:18 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.01.14 10:59:00 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.12.12 16:49:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.12.12 14:45:55 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.04.24 12:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll [2006.11.02 16:33:31 | 000,642,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,131,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,604,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,607,030 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,108,406 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.10.20 23:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll [2005.09.01 15:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC < End of report > [/CODE] Logfile Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.02.2012 20:25:46 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,02% Memory free
4,23 Gb Paging File | 2,99 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 178,38 Gb Free Space | 40,03% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0201F59C-2A42-4168-B6B3-0742E5C310B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0C374FB5-C899-43F0-8440-CEF2C997466A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1518B4B1-47F0-454E-870F-A83E43BB0003}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{16CA8772-9CFC-4479-AB82-F3D0EDB737DE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1AAFA3D1-57AC-45D2-B1EC-0E67FE66E630}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1F6033E4-9018-4FFD-9DE0-AB3C2B32C051}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F7A2B43-39B1-4595-9BD3-E9DF6500598B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{22E5DAEB-6EF8-4768-9FE9-02A3C9CF0BD0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{239A7D70-29B6-4EFE-A9DD-E931FEF69E24}" = rport=137 | protocol=17 | dir=out | app=system |
"{3093077A-A4DA-446A-B8A6-56926CE9987D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{327B40F8-3A96-41DD-98EF-975A84E152E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32DA4576-3502-4566-A3F7-20C9D8BE930C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43AC3E41-E303-413C-85B8-0575B0532089}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A22D451-B80E-444F-BD57-CF3659A1AD5E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{64DD3AA3-6C78-468F-8C19-062A97787F6D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6C7ABAEA-94EC-4F40-A78E-F2E7FF53D3EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6D4368A2-515B-4932-B719-1184C7752B63}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6F30EEAC-6DBD-40E4-9596-39696C3F6C39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{715CA0D4-A98F-401B-AC78-89ECBDB349D3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{74808D74-C2BD-4A44-AC30-791CD7B9F552}" = lport=139 | protocol=6 | dir=in | app=system |
"{74DA62FC-0629-4CA1-8A0F-3292C621547D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76021415-672B-4BCA-B811-AC4BD3D956FB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76BB8A26-5137-4959-91DE-A544DE014778}" = rport=445 | protocol=6 | dir=out | app=system |
"{7951D290-6C16-4660-AA11-BE856F384E45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D9972D8-4A7D-4060-9BCD-BAB3A90EAEE9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7F51410D-E049-4FCF-99EE-85CF9E5E2E70}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8446FBC6-5150-4991-93EC-2EC0AD81ED96}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{87E96F97-35F1-41E9-B390-7949D1AADBEA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8A2810D4-2EE8-4E4C-8BD0-FE761B7D7D28}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{90119939-426B-49D7-97BC-0DAC63F39D81}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{96D3B22B-7AB5-4ECA-BB09-B0B3AFF16731}" = lport=137 | protocol=17 | dir=in | app=system |
"{ABE7A324-DFA9-488A-9D24-30BE2C720CCD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BAAAAAD3-4046-4A38-8385-980E90373444}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{BEA55080-9409-4E50-A6EF-F28CE67A7FA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C104868A-E41F-430A-9A0E-71F1C19D55E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD8C93B5-C428-4F8F-927B-D47E4C143769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE171572-4743-471A-8A63-D11154E857C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC7832DF-1DED-4986-8BDA-95898C853F85}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1DDFF17-B9F2-4235-B371-141B01438809}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC58C0F7-580D-431C-9D23-11321A42056D}" = lport=138 | protocol=17 | dir=in | app=system |
"{FDF1D35E-458B-4BC7-83F5-B651D7D99EC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FDF91233-0723-477B-BD79-CBF101054E7E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D254ED-9826-4CF1-ACD8-D1732D481C7A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08488E07-A207-42AB-8C3C-6234D4396596}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{11320A4E-C369-4050-9037-652326A3953B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15AD1714-57F8-45D4-BB36-38FB0005CA13}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{17928989-23AD-45A1-B328-F4E7B48D9D42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{180BC910-87AD-4BE4-9CF0-4CD1A942FE0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1C29A5E9-1F6B-4E23-801C-EA30A51E1972}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C37DE41-E3BF-427A-9BE5-6ECA3FAE25FB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1D5A908B-8BFA-4831-A11F-3D1430B9C6D7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2825FD05-8E9E-4F6B-991E-5CFEEA5F841E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E46EB3C-480D-4D0E-AF80-572C3B12DE95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EC05C3B-AF24-4E33-BFFE-7081C60BF964}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2EDF8A3C-2FCF-40D4-8DBB-3DEBD09C146C}" = protocol=6 | dir=in | app=c:\program files\lgnas\nasdetector\nasdetector.exe |
"{2FFBBAFD-24F9-491A-9C9B-5C53047559C5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{36AB7289-69E8-4406-9ACB-D849CBC89157}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{395C9D7B-C4AC-454E-A9C9-A27ED810A8B6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CDFB4C1-B800-4D04-B0AE-36EFC87CB051}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D8EA1C3-8B1D-4F13-B5E2-ED0336057A24}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F95A07C-1F03-4610-A52B-9F5856D9DFC8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4130BA16-172C-4907-9EAD-6444ECE778FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41CB5248-31AC-40D4-B543-E959845B6369}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4223D670-0C76-493C-97FC-48EDAD66CD39}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{436C73AB-F50A-42DC-909C-357E7BACD274}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A6A6F1F-946A-475C-92C2-04682888C7A9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B126F9E-065A-470F-9C57-52CB0D311214}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4BE09AE3-8CEA-4D5A-83F6-9B259977B5A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4C920248-1C27-42F6-A992-8940750818D0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4EDAAC79-8CE8-4EDC-89B4-5A453A79A54C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5296BD95-B0C9-41C8-892E-4EBDD6228956}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55769CE4-6FD5-4D49-AA8A-2F6497F362AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5FE68731-57D6-4BBE-A189-4CDD3DEB8EA4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{637E056F-BB80-44AA-83D0-18D13BC5D005}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6A7CB09F-4801-48DC-BAFA-6BD594F30F17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6D6E7386-1D55-459D-928F-B099D1F5CDD8}" = protocol=6 | dir=in | app=c:\program files\iminent\imbooster\imbooster.exe |
"{6F3ECAFA-4177-48A7-94A8-6B6DAE4F9A2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7011A1BC-C5F3-4374-81B3-81493CD9B1C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{705A9499-0508-4DB6-A0DA-B07CB757CB71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{712F08D0-B161-4F7E-B97A-01B05C400584}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7329836A-FF09-48A1-85E6-9FCE61342786}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74DC73B1-AEAB-46BE-AF7B-9676ADA91C79}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{75D38908-D88F-4BCD-8673-ACBA9F14C821}" = protocol=6 | dir=out | app=c:\program files\iminent\mmserver\iminent.mmserver.exe |
"{79B7172D-5A63-4FD2-A06D-789F731AABD2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7BE8CB32-F8AF-44F9-9EB4-CA3F3D28B706}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C352E82-A9AE-4161-A086-6A7FDB17CB58}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{82CCB4E1-227E-431E-8A38-6A6F97BE8229}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8365281E-FE34-4F34-ACFC-BB8639624FBE}" = protocol=6 | dir=in | app=c:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe |
"{8A7CBBDB-F778-4169-9CF9-06BE3DB69BB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8AAAE017-0EEE-4EFE-BEE9-AD38B6809B3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F8628ED-03FB-459A-9828-7FAF30B5029F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8FEA870F-A015-41D5-B12C-B48681121F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90CFDA12-EC19-4C9C-93BD-4D5F0DF0B93C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{91279B02-AC12-4F1E-9045-79C9BDED63A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9170DEBD-144B-42BF-92FB-5492B0B97876}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{92DAADF2-E286-41EA-AD09-4CE91022D5AF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{977C7884-AED8-430E-9144-1338B53EBDAC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{98C48465-0D56-46F2-AFBA-4F1826F61E23}" = protocol=17 | dir=in | app=c:\program files\lgnas\nasdetector\nasdetector.exe |
