| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: verschlüsselungs trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2012, 12:20
| #1 |
| |  verschlüsselungs trojaner Hallo ich versuche es mit einem eigenen Thema. Ich bin neu hier und habe auch garnicht so soviel erfahrung damit. Mein Problem: Ich habe eine E-Mail geöffnet und habe mir wohl diesen neuen Trojaner eingefangen. Ich habe gestern und heute schon einiges gelesen, aber erlich gesagt habe ich garkein durchblick mehr, deshalb versuche ich das jetzt und hoffe das mir jemand helfen kann das richtig hier reinzustellen. Allso bitte nicht böse sein wenn was fehlt, sagt mir was noch benötigt wird und evtl. wie ich das machen kann, versuche es dann so schnell wie möglich zu machen. Mein Leptop hat Microsoft Windows 7 Home Premium --- Systemtyp:x64-basierter PC Mein Problem: Nach "wohl" geöffneter E-Mail kam ein Hinweis das ich ein Update kaufen muss für 100,-€ den ich über ein Code eingeben soll. Dannach soll die Verschlüsselung wirder entschlüsselt werden. Das habe ich nicht getan. PC geht wieder habe auch mit MC Afee mein PC noch mal prüfen lassen da kam raus das 6 Trojaner auf meinem PC sind. Alle meine Datein (Foto, Word, Exel.......) haben ihren ursprünglichen Namen bzw. bezeichnung nicht mehr, jetzt z. bsp. "olVdAqjQtpLonEuvQJ" So was ist der nächste bzw. der Erste schritt?? danke schonmal im Voraus So ich bin gerade dabei die Punkte aus "Für alle Hilfesuchenden!" abzuarbeiten. Das Defogger kann ich nicht öffnen bzw. speichern was nun??? So hier ist der erste teil OTL Logfile: Code:
ATTFilter otl logfile created on: 05.06.2012 13:37:08 - run 1 otl by oldtimer - version 3.2.46.1 folder = c:\users\***\downloads 64bit- home premium edition service pack 1 (version = 6.1.7601) - type = ntworkstation internet explorer (version = 9.0.8112.16421) locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy 3,86 gb total physical memory | 1,57 gb available physical memory | 40,61% memory free 7,73 gb paging file | 4,57 gb available in paging file | 59,15% paging file free paging file location(s): ?:\pagefile.sys [binary data] %systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files (x86) drive c: | 452,48 gb total space | 372,29 gb free space | 82,28% space free | partition type: Ntfs drive d: | 270,88 mb total space | 0,00 mb free space | 0,00% space free | partition type: Udf computer name: ***-pc | user name: *** | logged in as administrator. Boot mode: Normal | scan mode: Current user | quick scan | include 64bit scans company name whitelist: On | skip microsoft files: On | no company name whitelist: On | file age = 30 days ========== processes (safelist) ========== prc - [2012.06.05 13:30:26 | 000,596,480 | ---- | m] (oldtimer tools) -- c:\users\***\downloads\otl.exe prc - [2012.04.04 15:56:40 | 000,654,408 | ---- | m] (malwarebytes corporation) -- c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe prc - [2012.04.04 15:56:38 | 000,981,680 | ---- | m] (malwarebytes corporation) -- c:\program files (x86)\malwarebytes' anti-malware\mbam.exe prc - [2012.04.04 15:56:38 | 000,462,408 | ---- | m] (malwarebytes corporation) -- c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe prc - [2012.03.07 01:15:17 | 004,241,512 | ---- | m] (avast software) -- c:\programme\avast software\avast\avastui.exe prc - [2012.03.07 01:15:14 | 000,044,768 | ---- | m] (avast software) -- c:\programme\avast software\avast\avastsvc.exe prc - [2012.02.24 18:24:11 | 000,307,824 | ---- | m] (google inc.) -- c:\program files (x86)\google\google toolbar\googletoolbaruser_32.exe prc - [2012.02.13 21:19:20 | 000,240,408 | ---- | m] (microsoft corporation.) -- c:\program files (x86)\microsoft\bingbar\7.1.362.0\seaport.exe prc - [2012.01.23 06:43:08 | 000,247,728 | ---- | m] (tomtom) -- c:\program files (x86)\tomtom home 2\tomtomhomerunner.exe prc - [2012.01.23 06:43:08 | 000,092,592 | ---- | m] (tomtom) -- c:\program files (x86)\tomtom home 2\tomtomhomeservice.exe prc - [2011.11.25 15:35:01 | 000,247,968 | ---- | m] (adobe systems, inc.) -- c:\windows\syswow64\macromed\flash\flashutil11e_activex.exe prc - [2011.11.14 13:02:04 | 000,435,672 | ---- | m] (tomtom) -- c:\program files (x86)\mytomtom 3\mytomtomsa.exe prc - [2011.09.01 21:52:37 | 000,347,008 | ---- | m] (easybits software as) -- c:\programdata\gamexn\gamexngo.exe prc - [2011.01.30 17:13:14 | 000,253,952 | ---- | m] (huawei technologies co., ltd.) -- c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe prc - [2010.05.28 16:29:26 | 002,650,112 | ---- | m] (data becker gmbh & co kg) -- c:\program files (x86)\common files\data becker shared\dbservice.exe prc - [2010.04.08 22:18:40 | 000,908,368 | ---- | m] (dritek system inc.) -- c:\program files (x86)\launch manager\lmanager.exe prc - [2010.04.08 22:18:40 | 000,312,400 | ---- | m] (dritek system inc.) -- c:\program files (x86)\launch manager\dsiwmis.exe prc - [2010.04.08 22:18:40 | 000,298,064 | ---- | m] (dritek system inc.) -- c:\program files (x86)\launch manager\lmworker.exe prc - [2010.03.09 01:58:24 | 000,250,368 | ---- | m] (newtech infosystems, inc.) -- c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe prc - [2010.03.09 01:56:38 | 000,260,608 | ---- | m] (newtech infosystems, inc.) -- c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe prc - [2010.03.03 14:42:02 | 002,320,920 | ---- | m] (intel corporation) -- c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe prc - [2010.03.03 14:41:58 | 000,268,824 | ---- | m] (intel corporation) -- c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe prc - [2010.02.01 20:05:02 | 000,349,552 | ---- | m] (egis technology inc.) -- c:\program files (x86)\egistec mywinlocker\x86\mwldaemon.exe prc - [2010.02.01 20:04:40 | 000,305,520 | ---- | m] (egis technology inc.) -- c:\program files (x86)\egistec mywinlocker\x86\mwlservice.exe prc - [2010.01.29 01:27:36 | 000,243,232 | ---- | m] (acer group) -- c:\programme\acer\acer updater\updaterservice.exe prc - [2010.01.08 15:21:22 | 000,023,584 | ---- | m] (acer incorporated) -- c:\program files (x86)\acer\registration\gregsvc.exe prc - [2009.12.31 15:13:52 | 000,110,592 | ---- | m] (huawei technologies co., ltd.) -- c:\users\florence\appdata\roaming\t-mobile internet manager\ouc.exe prc - [2009.12.25 03:45:16 | 000,401,192 | ---- | m] (egis technology inc.) -- c:\program files (x86)\egistec ips\pmmupdate.exe prc - [2009.12.25 03:44:48 | 000,201,512 | ---- | m] (egis technology inc.) -- c:\program files (x86)\egistec ips\egisupdate.exe prc - [2009.10.14 13:36:56 | 002,793,304 | ---- | m] () -- c:\programme\logitech\logitech webcam software\lws.exe prc - [2009.10.14 13:34:18 | 000,560,472 | ---- | m] () -- c:\program files (x86)\common files\logishrd\lqcvfx\cocimanager.exe prc - [2009.10.07 01:47:22 | 000,125,464 | ---- | m] (logitech inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\lvprs64h.exe ========== modules (no company name) ========== mod - [2011.11.14 13:02:08 | 000,202,712 | ---- | m] () -- c:\program files (x86)\mytomtom 3\tomtomsupporterproxy.dll mod - [2011.11.14 13:02:06 | 000,063,960 | ---- | m] () -- c:\program files (x86)\mytomtom 3\tomtomsupporterbase.dll mod - [2011.11.14 13:01:52 | 007,964,160 | ---- | m] () -- c:\program files (x86)\mytomtom 3\qtgui4.dll mod - [2011.11.14 13:01:52 | 002,302,464 | ---- | m] () -- c:\program files (x86)\mytomtom 3\qtcore4.dll mod - [2011.11.14 13:01:52 | 000,980,480 | ---- | m] () -- c:\program files (x86)\mytomtom 3\qtnetwork4.dll mod - [2011.11.14 13:01:52 | 000,357,888 | ---- | m] () -- c:\program files (x86)\mytomtom 3\qtxml4.dll mod - [2010.03.09 02:18:10 | 000,465,576 | ---- | m] () -- c:\program files (x86)\newtech infosystems\acer backup manager\sqlite3.dll mod - [2009.10.14 13:36:56 | 002,793,304 | ---- | m] () -- c:\programme\logitech\logitech webcam software\lws.exe mod - [2009.10.14 13:34:18 | 000,560,472 | ---- | m] () -- c:\program files (x86)\common files\logishrd\lqcvfx\cocimanager.exe mod - [2009.05.21 00:02:04 | 000,072,200 | ---- | m] () -- c:\program files (x86)\launch manager\cddirio.dll ========== win32 services (safelist) ========== srv:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | m] (mcafee, inc.) [auto | running] -- c:\windows\sysnative\mfevtps.exe -- (mfevtp) srv:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | m] () [auto | running] -- c:\program files\common files\mcafee\systemcore\\mfefire.exe -- (mfefire) srv:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | m] () [auto | running] -- c:\program files\common files\mcafee\systemcore\\mcshield.exe -- (mcshield) srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (msk80service) srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcproxy) srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcnasvc) srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcnaiann) srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcmscsvc) srv:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | m] (mcafee, inc.) [auto | running] -- c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe -- (mcmpfsvc) srv:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\sysnative\mcx2svc.dll -- (mcx2svc) srv:64bit: - [2010.01.22 19:01:12 | 000,202,752 | ---- | m] (amd) [auto | running] -- c:\windows\sysnative\atiesrxx.exe -- (amd external events utility) srv:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\sysnative\mprdim.dll -- (remoteaccess) srv - [2012.04.04 15:56:40 | 000,654,408 | ---- | m] (malwarebytes