"{9B0936E0-523C-4AB4-982B-4BB8AC559731}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CC6AE99-3770-4BD5-ABE1-8B0C4E4DCB8A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F4A847F-D43B-42E3-AD21-5688C065B128}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{A1CC2240-AEF8-4204-B042-CD1095CC280D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A25973C6-12CF-4C19-AF17-86BDFB75B5B8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3732A94-E176-4A4F-B187-D744E879CF77}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{A76CDABD-2FB8-43DE-80E2-B8BD9FC372FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8109008-5F0E-46FF-9DAC-D1CBCEFC9376}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A90B3C99-CF4F-4544-835B-9E8BDA060145}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{A9DBA0F3-E2BF-4D3F-9A76-39C9A0947EBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC3A0640-F4C2-4B7E-B8B4-413A71852736}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC9635B3-D98E-4D91-8B97-2CD66B5783E8}" = protocol=6 | dir=out | app=c:\program files\iminent\imbooster\imbooster.exe |
"{B1747447-BF0E-422B-B6B7-E4A8E68AF401}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2853FF3-0A8E-43D7-8CC4-3219CF3221C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B40D92F6-73DA-4845-BCCB-426269BC6EEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B628B371-F445-49D8-B181-97125F42E99E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BAB63DAB-B2DE-4371-AE2E-135634F56F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC894A4C-B3BD-4CB5-9063-20D69D9E44FA}" = protocol=6 | dir=in | app=c:\program files\iminent\mmserver\iminent.mmserver.exe |
"{BEB7F258-7ED2-46F9-ADA2-9A07451B427C}" = protocol=6 | dir=in | app=c:\users\stefan\downloads\landmaschinen2011\sweetimsetup.exe |
"{C2E53F8F-64CD-49C6-8D66-3CDF0F739606}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C2E57F66-7940-429E-8FF5-CBF18FB5B1E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C3A4033A-3F0F-419C-ACE5-BEC637D3D1DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C58D1DCD-EE4E-4840-8553-81311D85DC70}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C663D907-5F36-46D4-891B-2F9126AD1BE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C6D3DF86-C56D-4A0D-A9B7-451108644B9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCA07642-C99D-461B-990F-A2E81292271F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CDE31234-C3CC-45AB-BAF1-08B2356C4393}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D089D7B7-95C5-4821-8AB4-9D5021A0F7C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D3EF62A3-F4B2-4A3C-AC80-B64A40991BF1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D565D3CA-4C44-4462-98CD-C71E9E5292B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8286C37-31A3-456B-96E7-51C01B820700}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D9B3EA17-0C0D-45BD-8AF6-4EA77EA2F314}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC69D7D6-C91D-4829-87D1-360A048FD903}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF221089-7BD5-46C6-A634-E80D1DF92CE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E635663D-12F6-4FC4-8DC2-12AA1BBF5A15}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8B60ED1-4A67-43E2-A373-8193F101C35E}" = protocol=17 | dir=in | app=c:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe |
"{E8B6F1F3-99E0-471C-8124-940E991DDC39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{F1CE6CA0-8BDB-4DFA-BBA9-872AA517DDC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F315DCD3-0B59-4F42-9BE3-B66552AAA5F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F620B9FB-98CB-4821-8A5F-5BB2D90E42D4}" = protocol=17 | dir=in | app=c:\users\stefan\downloads\landmaschinen2011\sweetimsetup.exe |
"{F6548B0C-5362-4354-AF36-28E59F03792C}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{F66CB2D4-D35C-45CD-8E6F-E2EC92917714}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F96A2944-D4AF-453E-A674-38E75BBA035C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FAE6C358-C4A9-4B18-92D4-4665779AE73D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FC52596E-010B-41B6-81A0-33F919895C11}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{10ECA3A8-B5F2-4F81-8B66-DBF220F8976F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{3B497CA2-34F2-46FD-825C-CDD8F6340BFB}C:\team17\worms2\frontend.exe" = protocol=6 | dir=in | app=c:\team17\worms2\frontend.exe |
"TCP Query User{412001A3-3FF8-428D-8B53-A4274F1BA699}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4EF09714-D2F2-4879-9159-F27352479B1C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{549B736E-6DC4-4FD9-BBB2-1B6752134463}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{B67DBBF1-ACE6-4D5E-BE22-3BBEB8B1037D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C42D7F3E-7804-4177-8A1C-0940A55A7379}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{CF8E1166-9340-4BA5-BBD1-3DDDAA12375C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{D01091A6-C9CC-4242-BC86-3899BCA700A7}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{D33545E8-764C-4394-AFED-5AC272B6F744}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E43557DA-AF16-421B-A49A-415280A38953}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{EB6A1FF4-4C10-49E9-ACF9-B57380E9C389}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{ED9E25E4-1781-49F9-B0B6-43F5300E3B25}C:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{01E375B9-E3CB-460A-B3A6-27EE354E1077}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{0683E01C-8237-41D2-A849-0EE87465F524}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{11730B34-FDDE-4A85-AFA0-DEC333F78C5B}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{1D131489-9A37-40E8-872C-75D3246BFD3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{377AA072-31ED-4073-86F2-4065960F001E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{3CAB603B-C142-47B7-B07A-17AC38774F05}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{437BE1CB-487A-434B-B399-FE4C0403B89D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{4FF3F819-CF78-4F6C-B58F-7924EBFEE8DA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{5001422C-26EE-4188-8334-0DC78F453230}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{55862774-3A6E-498E-B9A1-AD30B2581E67}C:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{724EED51-F6B8-4BA0-A49D-F1675AB8C270}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{AEF77A85-1C1D-4899-A3D6-8FE8D0556E34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E7585E13-A285-46CD-A494-941D998BC189}C:\team17\worms2\frontend.exe" = protocol=17 | dir=in | app=c:\team17\worms2\frontend.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{241E9E85-7173-4AEC-9EE4-82A205EE6075}" = Application Suite
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59DC43FF-8F26-40B2-A566-C69C9457BF7D}" = Moorhuhn Soccer
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81388290-5DFA-493E-83D6-244B652DE5AA}" = LG NASDetector
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A05BD6BC-4710-402C-8BF3-B72A09119AE5}" = Doodle Outlook Plugin
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-12-16
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}" = Motorola Mobile Drivers Installation 5.1.0
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4BA029E-0303-48D2-B9F9-2763D468DC64}" = MainConcept DTV Decoder Standard
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E38DA569-3CC2-4E9A-BAE2-77D9295DE734}" = Motorola Software Update
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.22
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F33D9B-49B4-4D17-B1D9-CA16E9E65062}" = Iminent
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.4.2
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCon" = AudioCon
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AudioNoise_is1" = AudioNoise 1.3.2
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bagger-Simulator 2008" = Bagger-Simulator 2008
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Catan - Das Kartenspiel MMP" = Catan - Das Kartenspiel MMP
"Catan Online Welt" = Catan Online Welt
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeWallet Pro 2006 Desktop Companion" = CodeWallet Pro 2006 Desktop Companion
"CodeWallet Pro 2006 for Windows Mobile" = CodeWallet Pro 2006 for Windows Mobile
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DVBViewer_is1" = DVBViewer Technisat Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.3.1117
"Free Monitor for Google_is1" = Free Monitor for Google 2.4
"Free Video Dub_is1" = Free Video Dub version 2.0.0.1117
"Free Video to Android Converter_is1" = Free Video to Android Converter version 2.2.17.324
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.0.1117
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.19.324
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IMBoosterARP" = Iminent
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 (D)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)
"MAGIX Video deluxe 2007 PLUS D" = MAGIX Video deluxe 2007 PLUS (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MotoHelper" = MotoHelper 2.0.46 Driver 5.0.0
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"ResInfo" = WR-Tools ResInfo
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"Scriptdoc" = Windows Script V5.6 Dokumentation
"SuperMailer" = SuperMailer 5.00
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Vistumbler" = Vistumbler
"VLC media player" = VLC media player 1.1.8
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"Worms2" = Worms2
"X10Hardware" = X10 Hardware(TM)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2010 14:45:24 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul SearchSpider.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x49272c86, Ausnahmecode 0xc0000005, Fehleroffset 0x02763568, Prozess-ID 0x1d0,
Anwendungsstartzeit 01cadcca5a99b4cd.
Error - 15.04.2010 14:45:28 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00039747, Prozess-ID 0x7ec, Anwendungsstartzeit
01cadcca6070c32d.
Error - 15.04.2010 15:50:56 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 15.04.2010 15:50:56 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.04.2010 10:25:21 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.04.2010 10:25:21 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 16.04.2010 10:28:32 | Computer Name = Stefan-PC | Source = Windows Search Service | ID = 3024
Description =
Error - 17.04.2010 03:49:48 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.04.2010 03:49:48 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.04.2010 05:13:49 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x0003969b, Prozess-ID 0x17d8, Anwendungsstartzeit
01cade0e3dbc4d93.
[ OSession Events ]
Error - 13.11.2009 15:57:09 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
seconds with 120 seconds of active time. This session ended with a crash.
Error - 10.08.2010 17:24:37 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.10.2010 13:03:25 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 380
seconds with 120 seconds of active time. This session ended with a crash.
Error - 05.01.2011 17:29:30 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 142
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.01.2012 13:29:03 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 20.01.2012 14:19:41 | Computer Name = Stefan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.01.2012 14:20:58 | Computer Name = Stefan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.01.2012 14:22:14 | Computer Name = Stefan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 20.01.2012 14:22:45 | Computer Name = Stefan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 23.01.2012 11:11:36 | Computer Name = Stefan-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
Error - 23.01.2012 16:50:27 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 26.01.2012 15:37:16 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description =
Error - 06.02.2012 16:02:50 | Computer Name = Stefan-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP DeskJet 970Cxi nicht unter
dem Namen HP DeskJet 970Cxi freigeben. Fehler: 2114. Der Drucker kann nicht von
anderen Benutzern im Netzwerk verwendet werden.
Error - 06.02.2012 16:02:50 | Computer Name = Stefan-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker CIB pdf brewer nicht unter dem
Namen CIB pdf brewer freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
< End of report >
[/CODE] |
|
07.02.2012, 20:35
| #4 |
| | Java-Scriptvirus JS/Decdec.psc Hier der Rest! Ccleaner Installierte Programme Code:
ATTFilter 7-Zip 9.20 05.02.2012 2,86MB AAVUpdateManager Akademische Arbeitsgemeinschaft 19.02.2011 18,5MB 15.00.0000 Adobe AIR Adobe Systems Incorporated 05.02.2012 30,1MB 2.7.0.19530 Adobe Community Help Adobe Systems Incorporated. 05.02.2012 5,70MB 3.4.980 Adobe Download Assistant Adobe Systems Incorporated 05.02.2012 2,91MB 1.0.2 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 05.02.2012 11.1.102.55 Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 15.06.2011 165,3MB 10.1.0 Adobe Shockwave Player 11 Adobe Systems, Inc. 05.02.2012 11 Adobe Widget Browser Adobe Systems Incorporated. 05.02.2012 2,18MB 2.0 Build 230 AGEIA PhysX v7.11.13 AGEIA Technologies, Inc. 26.08.2011 99,7MB 7.11.13 Amazon MP3-Downloader 1.0.9 05.02.2012 1,67MB Application Suite 05.02.2012 0,78MB AudioCon Basement Softworks 05.02.2012 1,71MB 1.0 Audiograbber 1.83 SE Audiograbber Deutschland 28.12.2009 1.83 SE Audiograbber Lame-MP3-Plugin AG 05.02.2012 4,63MB 1.0 AudioNoise 1.3.2 Marc Scherer 10.11.2011 0,98MB Avidemux 2.5 05.02.2012 33,3MB 2.5.4.6714 Avira Free Antivirus Avira 05.02.2012 162,2MB 12.0.0.872 AVM FRITZ!Box Dokumentation AVM Berlin 05.02.2012 4,73MB AVM FRITZ!Box Druckeranschluss AVM Berlin 05.02.2012 Bagger-Simulator 2008 05.02.2012 139,5MB Canon CanoScan Toolbox 5.0 05.02.2012 8,88MB CanoScan LiDE 70 05.02.2012 Catan - Das Kartenspiel MMP Catan GmbH 05.02.2012 2.0 Catan Online Welt Catan GmbH 05.02.2012 210MB 3.576 CCleaner Piriform 06.02.2012 3,60MB 3.15 CIB pdf brewer 2.5.22 CIB software GmbH 04.01.2009 11,6MB 2.5.22 CodeWallet Pro 2006 Desktop Companion Developer One 05.02.2012 4,48MB 6.60 CodeWallet Pro 2006 for Windows Mobile Developer One 05.02.2012 4,35MB 6.51 Compatibility Pack für 2007 Office System Microsoft Corporation 16.12.2011 12.0.6612.1000 CorelDRAW Graphics Suite 11 Corel Corporation 09.01.2011 228MB 11 Designer 2.0 fotobuch.de AG 09.01.2010 48,5MB 7.7.7 Digital Image Recovery 1.47 Alexander Grau 05.02.2012 0,82MB DivX-Setup DivX, LLC 05.02.2012 3,53MB 2.6.1.5 dm-Fotowelt 05.02.2012 303MB Doodle Outlook Plugin Doodle AG 03.10.2009 1,18MB 1.0.20 DriveImage XML (Private Edition) Runtime Software 05.02.2012 3,05MB 2.22 Dropbox Dropbox, Inc. 05.02.2012 25,4MB 1.2.51 DVBViewer Technisat Edition CM&V 03.02.2011 3,56MB DVD Flick 1.3.0.7 Dennis Meuwissen 22.02.2011 43,2MB 1.3.0.7 EASEUS Todo Backup Home 2.0 CHENGDU YIWO Tech Development Co., Ltd 12.03.2011 111,6MB 2.0.0.1 Evernote v. 4.4.2 Evernote Corp. 01.08.2011 139,1MB 4.4.2.4912 Firebird SQL Server - MAGIX Edition MAGIX AG 15.01.2008 6,57MB 2.0.1.8 Free Audio CD Burner version 1.4.8 DVDVideoSoft Limited. 28.05.2011 3,15MB Free DVD Video Burner version 3.1.3.1117 DVDVideoSoft Ltd. 21.11.2011 10,4MB Free Monitor for Google 2.4 CleverStat 24.04.2009 2,42MB Free Video Dub version 2.0.0.1117 DVDVideoSoft Ltd. 21.11.2011 2,54MB Free Video to Android Converter version 2.2.17.324 DVDVideoSoft Limited. 05.04.2011 2,97MB Free Video to DVD Converter version 5.0.0.1117 DVDVideoSoft Ltd. 21.11.2011 11,3MB Free Video to MP3 Converter version 4.2.19.324 DVDVideoSoft Limited. 15.04.2011 3,07MB Free WAV to MP3 Converter Polaris-Software.com 05.02.2012 13,4MB 1.17 Free YouTube Download version 2.10.33.324 DVDVideoSoft Limited. 31.03.2011 3,55MB Free YouTube to MP3 Converter version 3.9.38.517 DVDVideoSoft Limited. 28.05.2011 4,12MB Google Earth Google 17.11.2011 92,8MB 6.1.0.5001 GPL MPEG-1/2 DirectShow Decoder Filter Peter Wimmer 30.10.2011 0,25MB 0.1.2 HiJackThis Trend Micro 06.02.2012 0,36MB 1.0.0 Iminent Iminent 05.02.2012 16,4MB 4.10.0.0 InterActual Player 05.02.2012 3,63MB IrfanView (remove only) Irfan Skiljan 05.02.2012 1,93MB 4.27 Java(TM) 6 Update 30 Oracle 28.09.2010 94,9MB 6.0.300 Juniper Networks Host Checker Juniper Networks 05.11.2011 8,13MB 7.1.0.19243 Juniper Networks, Inc. Setup Client Juniper Networks, Inc. 05.11.2011 1,67MB 7.1.4.13103 Landwirtschafts Simulator 2008 astragon Software GmbH 26.08.2011 72,9MB Landwirtschafts Simulator 2011 GIANTS Software 10.11.2011 774MB 1.0 LetsTrade Komponenten 05.02.2012 19,6MB LG NASDetector LG Electronics Inc. 31.08.2011 5,14MB 1.00.0000 Logitech Harmony Remote Software Logitech 26.02.2011 0,69MB 0.6.0201 Logitech Webcam Software Logitech Inc. 05.02.2012 2.0 Macromedia Dreamweaver MX 2004 Macromedia 05.02.2012 146,9MB 7.0 Macromedia Extension Manager Macromedia 05.02.2012 3,76MB 1.5 Macromedia Fireworks MX 2004 Macromedia 05.02.2012 45,1MB 7 MAGIX Foto Clinic 5.5 (D) MAGIX AG 15.03.2011 11,1MB 5.5.23.0 MAGIX Foto Manager 2007 (D) MAGIX AG 15.03.2011 114,6MB 4.0.1.161 MAGIX Goya burnR (D) MAGIX AG 15.03.2011 33,8MB 1.3.0.9 MAGIX Music Manager 2006 (D) MAGIX AG 15.03.2011 46,2MB 7.2.0.133 MAGIX Online Druck Service (D) MAGIX AG 15.03.2011 9,41MB 2.3.2.0 MAGIX Video deluxe 2007 PLUS (D) MAGIX AG 15.03.2011 3.222MB 6.5.0.23 MainConcept DTV Decoder Standard MainConcept AG 06.04.2008 7,60MB 1.1.15295.1 MakeDisc CyberLink Corp. 05.02.2012 101,3MB 3.0.2203 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 05.02.2012 4,80MB 1.60.1.1000 MCE Software Encoder 1.1 CyberLink Corporation 05.02.2012 1,32MB 1.1.0.1918 MediaShow CyberLink Corporation 05.02.2012 33,1MB 3.0.4325 Microsoft .NET Framework 1.1 05.02.2012 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 05.02.2012 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 05.02.2012 27,8MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 05.02.2012 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 05.02.2012 24,5MB 4.0.30319 Microsoft Office Enterprise 2007 Microsoft Corporation 05.02.2012 472MB 12.0.6612.1000 Microsoft Office File Validation Add-In Microsoft Corporation 13.09.2011 7,92MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 05.02.2012 300MB 12.0.6612.1000 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 16.12.2011 12.0.6612.1000 Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 03.09.2011 7,77MB 8.0.50727.42 Microsoft Silverlight Microsoft Corporation 11.10.2011 4.0.60831.