corporation) [auto | running] -- c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe -- (mbamservice) srv - [2012.03.22 19:30:56 | 000,502,032 | ---- | m] (mcafee, inc.) [on_demand | stopped] -- c:\programme\mcafee\virusscan\mcods.exe -- (mcods) srv - [2012.03.07 01:15:14 | 000,044,768 | ---- | m] (avast software) [auto | running] -- c:\programme\avast software\avast\avastsvc.exe -- (avast! Antivirus) srv - [2012.02.29 08:50:48 | 000,158,856 | r--- | m] (skype technologies) [auto | stopped] -- c:\program files (x86)\skype\updater\updater.exe -- (skypeupdate) srv - [2012.02.13 21:19:20 | 000,240,408 | ---- | m] (microsoft corporation.) [on_demand | running] -- c:\program files (x86)\microsoft\bingbar\7.1.362.0\seaport.exe -- (bbupdate) srv - [2012.02.13 21:19:20 | 000,193,816 | ---- | m] (microsoft corporation.) [auto | stopped] -- c:\program files (x86)\microsoft\bingbar\7.1.362.0\bbsvc.exe -- (bbsvc) srv - [2012.01.23 06:43:08 | 000,092,592 | ---- | m] (tomtom) [auto | running] -- c:\program files (x86)\tomtom home 2\tomtomhomeservice.exe -- (tomtomhomeservice) srv - [2011.02.11 18:43:56 | 000,240,112 | ---- | m] (cyberlink) [auto | stopped] -- c:\program files (x86)\cyberlink\powerdvd9\navfilter\kmsvc.exe -- (clkmsvc10_9ec60124) srv - [2010.05.28 16:29:26 | 002,650,112 | ---- | m] (data becker gmbh & co kg) [auto | running] -- c:\program files (x86)\common files\data becker shared\dbservice.exe -- (dbservice) srv - [2010.04.23 10:46:22 | 000,867,360 | ---- | m] (acer incorporated) [auto | running] -- c:\programme\acer\acer epower management\epowersvc.exe -- (epowersvc) srv - [2010.04.08 22:18:40 | 000,312,400 | ---- | m] (dritek system inc.) [auto | running] -- c:\program files (x86)\launch manager\dsiwmis.exe -- (dsiwmiservice) srv - [2010.03.18 14:16:28 | 000,130,384 | ---- | m] (microsoft corporation) [auto | stopped] -- c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) srv - [2010.03.09 01:58:24 | 000,250,368 | ---- | m] (newtech infosystems, inc.) [auto | running] -- c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe -- (nti ischedulesvc) srv - [2010.03.03 14:42:02 | 002,320,920 | ---- | m] (intel corporation) [auto | running] -- c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe -- (uns) intel(r) srv - [2010.03.03 14:41:58 | 000,268,824 | ---- | m] (intel corporation) [auto | running] -- c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe -- (lms) intel(r) srv - [2010.02.01 20:04:40 | 000,305,520 | ---- | m] (egis technology inc.) [auto | running] -- c:\program files (x86)\egistec mywinlocker\x86\mwlservice.exe -- (mwlservice) srv - [2010.01.29 01:27:36 | 000,243,232 | ---- | m] (acer group) [auto | running] -- c:\programme\acer\acer updater\updaterservice.exe -- (updater service) srv - [2010.01.09 22:34:24 | 004,925,184 | ---- | m] (microsoft corporation) [on_demand | stopped] -- c:\programme\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe -- (osppsvc) srv - [2010.01.08 15:21:22 | 000,023,584 | ---- | m] (acer incorporated) [auto | running] -- c:\program files (x86)\acer\registration\gregsvc.exe -- (gregservice) srv - [2009.10.07 01:47:10 | 000,191,000 | ---- | m] (logitech inc.) [auto | running] -- c:\programme\common files\logishrd\lvmvfm\lvprcsrv.exe -- (lvprcs64) srv - [2009.07.14 03:15:41 | 000,075,264 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\syswow64\mprdim.dll -- (remoteaccess) srv - [2009.06.10 23:23:09 | 000,066,384 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) srv - [2009.06.10 22:39:58 | 000,089,920 | ---- | m] (microsoft corporation) [disabled | stopped] -- c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) ========== driver services (safelist) ========== drv:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | m] (malwarebytes corporation) [file_system | on_demand | running] -- c:\windows\sysnative\drivers\mbam.sys -- (mbamprotector) drv:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | m] (avast software) [file_system | system | stopped] -- c:\windows\sysnative\drivers\aswsnx.sys -- (aswsnx) drv:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | m] (avast software) [kernel | system | running] -- c:\windows\sysnative\drivers\aswsp.sys -- (aswsp) drv:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | m] (avast software) [kernel | system | unknown] -- c:\windows\sysnative\drivers\aswrdr2.sys -- (aswrdr) drv:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | m] (avast software) [kernel | system | running] -- c:\windows\sysnative\drivers\aswtdi.sys -- (aswtdi) drv:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | m] (avast software) [file_system | auto | running] -- c:\windows\sysnative\drivers\aswmonflt.sys -- (aswmonflt) drv:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | m] (avast software) [file_system | auto | running] -- c:\windows\sysnative\drivers\aswfsblk.sys -- (aswfsblk) drv:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | m] (microsoft corporation) [recognizer | boot | unknown] -- c:\windows\sysnative\drivers\fs_rec.sys -- (fs_rec) drv:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | m] (mcafee, inc.) [kernel | boot | running] -- c:\windows\sysnative\drivers\mfehidk.sys -- (mfehidk) drv:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | m] (mcafee, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\mfefirek.sys -- (mfefirek) drv:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | m] (mcafee, inc.) [kernel | boot | running] -- c:\windows\sysnative\drivers\mfewfpk.sys -- (mfewfpk) drv:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | m] (mcafee, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\mfeavfk.sys -- (mfeavfk) drv:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | m] (mcafee, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\mfeapfk.sys -- (mfeapfk) drv:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | m] (mcafee, inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\mferkdet.sys -- (mferkdet) drv:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | m] (mcafee, inc.) [kernel | system | running] -- c:\windows\sysnative\drivers\mfenlfk.sys -- (mfenlfk) drv:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | m] (mcafee, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\cfwids.sys -- (cfwids) drv:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\point64.sys -- (point64) drv:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | m] (advanced micro devices) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\amdsata.sys -- (amdsata) drv:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | m] (advanced micro devices) [kernel | boot | running] -- c:\windows\sysnative\drivers\amdxata.sys -- (amdxata) drv:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | m] (hewlett-packard company) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\hpsamd.sys -- (hpsamd) drv:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\tsusbflt.sys -- (tsusbflt) drv:64bit: - [2010.04.02 02:18:30 | 003,060,800 | ---- | m] (broadcom corporation) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\bcmwl664.sys -- (bcm43xx) drv:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | m] (intel corporation) [kernel | boot | running] -- c:\windows\sysnative\drivers\iastor.sys -- (iastor) drv:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | m] (protect software gmbh) [kernel | auto | running] -- c:\windows\sysnative\drivers\acedrv11.sys -- (acedrv11) drv:64bit: - [2010.01.22 19:13:24 | 006,233,088 | ---- | m] (ati technologies inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\atipmdag.sys -- (amdkmdag) drv:64bit: - [2010.01.22 18:07:56 | 000,161,280 | ---- | m] (advanced micro devices, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\atikmpag.sys -- (amdkmdap) drv:64bit: - [2009.12.02 04:21:32 | 000,040,448 | ---- | m] (alcor micro, corp.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\amustor.sys -- (amustor) drv:64bit: - [2009.10.22 06:55:06 | 000,272,432 | ---- | m] (alps electric co., ltd.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\apfiltr.sys -- (apfiltrservice) drv:64bit: - [2009.10.16 12:32:22 | 000,321,064 | ---- | m] (broadcom corporation) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\k57nd60a.sys -- (k57nd60a) broadcom netlink (tm) drv:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | m] (huawei technologies co., ltd.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\ewusbdev.sys -- (hwusbdev) drv:64bit: - [2009.10.07 08:49:28 | 006,379,288 | ---- | m] (logitech inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lvuvc64.sys -- (lvuvc64) logitech quickcam e3500(uvc) drv:64bit: - [2009.10.07 08:47:46 | 000,327,704 | ---- | m] (logitech inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lvrs64.sys -- (lvrs64) drv:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | m] () [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lvpr2m64.sys -- (lvpr2mon) drv:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | m] () [kernel | on_demand | running] -- c:\windows\sysnative\drivers\lvpr2m64.sys -- (lvpr2m64) drv:64bit: - [2009.09.30 19:34:32 | 000,121,872 | ---- | m] (ati technologies, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\atihdmi.sys -- (atihdmiservice) drv:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | m] (intel corporation) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\hecix64.sys -- (hecix64) intel(r) drv:64bit: - [2009.09.10 16:31:56 | 000,117,248 | ---- | m] (huawei technologies co., ltd.