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 27.07.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.59193 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 27.07.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 26.02.2011 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 09.07.2011 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.03.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 14.05.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 15.10.2011 12,3MB 10.0.40219 Microsoft Works Microsoft Corporation 16.12.2010 9.7.0621 Moorhuhn Soccer 05.02.2012 21,7MB 1.00.0000 MotoHelper 2.0.46 Driver 5.0.0 Motorola 05.02.2012 2,65MB 2.0.46 Motorola Software Update Motorola 12.06.2011 58,6MB 01.16.10 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 12.12.2007 1,27MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 08.01.2008 1,27MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.11.2008 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 MSXML 4.0 SP3 Parser Microsoft Corporation 21.07.2011 1,48MB 4.30.2100.0 MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 23.07.2011 1,54MB 4.30.2107.0 MyPhoneExplorer F.J. Wechselberger 05.02.2012 11,1MB 1.8.0 Nero 8 Essentials Nero AG 13.01.2008 1.536MB 8.2.87 Nero BackItUp Nero AG 03.09.2011 101,3MB 5.2.24001 Nero BackItUp and Burn Nero AG 03.09.2011 318MB 1.2.0031.1 Nero BurnRights Nero AG 03.09.2011 4,36MB 3.6.26001 Nero Express Nero AG 03.09.2011 197,3MB 9.6.16000 Nero RescueAgent Nero AG 03.09.2011 5,19MB 2.6.26000 NVIDIA Drivers 05.02.2012 Picasa 3 Google, Inc. 05.02.2012 56,9MB 3.8 PL-2303 USB-to-Serial Prolific Technology INC 19.11.2010 2,37MB 1.3.0 PowerDirector CyberLink Corp. 08.01.2008 233MB 6.5.2209a PowerDVD CyberLink Corporation 05.02.2012 87,2MB 7.0.3118.0 PowerProducer 05.02.2012 190,2MB Pro Evolution Soccer 2012 DEMO KONAMI 20.09.2011 1.439MB 1.00.0000 PunkBuster Services Even Balance, Inc. 05.02.2012 0.987 QuickTime Apple Inc. 13.01.2008 76,9MB 7.3.1.70 RealPlayer RealNetworks 05.02.2012 46,3MB Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.12.2007 15,6MB 6.0.1.5512 Rossmann Fotoservice 26.09.2010 14,6MB Rossmann Online Print Wizard Installer 1.0 05.02.2012 0,68MB SIW version 2008-12-16 Topala Software Solutions 21.02.2009 2,45MB 2008.12.16 Skype™ 5.5 Skype Technologies S.A. 19.11.2011 19,1MB 5.5.124 Steuer-Spar-Erklärung 2008 Akademische Arbeitsgemeinschaft 26.05.2008 155,0MB 13.01.0000 Steuer-Spar-Erklärung 2009 Akademische Arbeitsgemeinschaft Verlag 25.05.2009 265MB 14.01.0000 Steuer-Spar-Erklärung 2010 Akademische Arbeitsgemeinschaft Verlag 26.09.2010 15.13 Steuer-Spar-Erklärung 2011 Akademische Arbeitsgemeinschaft Verlag 29.08.2011 16.14 SuperMailer 5.00 05.02.2012 18,5MB SweetIM for Messenger 3.6 SweetIM Technologies Ltd. 10.11.2011 4,76MB 3.6.0002 SweetIM Toolbar for Internet Explorer 4.2 SweetIM Technologies Ltd. 10.11.2011 4,13MB 4.2.0004 TechniSat DVB-PC TV Star TechniSat 03.02.2011 4,04MB 4.3.3 TmNationsForever Nadeo 29.06.2010 717MB Ulead PhotoImpact 12 Ulead System 05.02.2012 389MB 12.0 Uninstall 1.0.0.1 28.05.2011 20,6MB Unity Web Player Unity Technologies ApS 16.09.2010 80,00KB 2.6.1f3_31223 Vistumbler 05.02.2012 6,81MB VLC media player 1.1.8 VideoLAN 05.02.2012 78,1MB 1.1.8 Windows Mobile-Gerätecenter Microsoft Corporation 30.03.2008 27,5MB 6.1.6965.0 Windows Mobile-Gerätecenter: Treiberupdate Microsoft Corporation 30.03.2008 42,4MB 6.1.6965.0 Windows Mobile-Ressourcen Microsoft Corporation 05.02.2012 7,20MB 1.0 Windows Script V5.6 Dokumentation 05.02.2012 WinZip 15.0 WinZip Computing, S.L. 12.06.2011 36,2MB 15.0.9411 WISO Mein Geld 2008 Professional Buhl Data Service GmbH 13.01.2008 167,5MB 9.00.01.0023 Worms2 05.02.2012 46,9MB WR-Tools ResInfo 05.02.2012 X10 Hardware(TM) 05.02.2012 28,00KB Stefan |
|
08.02.2012, 09:24
| #5 |
| /// Helfer-Team | Java-Scriptvirus JS/Decdec.psc 1. nicht empfohlen, ich würde deinstallieren (Magnet für Malware) : unter `Systemsteuerung -->Software -->Ändern/Entfernen...` Code:
ATTFilter SweetIM for Messenger
SweetIM Toolbar for Internet Explorer
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. erneut einen Systemscan mit OTL
4. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 5. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
08.02.2012, 22:18
| #6 |
| | Java-Scriptvirus JS/Decdec.psc hallo! vielen dank für die tolle betreuung. bin heute leider nur zu den punkten 1 und 2 gekommen. morgen abend mache ich weiter... stefan Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.08.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Stefan :: STEFAN-PC [Administrator] 08.02.2012 19:09:09 mbam-log-2012-02-08 (19-09-09).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 527291 Laufzeit: 2 Stunde(n), 53 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
09.02.2012, 22:40
| #7 |
| | Java-Scriptvirus JS/Decdec.psc Und weiter... OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.02.2012 22:31:13 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Stefan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,68% Memory free 4,24 Gb Paging File | 3,16 Gb Available in Paging File | 74,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,60 Gb Total Space | 176,47 Gb Free Space | 39,60% Space Free | Partition Type: NTFS Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32 Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe () PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe () PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.) PRC - C:\Program Files\Iminent\IMBooster\IMBooster.exe (Iminent) PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) PRC - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\afde06a0045b8eff499236a7a9d4115a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\84dc06c59f7bce1e6b0a1792ac24d60f\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\edf330ecd1bef0a27c0d74d6503c77f7\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5aed030616241447754922b488372ae3\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll () MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll () MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe () MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe () MOD - C:\Program Files\Evernote\Evernote\libtidy.dll () MOD - C:\Program Files\Evernote\Evernote\libxml2.dll () MOD - C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Services.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll () MOD - C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll () MOD - C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe () SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd) SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (EUFS) -- C:\Windows\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (EUBAKUP) -- C:\Windows\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (EuDisk) -- C:\Windows\System32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (SKYNET) -- C:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 17:11:53 | 000,000,000 | ---D | M] [2011.04.01 22:15:34 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2010.12.21 23:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14729 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TrayServer] C:\MAGIX\Video_deluxe_2007_PLUS\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [hama.exe] C:\Users\Stefan\AppData\Roaming\Byotov\hama.exe File not found O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9) O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B37002-36E9-4A77-9DC4-D081363E3413}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F590491-063E-4E74-978F-82A33451A8F9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F076153C-EE15-41C0-8EB0-C3697B4B3D66}: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell - "" = AutoRun O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\Shell\AutoRun\command - "" = K:\PhotoViewerAP_V207.