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\ewusbmdm.sys -- (hwdatacard) drv:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | m] (amd technologies inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\amdsbs.sys -- (amdsbs) drv:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | m] (lsi corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lsi_sas2.sys -- (lsi_sas2) drv:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | m] (microsoft corporation) [kernel | disabled | stopped] -- c:\windows\sysnative\drivers\crcdisk.sys -- (crcdisk) drv:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | m] (promise technology) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\stexstor.sys -- (stexstor) drv:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | m] (microsoft corporation) [kernel | disabled | stopped] -- c:\windows\sysnative\drivers\ws2ifsl.sys -- (ws2ifsl) drv:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | m] (microsoft corporation) [file_system | disabled | stopped] -- c:\windows\sysnative\drivers\cdfs.sys -- (cdfs) drv:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | m] (atheros communications, inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\l1e62x64.sys -- (l1e) ndis miniport driver for atheros ar8121/ar8113/ar8114 pci-e ethernet controller(ndis6.20) drv:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | m] (intel corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\igdkmd64.sys -- (igfx) drv:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | m] (broadcom corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\evbda.sys -- (ebdrv) drv:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | m] (broadcom corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\bxvbda.sys -- (b06bdrv) drv:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | m] (broadcom corporation) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\b57nd60a.sys -- (b57nd60a) drv:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | m] (hauppauge computer works, inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\hcw85cir.sys -- (hcw85cir) drv:64bit: - [2009.06.03 04:15:30 | 000,060,464 | ---- | m] (egis technology inc.) [kernel | system | running] -- c:\windows\sysnative\drivers\mwlpsdvdisk.sys -- (mwlpsdvdisk) drv:64bit: - [2009.06.03 04:15:30 | 000,022,576 | ---- | m] (egis technology inc.) [file_system | system | running] -- c:\windows\sysnative\drivers\mwlpsdfilter.sys -- (mwlpsdfilter) drv:64bit: - [2009.06.03 04:15:30 | 000,020,016 | ---- | m] (egis technology inc.) [kernel | system | running] -- c:\windows\sysnative\drivers\mwlpsdnserv.sys -- (mwlpsdnserv) drv:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | m] (newtech infosystems, inc.) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\ntidrvr.sys -- (ntidrvr) drv:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | m] (newtech infosystems corporation) [kernel | on_demand | running] -- c:\windows\sysnative\drivers\ubhelper.sys -- (ubhelper) drv:64bit: - [2008.11.19 17:09:14 | 000,033,792 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lgx64modem.sys -- (usbmodem) drv:64bit: - [2008.11.19 17:09:12 | 000,027,136 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lgx64diag.sys -- (usbdiag) drv:64bit: - [2008.11.19 17:09:12 | 000,017,920 | ---- | m] (lg electronics inc.) [kernel | on_demand | stopped] -- c:\windows\sysnative\drivers\lgx64bus.sys -- (usbbus) drv - [2010.01.22 18:31:36 | 000,146,928 | ---- | m] (cyberlink corp.) [2010/09/10 02:02:59] [kernel | auto | running] -- c:\program files (x86)\cyberlink\powerdvd9\000.fcl -- ({b154377d-700f-42cc-9474-23858fbdf4bd}) drv - [2009.07.14 03:19:10 | 000,019,008 | ---- | m] (microsoft corporation) [file_system | on_demand | stopped] -- c:\windows\syswow64\drivers\wimmount.sys -- (wimmount) ========== standard registry (safelist) ========== ========== internet explorer ========== ie:64bit: - hklm\software\microsoft\internet explorer\main,default_page_url = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o ie:64bit: - hklm\software\microsoft\internet explorer\main,start page = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o ie:64bit: - hklm\..\searchscopes,defaultscope = {6a1806cd-94d4-4689-ba73-e35ea1ea9990} ie:64bit: - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src ie:64bit: - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7 ie - hklm\software\microsoft\internet explorer\main,default_page_url = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o ie - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm ie - hklm\software\microsoft\internet explorer\main,start page = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o ie - hklm\..\urlsearchhook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.) ie - hklm\..\urlsearchhook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.) ie - hklm\..\urlsearchhook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.) ie - hklm\..\searchscopes,defaultscope = {6a1806cd-94d4-4689-ba73-e35ea1ea9990} ie - hklm\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&form=ie8src ie - hklm\..\searchscopes\{67a2568c-7a0a-4eed-aecc-b5405de63b64}: "url" = hxxp://www.google.com/search?sourceid=ie7&q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&rlz=1i7acaw ie - hklm\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7 ie - hklm\..\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "url" = hxxp://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&ctid=ct2438727 ie - hkcu\software\microsoft\internet explorer\main,default_page_url = hxxp://homepage.acer.com/rdr.aspx?b=acaw&l=0407&m=aspire_7741&r=27361210h906l04g8z145t4721o18o ie - hkcu\software\microsoft\internet explorer\main,start page = hxxp://www.google.de/ ie - hkcu\..\urlsearchhook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.) ie - hkcu\..\urlsearchhook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.) ie - hkcu\..\urlsearchhook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.) ie - hkcu\..\searchscopes,defaultscope = {0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} ie - hkcu\..\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" = hxxp://www.bing.com/search?q={searchterms}&src=ie-searchbox&form=ie8src ie - hkcu\..\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}: "url" = hxxp://search.babylon.com/?q={searchterms}&affid=110819&tt=220311_dflta&babsrc=sp_ss&mntrid=d4e493430000000000005cac4cb09ae7 ie - hkcu\..\searchscopes\{2073646e-939e-44ed-a60a-e33b7b91bb30}: "url" = hxxp://search.conduit.com/resultsext.aspx?q={searchterms}&searchsource=4&ctid=ct3196716 ie - hkcu\..\searchscopes\{67a2568c-7a0a-4eed-aecc-b5405de63b64}: "url" = hxxp://www.google.com/search?sourceid=ie7&q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&rlz=1i7acaw_dede410 ie - hkcu\..\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}: "url" = hxxp://www.google.com/search?q={searchterms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputencoding}&oe={outputencoding}&sourceid=ie7 ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0 ========== firefox ========== ff - prefs.js..extensions.enableditems: Mapshare-status@tomtom.com:1.7.1 ff - prefs.js..extensions.enableditems: Basetheme@tomtom.com:1.0.2 ff - user.js - file not found ff:64bit: - hklm\software\mozillaplugins\@mcafee.com/msc,version=10: C:\progra~1\mcafee\msc\npmcsn~1.dll () ff:64bit: - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0: C:\progra~1\micros~2\office14\npauthz.dll (microsoft corporation) ff - hklm\software\mozillaplugins\@canon.com/mycameraplugin: C:\program files (x86)\canon\mycamera download plugin\npcig.dll (canon inc.) ff - hklm\software\mozillaplugins\@google.com/googleearthplugin: C:\program files (x86)\google\google earth\plugin\npgeplugin.dll (google) ff - hklm\software\mozillaplugins\@mcafee.com/msc,version=10: C:\progra~2\mcafee\msc\npmcsn~1.dll () ff - hklm\software\mozillaplugins\@microsoft.com/npctrl,version=1.0: C:\program files (x86)\microsoft silverlight\4.1.10329.0\npctrl.dll ( microsoft corporation) ff - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0: C:\progra~2\micros~4\office14\npauthz.dll (microsoft corporation) ff - hklm\software\mozillaplugins\@microsoft.com/sharepoint,version=14.0: C:\progra~2\micros~4\office14\npspwrap.dll (microsoft corporation) ff - hklm\software\mozillaplugins\@microsoft.com/wlpg,version=14.0.8081.0709: C:\program files (x86)\windows live\photo gallery\npwlpg.dll (microsoft corporation) ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=3: C:\program files (x86)\google\update\1.3.21.111\npgoogleupdate3.dll (google inc.) ff - hklm\software\mozillaplugins\@tools.google.com/google update;version=9: C:\program files (x86)\google\update\1.3.21.111\npgoogleupdate3.dll (google inc.) ff - hklm\software\mozillaplugins\adobe reader: C:\program files (x86)\adobe\reader 9.0\reader\air\nppdf32.dll (adobe systems inc.) ff - hkcu\software\mozillaplugins\@protectdisc.com/nppdlicensehelper: C:\users\***\appdata\roaming\protectdisc\license helper v2\nppdlicensehelper.dll ( ) ff - hkey_local_machine\software\mozilla\firefox\extensions\\{d19ca586-dd6c-4a0a-96f8-14644f340d60}: C:\program files (x86)\common files\mcafee\systemcore [2012.06.04 16:49:47 | 000,000,000 | ---d | m] [2011.01.28 15:09:19 | 000,000,000 | ---d | m] (no name found) -- c:\users\***\appdata\roaming\mozilla\extensions [2011.01.28 15:09:19 | 000,000,000 | ---d | m] (no name