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.08 19:07:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.02.07 19:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.02.07 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.02.07 19:33:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.02.01 18:22:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2012.02.01 18:22:13 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Stefan\Desktop\MinecraftSP.exe [2012.01.23 22:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.01.23 22:47:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.01.23 22:47:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.01.23 22:47:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.01.20 19:31:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\dvdcss [2012.01.11 15:32:55 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.01.11 15:32:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 15:32:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 15:32:51 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.01.11 15:32:51 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.09 22:27:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.09 22:26:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.09 22:26:55 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.09 22:26:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.08 22:21:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.02.08 21:54:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.07 19:46:57 | 000,002,485 | ---- | M] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk [2012.02.07 19:43:57 | 000,000,160 | ---- | M] () -- C:\Users\Stefan\Desktop\Neue Internetverknüpfung.url [2012.02.07 19:37:16 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.07 19:33:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.02.06 21:02:48 | 000,604,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.06 19:14:18 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.06 19:11:54 | 000,000,926 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk [2012.02.06 19:11:54 | 000,000,906 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.21 11:13:22 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.21 11:13:22 | 000,607,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.21 11:13:22 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.21 11:13:22 | 000,108,406 | ---- | M] () -- C:\Windows\System32\perfc009.dat [10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.07 19:43:51 | 000,000,160 | ---- | C] () -- C:\Users\Stefan\Desktop\Neue Internetverknüpfung.url [2012.02.07 19:37:16 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.07 19:34:07 | 000,002,485 | ---- | C] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk [2012.01.23 16:38:52 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.11.20 16:35:13 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL [2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.07.13 13:24:53 | 000,038,433 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.04.04 18:15:27 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2 [2011.03.16 21:43:07 | 000,000,098 | ---- | C] () -- C:\Windows\Videodeluxe.INI [2011.03.13 13:33:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT [2011.03.04 18:11:40 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.03.04 18:11:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.01.23 14:19:04 | 000,038,426 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011.01.20 18:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini [2010.12.24 10:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2010.09.29 22:29:14 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat [2010.09.27 20:44:34 | 000,006,138 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin [2010.08.22 15:45:41 | 000,139,152 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PnkBstrK.sys [2010.08.22 15:45:41 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.08.22 15:45:23 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.08.22 15:45:19 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.08.22 15:45:19 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.02.23 19:17:08 | 000,103,951 | ---- | C] () -- C:\Windows\System32\dtnet.dat [2009.11.09 21:26:45 | 000,038,425 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2009.07.01 14:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.01 14:55:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.02.22 14:54:02 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.24 19:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.12.13 01:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Default.PLS [2008.09.24 19:30:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.07 16:37:52 | 000,067,616 | ---- | C] () -- C:\Windows\unTMV.exe [2008.07.12 17:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat [2008.05.27 18:12:09 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini [2008.04.02 15:00:56 | 000,000,557 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\TheLastRipper.xml [2008.03.31 20:49:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.03.19 17:41:12 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll [2008.03.15 19:55:36 | 000,091,136 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.02 23:05:12 | 000,000,480 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.02.22 20:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.22 13:44:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat [2008.02.22 13:33:27 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.01.16 14:05:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.01.16 14:05:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.01.14 13:02:18 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.01.14 10:59:00 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.12.12 16:49:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.12.12 14:45:55 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.04.24 12:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll [2006.11.02 16:33:31 | 000,642,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,131,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,604,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,607,030 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,108,406 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.10.20 23:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll [2005.09.01 15:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC < End of report > [/CODE] Code:
ATTFilter
OTL Extras logfile created on: 09.02.2012 22:31:13 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,68% Memory free
4,24 Gb Paging File | 3,16 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 176,47 Gb Free Space | 39,60% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Cen
|
|
09.02.2012, 22:53
| #8 |
| | Java-Scriptvirus JS/Decdec.psc Gmer ist mit einem Fehler abgebrochen! Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\00000058
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
C:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82E62912] -> \Device\Harddisk0\DR0[0x86A102A8]
3 CLASSPNP[0x88DB98B3] -> ntkrnlpa!IofCallDriver[0x82E62912] -> [0x85E5D260]
5 acpi[0x806936BC] -> ntkrnlpa!IofCallDriver[0x82E62912] -> \Device\00000058[0x85E03030]
kernel: MBR read successfully
user & kernel MBR OK
|
|
10.02.2012, 09:12
| #9 | ||
| /// Helfer-Team | Java-Scriptvirus JS/Decdec.psc 1. Windows Defender: Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender Windows Defender komplett deaktivieren Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe) Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen. Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen. Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen. Start => services.msc ins Suchfeld eingeben. Es öffnet sich das Fenster der Dienste Doppelklick auf den Dienst "Windows Defender" Starttyp auf "Manuell" umstellen. Dienststatus beenden, falls der Dienst noch gestartet ist. ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 2. Zitat:
► Firebird SQL Server - mit MAGIX wird `automatisch` installiert. Falls nicht benötigst, kannst Du bedenkslos deinstallieren Du hast einen Server mit einer Datenbank (er wird automatisch und ungefragt bei der Installation der Magix-Programme mitinstalliert, aber von den meisten Usern gar nicht benötigt) Jedes Mal wenn Du das Programm Magix startest, ein Script dafür sorgt, das alle vorhandenen Datensätze der Datenbank werden aufgerufen, die wiederum meisten gar nicht benötigen... 3. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [hama.exe] C:\Users\Stefan\AppData\Roaming\Byotov\hama.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell - "" = AutoRun
O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\Shell\AutoRun\command - "" = K:\PhotoViewerAP_V207.exe
[2012.02.09 22:27:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.08 21:54:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC
:Commands
[purity]
[emptytemp]
4. reinige dein System mit CCleaner:
5.
6. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 7. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
12.02.2012, 22:17
| #10 |
| | Java-Scriptvirus JS/Decdec.psc Hallo! 1.) Windows defender deaktiviert 2.) Firebird SQL-Server deinstalliert 3.) Fixen mit OTL => FÜHRT ZU ABBRUCH!!!!!!! 4.) CCleaner: durchgeführt 5.) SUPERAntiSpyware: durchgeführt Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/12/2012 at 09:43 PM
Application Version : 5.0.1144
Core Rules Database Version : 8230
Trace Rules Database Version: 6042
Scan type : Complete Scan
Total Scan Time : 01:53:24
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 755
Memory threats detected : 0
Registry items scanned : 37150
Registry threats detected : 0
File items scanned : 70860
File threats detected : 213
Adware.Tracking Cookie
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\J5A5U3SZ.txt [ /doubleclick.net ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\alexandra@doubleclick[1].txt [ Cookie:alexandra@doubleclick.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Y551VTFI.txt [ Cookie:alexandra@apmebf.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\8YO8AABQ.txt [ Cookie:alexandra@c.atdmt.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\S4MPHKB0.txt [ Cookie:alexandra@atdmt.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adopt.euroclick[2].txt [ Cookie:alexandra@adopt.euroclick.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@at.atwola[2].txt [ Cookie:alexandra@at.atwola.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0VV6KOVS.txt [ Cookie:alexandra@ad.yieldmanager.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DOUHJ2MO.txt [ Cookie:alexandra@tracking.quisma.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YGH6M8WN.txt [ Cookie:alexandra@2o7.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads3.net2day[1].txt [ Cookie:alexandra@ads3.net2day.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@komtrack[2].txt [ Cookie:alexandra@komtrack.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@media.funpic[1].txt [ Cookie:alexandra@media.funpic.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLVE51AY.txt [ Cookie:alexandra@go.dynamic-tracking.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@e-2dj6wjlikld5whq.stats.esomniture[1].txt [ Cookie:alexandra@e-2dj6wjlikld5whq.stats.esomniture.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XG5QUW89.txt [ Cookie:alexandra@webmasterplan.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@imrworldwide[2].txt [ Cookie:alexandra@imrworldwide.com/cgi-bin ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adserver.easyad[1].txt [ Cookie:alexandra@adserver.easyad.info/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@liveperson[3].txt [ Cookie:alexandra@liveperson.net/hc/2383438 ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@content.yieldmanager[1].txt [ Cookie:alexandra@content.yieldmanager.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MLDQ9HTD.txt [ Cookie:alexandra@eas.apm.emediate.eu/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KYC2WBG0.txt [ Cookie:alexandra@track.adform.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@data.coremetrics[1].txt [ Cookie:alexandra@data.coremetrics.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@urbia.wwe-media[2].txt [ Cookie:alexandra@urbia.wwe-media.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@msnportal.112.2o7[2].txt [ Cookie:alexandra@msnportal.112.2o7.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0YIDEBE.txt [ Cookie:alexandra@serving-sys.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@www.art2digital[1].txt [ Cookie:alexandra@www.art2digital.com/crawltrack/phpmvcrawlt/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@unitymedia[1].txt [ Cookie:alexandra@unitymedia.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RHJYXNOW.txt [ Cookie:alexandra@revsci.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@bluestreak[2].txt [ Cookie:alexandra@bluestreak.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3IOR8X4.txt [ Cookie:alexandra@adbrite.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\AJTB1K9Q.txt [ Cookie:alexandra@adtech.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYZ26J08.txt [ Cookie:alexandra@fastclick.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@statcounter[2].txt [ Cookie:alexandra@statcounter.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de.sitestat[5].txt [ Cookie:alexandra@de.sitestat.com/otto-de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads.quartermedia[1].txt [ Cookie:alexandra@ads.quartermedia.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de.sitestat[3].txt [ Cookie:alexandra@de.sitestat.com/sport1/adv1/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@sevenoneintermedia.112.2o7[1].txt [ Cookie:alexandra@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@autoscout24.112.2o7[1].txt [ Cookie:alexandra@autoscout24.112.2o7.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adserver.71i[1].txt [ Cookie:alexandra@adserver.71i.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\M7TRSH9Q.txt [ Cookie:alexandra@adfarm1.adition.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adsrv.admediate[2].txt [ Cookie:alexandra@adsrv.admediate.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\N2ZKAZIR.txt [ Cookie:alexandra@smartadserver.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de.sitestat[2].txt [ Cookie:alexandra@de.sitestat.com/sport1/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NB2O0QX1.txt [ Cookie:alexandra@doubleclick.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads2.net2day[2].txt [ Cookie:alexandra@ads2.net2day.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de2.komtrack[2].txt [ Cookie:alexandra@de2.komtrack.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@specificclick[2].txt [ Cookie:alexandra@specificclick.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ad.adnet[2].txt [ Cookie:alexandra@ad.adnet.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DI4WTD5Y.txt [ Cookie:alexandra@apmebf.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@questionmarket[2].txt [ Cookie:alexandra@questionmarket.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@server.iad.liveperson[2].txt [ Cookie:alexandra@server.iad.liveperson.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SODF5AIT.txt [ Cookie:alexandra@bs.serving-sys.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJ030SL6.txt [ Cookie:alexandra@adform.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@hmt.connexpromotions[2].txt [ Cookie:alexandra@hmt.connexpromotions.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@zanox-affiliate[1].txt [ Cookie:alexandra@zanox-affiliate.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6TQINSS.txt [ Cookie:alexandra@tradedoubler.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@imgw.adbureau[1].txt [ Cookie:alexandra@imgw.adbureau.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@tracking.mlsat02[2].txt [ Cookie:alexandra@tracking.mlsat02.de/tmobile/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@fl01.ct2.comclick[1].txt [ Cookie:alexandra@fl01.ct2.comclick.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YNH04701.txt [ Cookie:alexandra@poobieseuropebv.solution.weborama.fr/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BURJJC5S.txt [ Cookie:alexandra@atdmt.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de.sitestat[1].txt [ Cookie:alexandra@de.sitestat.com/sport1/sport1-de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adecn[1].txt [ Cookie:alexandra@adecn.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@statse.webtrendslive[1].txt [ Cookie:alexandra@statse.webtrendslive.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads.familymedia[2].txt [ Cookie:alexandra@ads.familymedia.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads2.wwe[2].txt [ Cookie:alexandra@ads2.wwe.biz/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@advertising[2].txt [ Cookie:alexandra@advertising.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adserver.schlagerportal[2].txt [ Cookie:alexandra@adserver.schlagerportal.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adserver.traffictrack[2].txt [ Cookie:alexandra@adserver.traffictrack.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L1NYMNXV.txt [ Cookie:alexandra@a.revenuemax.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\FFCN7PF2.txt [ Cookie:alexandra@track.effiliation.com/servlet/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OIDQ5PB6.txt [ Cookie:alexandra@ww251.smartadserver.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ad1.adfarm1.adition[2].txt [ Cookie:alexandra@ad1.adfarm1.adition.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adsrv1.admediate[1].txt [ Cookie:alexandra@adsrv1.admediate.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TFYD4654.txt [ Cookie:alexandra@google.com/accounts/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads5.wwe[1].txt [ Cookie:alexandra@ads5.wwe.biz/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@tvtv.122.2o7[1].txt [ Cookie:alexandra@tvtv.122.2o7.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@tacoda[1].txt [ Cookie:alexandra@tacoda.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@secmedia[1].txt [ Cookie:alexandra@secmedia.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adx.chip[1].txt [ Cookie:alexandra@adx.chip.de/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IKOSAWM.txt [ Cookie:alexandra@www.burstnet.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G2AIZ28T.txt [ Cookie:alexandra@ad4.adfarm1.adition.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@stat.dealtime[2].txt [ Cookie:alexandra@stat.dealtime.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@liveperson[1].txt [ Cookie:alexandra@liveperson.net/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@zedo[1].txt [ Cookie:alexandra@zedo.com/ ]