found) -- c:\users\***e\appdata\roaming\mozilla\extensions\home2@tomtom.com [2012.03.24 07:39:39 | 000,000,000 | ---d | m] (map status indicator) -- c:\program files (x86)\tomtom home 2\xul\extensions\mapshare-status@tomtom.com ========== chrome ========== chr - plugin: Remoting viewer (enabled) = internal-remoting-viewer chr - plugin: Native client (enabled) = c:\program files (x86)\google\chrome\application\19.0.1084.52\ppgooglenaclpluginchrome.dll chr - plugin: Chrome pdf viewer (enabled) = c:\program files (x86)\google\chrome\application\19.0.1084.52\pdf.dll chr - plugin: Shockwave flash (enabled) = c:\program files (x86)\google\chrome\application\19.0.1084.52\gcswf32.dll chr - plugin: Skype click to call (enabled) = c:\users\florence\appdata\local\google\chrome\user data\default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npskypechromeplugin.dll chr - plugin: Adobe acrobat (enabled) = c:\program files (x86)\adobe\reader 9.0\reader\browser\nppdf32.dll chr - plugin: Microsoft office 2010 (enabled) = c:\progra~2\micros~4\office14\npauthz.dll chr - plugin: Microsoft office 2010 (enabled) = c:\progra~2\micros~4\office14\npspwrap.dll chr - plugin: Npcig.dll (enabled) = c:\program files (x86)\canon\mycamera download plugin\npcig.dll chr - plugin: Google earth plugin (enabled) = c:\program files (x86)\google\google earth\plugin\npgeplugin.dll chr - plugin: Google update (enabled) = c:\program files (x86)\google\update\1.3.21.111\npgoogleupdate3.dll chr - plugin: Windows live\u00ae photo gallery (enabled) = c:\program files (x86)\windows live\photo gallery\npwlpg.dll chr - plugin: Protect disc license acquisition plugin (enabled) = c:\users\***\appdata\roaming\protectdisc\license helper v2\nppdlicensehelper.dll chr - plugin: Silverlight plug-in (enabled) = c:\program files (x86)\microsoft silverlight\4.1.10329.0\npctrl.dll chr - plugin: Mcafee securitycenter (enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll chr - extension: Youtube = c:\users\***\appdata\local\google\chrome\user data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ chr - extension: Google-suche = c:\users\***\appdata\local\google\chrome\user data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ chr - extension: Dealply = c:\users\***\appdata\local\google\chrome\user data\default\extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ chr - extension: Avast! Webrep = c:\users\***\appdata\local\google\chrome\user data\default\extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ chr - extension: Skype click to call = c:\users\***\appdata\local\google\chrome\user data\default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\ chr - extension: Google mail = c:\users\***\appdata\local\google\chrome\user data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ o1 hosts file: ([2009.06.10 23:00:26 | 000,000,824 | ---- | m]) - c:\windows\sysnative\drivers\etc\hosts o2:64bit: - bho: (mcafee phishing filter) - {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapb~1.dll file not found o2:64bit: - bho: (avast! Webrep) - {318a227b-5e9f-45bd-8999-7f8f10ca4cf5} - c:\programme\avast software\avast\aswwebrepie64.dll (avast software) o2:64bit: - bho: (scriptproxy) - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\programme\common files\mcafee\systemcore\scriptsn.20120604153406.dll (mcafee, inc.) o2:64bit: - bho: (google toolbar helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\googletoolbar_64.dll (google inc.) o2:64bit: - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\programme\microsoft office\office14\urlredir.dll (microsoft corporation) o2 - bho: (mcafee phishing filter) - {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll file not found o2 - bho: (babylon toolbar helper) - {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files (x86)\babylontoolbar\babylontoolbar\1.5.3.17\bh\babylontoolbar.dll (babylon bho) o2 - bho: (no name) - {5c255c8a-e604-49b4-9d64-90988571cecb} - no clsid value found. O2 - bho: (zynga toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.) o2 - bho: (scriptproxy) - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\common files\mcafee\systemcore\scriptsn.20120604153406.dll (mcafee, inc.) o2 - bho: (freeware.de toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.) o2 - bho: (avast! Webrep) - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programme\avast software\avast\aswwebrepie.dll (avast software) o2 - bho: (dealply) - {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files (x86)\dealply\dealplyie.dll (dealply technologies ltd) o2 - bho: (skype browser helper) - {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll (skype technologies s.a.) o2 - bho: (office document cache handler) - {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~4\office14\urlredir.dll (microsoft corporation) o2 - bho: (bing bar helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\microsoft\bingbar\7.1.362.0\bingext.dll (microsoft corporation.) o2 - bho: (wiseconvert toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.) o3:64bit: - hklm\..