C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQWQBRFO.txt [ Cookie:alexandra@accounts.google.com/ ]
C:\USERS\ALEXANDRA\Cookies\alexandra@doubleclick[1].txt [ Cookie:alexandra@doubleclick.net/ ]
C:\USERS\ALEXANDRA\Cookies\Y551VTFI.txt [ Cookie:alexandra@apmebf.com/ ]
C:\USERS\ALEXANDRA\Cookies\8YO8AABQ.txt [ Cookie:alexandra@c.atdmt.com/ ]
C:\USERS\ALEXANDRA\Cookies\S4MPHKB0.txt [ Cookie:alexandra@atdmt.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\marek@smartadserver[2].txt [ Cookie:marek@smartadserver.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYYB3IQC.txt [ Cookie:marek@eas.apm.emediate.eu/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@media.adrevolver[3].txt [ Cookie:marek@media.adrevolver.com/adrevolver/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adsrv.admediate[1].txt [ Cookie:marek@adsrv.admediate.net/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adsrv1.admediate[1].txt [ Cookie:marek@adsrv1.admediate.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\3MBF2ZU7.txt [ Cookie:marek@ad.yieldmanager.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@atdmt[1].txt [ Cookie:marek@atdmt.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\D7XMSJON.txt [ Cookie:marek@fastclick.net/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GVZFEMW.txt [ Cookie:marek@tracking.quisma.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adserver.adtechus[1].txt [ Cookie:marek@adserver.adtechus.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@ads.gamesbannernet[1].txt [ Cookie:marek@ads.gamesbannernet.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\52FF3DVY.txt [ Cookie:marek@ads2.fettspielen.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@ads.247activemedia[1].txt [ Cookie:marek@ads.247activemedia.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@www.etracker[2].txt [ Cookie:marek@www.etracker.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@a.revenuemax[1].txt [ Cookie:marek@a.revenuemax.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\H93BADIW.txt [ Cookie:marek@ad3.adfarm1.adition.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@leaderboard.olympicvideogames[2].txt [ Cookie:marek@leaderboard.olympicvideogames.com/beijing_tracking/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@ad.adserver01[2].txt [ Cookie:marek@ad.adserver01.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q2XT8Y06.txt [ Cookie:marek@apmebf.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@clkads[3].txt [ Cookie:marek@clkads.com/adServe/banners ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKA83X3K.txt [ Cookie:marek@ad1.adfarm1.adition.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\44471UKX.txt [ Cookie:marek@questionmarket.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\AM39WIOL.txt [ Cookie:marek@mediaplex.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@tracking.mlsat02[1].txt [ Cookie:marek@tracking.mlsat02.de/tmobile/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\UFTDBB8P.txt [ Cookie:marek@www.compluscommediaads.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\9YGYJQ3O.txt [ Cookie:marek@ad4.adfarm1.adition.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWMWNAW3.txt [ Cookie:marek@adfarm1.adition.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adserver.easyad[1].txt [ Cookie:marek@adserver.easyad.info/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERYRUIWE.txt [ Cookie:marek@zanox.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\M3I2DSCF.txt [ Cookie:marek@ad.adition.net/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Y3N2EAY.txt [ Cookie:marek@dyntracker.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@rotator.adjuggler[1].txt [ Cookie:marek@rotator.adjuggler.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\5I46VL8I.txt [ Cookie:marek@nextag.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\NRXTUZSA.txt [ Cookie:marek@eyewonder.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@media.adrevolver[2].txt [ Cookie:marek@media.adrevolver.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\TTC543Y7.txt [ Cookie:marek@zanox-affiliate.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@statse.webtrendslive[2].txt [ Cookie:marek@statse.webtrendslive.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@tracking.3gnet[1].txt [ Cookie:marek@tracking.3gnet.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@pro-market[1].txt [ Cookie:marek@pro-market.net/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\XMI7D7X1.txt [ Cookie:marek@ad.zanox.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0JFLXRC.txt [ Cookie:marek@track.effiliation.com/servlet/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@www.active-tracking[2].txt [ Cookie:marek@www.active-tracking.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHQTYCRH.txt [ Cookie:marek@mobi-media.nl/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETW1FO73.txt [ Cookie:marek@statcounter.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\432P0VU0.txt [ Cookie:marek@content.yieldmanager.com/ak/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@www.googleadservices[1].txt [ Cookie:marek@www.googleadservices.com/pagead/conversion/1033930600/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@casalemedia[1].txt [ Cookie:marek@casalemedia.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJ9C2DQ9.txt [ Cookie:marek@www.googleadservices.com/pagead/conversion/1072741710/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\JGG9SLWE.txt [ Cookie:marek@ich.adscale.de/adserver-ich/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\C2C4JR9O.txt [ Cookie:marek@smartadserver.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@lego.112.2o7[1].txt [ Cookie:marek@lego.112.2o7.net/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\05WOQQ54.txt [ Cookie:marek@studivz.adfarm1.adition.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\MS2MGRRC.txt [ Cookie:marek@invitemedia.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@2o7[2].txt [ Cookie:marek@2o7.net/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@overture[2].txt [ Cookie:marek@overture.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adrevolver[2].txt [ Cookie:marek@adrevolver.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\BOW7H06N.txt [ Cookie:marek@tradedoubler.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@komtrack[1].txt [ Cookie:marek@komtrack.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@tracking.mindshare[1].txt [ Cookie:marek@tracking.mindshare.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\5TOUOWA4.txt [ Cookie:marek@adx.chip.de/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\S347IVLG.txt [ Cookie:marek@webmasterplan.com/ ]
C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@clkads[2].txt [ Cookie:marek@clkads.com/adServe/ ]
C:\USERS\MAREK\Cookies\marek@smartadserver[2].txt [ Cookie:marek@smartadserver.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\63ECPBXI.txt [ Cookie:mika@ad.zanox.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IMZOLZJP.txt [ Cookie:mika@ad3.adfarm1.adition.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\61SYWKTM.txt [ Cookie:mika@traffictrack.de/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DZ8RH5EO.txt [ Cookie:mika@ad4.adfarm1.adition.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TUD0ESLV.txt [ Cookie:mika@unitymedia.de/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@track.effiliation[1].txt [ Cookie:mika@track.effiliation.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@ad.dyntracker[1].txt [ Cookie:mika@ad.dyntracker.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Z5OE9KI.txt [ Cookie:mika@int.sitestat.com/panasonic/de/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A74U16TS.txt [ Cookie:mika@ad1.adfarm1.adition.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@clkads[1].txt [ Cookie:mika@clkads.com/adServe/banners ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PKHISOZ.txt [ Cookie:mika@ad.yieldmanager.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@lego.112.2o7[1].txt [ Cookie:mika@lego.112.2o7.net/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2JPUMKIZ.txt [ Cookie:mika@adtech.de/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@clkads[2].txt [ Cookie:mika@clkads.com/adServe/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@apmebf[1].txt [ Cookie:mika@apmebf.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A102AXIO.txt [ Cookie:mika@webmasterplan.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@mediaplex[1].txt [ Cookie:mika@mediaplex.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DCGFWCCN.txt [ Cookie:mika@www.googleadservices.com/pagead/conversion/1057938296/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\847MPNOR.txt [ Cookie:mika@adviva.net/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@adform[1].txt [ Cookie:mika@adform.net/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3V4P69LJ.txt [ Cookie:mika@macromedia.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@bs.serving-sys[1].txt [ Cookie:mika@bs.serving-sys.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\618HYVZZ.txt [ Cookie:mika@adfarm1.adition.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@e-2dj6wgkociazolq.stats.esomniture[2].txt [ Cookie:mika@e-2dj6wgkociazolq.stats.esomniture.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@content.yieldmanager[1].txt [ Cookie:mika@content.yieldmanager.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P6QNDDHB.txt [ Cookie:mika@fl01.ct2.comclick.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NP56PFTR.txt [ Cookie:mika@calumetphoto.122.2o7.net/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@fastclick[1].txt [ Cookie:mika@fastclick.net/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@atdmt[2].txt [ Cookie:mika@atdmt.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BL4E4OG.txt [ Cookie:mika@tracking.quisma.com/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4AO2EHA.txt [ Cookie:mika@zanox-affiliate.de/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTJ19AWG.txt [ Cookie:mika@int.sitestat.com/panasonic/ ]
C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6QKP2ZXS.txt [ Cookie:mika@zanox.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\560VV2GP.txt [ Cookie:stefan@zanox.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\OZI41X98.txt [ Cookie:stefan@traffictrack.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\NVKGGN7J.txt [ Cookie:stefan@zanox-affiliate.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\YMQ4R92H.txt [ Cookie:stefan@apmebf.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\P1ML437M.txt [ Cookie:stefan@adtech.de/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\A8MF7DSA.txt [ Cookie:stefan@atdmt.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\VMU3AYYY.txt [ Cookie:stefan@mediaplex.com/ ]
C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\VO53JP13.txt [ Cookie:stefan@www.zanox-affiliate.de/ ]
C:\USERS\STEFAN\Cookies\560VV2GP.txt [ Cookie:stefan@zanox.com/ ]
C:\USERS\STEFAN\Cookies\OZI41X98.txt [ Cookie:stefan@traffictrack.de/ ]
C:\USERS\STEFAN\Cookies\J5A5U3SZ.txt [ Cookie:stefan@doubleclick.net/ ]
C:\USERS\STEFAN\Cookies\NVKGGN7J.txt [ Cookie:stefan@zanox-affiliate.de/ ]
C:\USERS\STEFAN\Cookies\YMQ4R92H.txt [ Cookie:stefan@apmebf.com/ ]
C:\USERS\STEFAN\Cookies\P1ML437M.txt [ Cookie:stefan@adtech.de/ ]
C:\USERS\STEFAN\Cookies\A8MF7DSA.txt [ Cookie:stefan@atdmt.com/ ]
C:\USERS\STEFAN\Cookies\VMU3AYYY.txt [ Cookie:stefan@mediaplex.com/ ]
C:\USERS\STEFAN\Cookies\VO53JP13.txt [ Cookie:stefan@www.zanox-affiliate.de/ ]
memecounter.com [ C:\BACKUP\DATEIEN\LAPTOP STEFAN\DOKUMENTE UND EINSTELLUNGEN\STEFAN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PSL6X3H ]
track.webgains.com [ C:\BACKUP\DATEIEN\LAPTOP STEFAN\DOKUMENTE UND EINSTELLUNGEN\STEFAN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PSL6X3H ]
memecounter.com [ C:\DATEIEN\LAPTOP STEFAN\DOKUMENTE UND EINSTELLUNGEN\STEFAN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PSL6X3H ]
track.webgains.com [ C:\DATEIEN\LAPTOP STEFAN\DOKUMENTE UND EINSTELLUNGEN\STEFAN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PSL6X3H ]
C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@CUNDA.122.2O7[1].TXT [ /CUNDA.122.2O7 ]
C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
C:\USERS\MIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKA@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\MIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKA@INTERCLICK[1].TXT [ /INTERCLICK ]
|
|
13.02.2012, 03:52
| #11 |
| | Java-Scriptvirus JS/Decdec.psc Eset-Ergebnis: C:\Program Files\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined D:\TOOLS\Nero Burning ROM 8 Update\Nero-8.2.8.0_deu_update.exe Win32/Toolbar.AskSBar application deleted - quarantined Gruß Stefan |
|
13.02.2012, 08:48
| #12 | ||
| /// Helfer-Team | Java-Scriptvirus JS/Decdec.pscZitat:
Zitat:
♦ Drücke gleich mehrmals die F8-Taste. Am besten mehrmals und schnell nacheinander drücken. ♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus. Dann die Schritte 5. und 6. bitte auch noch erledigen (Posting #9) außerdem: erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
13.02.2012, 19:29
| #13 |
| | Java-Scriptvirus JS/Decdec.psc Ok, im abgesicherten Modus hat's geklappt ;-)) Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hama.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\ not found.
File F:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\ not found.
File K:\PhotoViewerAP_V207.exe not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:364682BC .
========== COMMANDS ==========
[EMPTYTEMP]
User: Alexandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Marek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mika
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 248122838 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5669 bytes
User: Public
User: Stefan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11443463 bytes
->Java cache emptied: 1817904 bytes
->Flash cache emptied: 56943 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1848161 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 251,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 02132012_192341
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
13.02.2012, 21:37
| #14 |
| | Java-Scriptvirus JS/Decdec.psc SUPERAntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 02/13/2012 at 09:20 PM
Application Version : 5.0.1144
Core Rules Database Version : 8232
Trace Rules Database Version: 6044
Scan type : Complete Scan
Total Scan Time : 01:49:03
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 772
Memory threats detected : 0
Registry items scanned : 37161
Registry threats detected : 0
File items scanned : 69238
File threats detected : 10
Adware.Tracking Cookie
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\UO9W7A91.txt [ /smartadserver.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\0UZA632L.txt [ /doubleclick.net ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\OE64MMJN.txt [ /apmebf.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\0WVY004X.txt [ /atdmt.com ]
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\VVDCMBKH.txt [ /mediaplex.com ]
C:\USERS\STEFAN\Cookies\UO9W7A91.txt [ Cookie:stefan@smartadserver.com/ ]
C:\USERS\STEFAN\Cookies\0UZA632L.txt [ Cookie:stefan@doubleclick.net/ ]
C:\USERS\STEFAN\Cookies\OE64MMJN.txt [ Cookie:stefan@apmebf.com/ ]
C:\USERS\STEFAN\Cookies\0WVY004X.txt [ Cookie:stefan@atdmt.com/ ]
C:\USERS\STEFAN\Cookies\VVDCMBKH.txt [ Cookie:stefan@mediaplex.com/ ]
|
|
14.02.2012, 04:24
| #15 |
| | Java-Scriptvirus JS/Decdec.psc Eset hat nichts gefunden ;-) |
|
| Themen zu Java-Scriptvirus JS/Decdec.psc |
| alten, avira, befall, decdec.ps, erneut, gelöscht, homepage, javasript, kontakt, malwarebytes, melde, melden, meldung, neu, neuem, nichts, private, problem, prüfen, schonmal, schütze, schützen, sehr geholfen, seite, seiten, virenbefall, virus, woche, wochen |
.
Linear-Darstellung