\toolbar: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_64.dll (google inc.) o3:64bit: - hklm\..\toolbar: (avast! Webrep) - {318a227b-5e9f-45bd-8999-7f8f10ca4cf5} - c:\programme\avast software\avast\aswwebrepie64.dll (avast software) o3:64bit: - hklm\..\toolbar: (no name) - locked - no clsid value found. O3 - hklm\..\toolbar: (zynga toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.) o3 - hklm\..\toolbar: (freeware.de toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.) o3 - hklm\..\toolbar: (bing bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files (x86)\microsoft\bingbar\7.1.362.0\bingext.dll (microsoft corporation.) o3 - hklm\..\toolbar: (avast! Webrep) - {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\programme\avast software\avast\aswwebrepie.dll (avast software) o3 - hklm\..\toolbar: (babylon toolbar) - {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files (x86)\babylontoolbar\babylontoolbar\1.5.3.17\babylontoolbartlbr.dll (babylon ltd.) o3 - hklm\..\toolbar: (wiseconvert toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.) o3 - hklm\..\toolbar: (no name) - locked - no clsid value found. O3:64bit: - hkcu\..\toolbar\webbrowser: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_64.dll (google inc.) o3 - hkcu\..\toolbar\webbrowser: (zynga toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files (x86)\zynga\prxtbzyng.dll (conduit ltd.) o3 - hkcu\..\toolbar\webbrowser: (freeware.de toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files (x86)\freeware.de\prxtbfree.dll (conduit ltd.) o3 - hkcu\..\toolbar\webbrowser: (wiseconvert toolbar) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - c:\program files (x86)\wiseconvert\prxtbwise.dll (conduit ltd.) o4:64bit: - hklm..\run: [acer epower management] c:\programme\acer\acer epower management\epowertray.exe (acer incorporated) o4:64bit: - hklm..\run: [amicosinglun64] c:\program files (x86)\amicosinglun\amicosinglun64.exe (alcor micro corp.) o4:64bit: - hklm..\run: [intellipoint] c:\program files\microsoft intellipoint\ipoint.exe (microsoft corporation) o4:64bit: - hklm..\run: [mwldaemon] c:\program files (x86)\egistec mywinlocker\x86\mwldaemon.exe (egis technology inc.) o4:64bit: - hklm..\run: [rthdvcpl] c:\program files\realtek\audio\hda\ravcpl64.exe (realtek semiconductor) o4 - hklm..\run: [avast] c:\program files\avast software\avast\avastui.exe (avast software) o4 - hklm..\run: [backupmanagertray] c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe (newtech infosystems, inc.) o4 - hklm..\run: [datacardmonitor] c:\program files (x86)\t-mobile\t-mobile internet manager\datacardmonitor.exe (huawei technologies co., ltd.) o4 - hklm..\run: [egistecpmmupdate] c:\program files (x86)\egistec ips\pmmupdate.exe (egis technology inc.) o4 - hklm..\run: [egisupdate] c:\program files (x86)\egistec ips\egisupdate.exe (egis technology inc.) o4 - hklm..\run: [lmanager] c:\program files (x86)\launch manager\lmanager.exe (dritek system inc.) o4 - hklm..\run: [logitechquickcamribbon] c:\program files\logitech\logitech webcam software\lws.exe () o4 - hklm..\run: [malwarebytes' anti-malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe (malwarebytes corporation) o4 - hklm..\run: [mcui_exe] c:\program files\mcafee.com\agent\mcagent.exe (mcafee, inc.) o4 - hklm..\run: [nortononlinebackupreminder] c:\program files (x86)\symantec\norton online backup\activation\nobuactivation.exe (symantec corporation) o4 - hklm..\run: [startccc] c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe (advanced micro devices, inc.) o4 - hklm..\run: [suitetray] c:\program files (x86)\egistec mywinlockersuite\x86\suitetray.exe (egis technology inc.) o4 - hkcu..\run: [ea core] "c:\program files (x86)\electronic arts\eadm\core.exe" -silent file not found o4 - hkcu..\run: [eadm] c:\program files (x86)\origin\origin.exe (electronic arts) o4 - hkcu..\run: [gamexn] c:\programdata\gamexn\gamexngo.exe (easybits software as) o4 - hkcu..\run: [gamexn (news)] c:\programdata\gamexn\gamexngo.exe (easybits software as) o4 - hkcu..\run: [gamexn (update)] c:\programdata\gamexn\gamexngo.exe (easybits software as) o4 - hkcu..\run: [hw_openeye_ouc_t-mobile internet manager] c:\program files (x86)\t-mobile\t-mobile internet manager\updatedog\ouc.exe (huawei technologies co., ltd.) o4 - hkcu..\run: [mytomtomsa.exe] c:\program files (x86)\mytomtom 3\mytomtomsa.exe (tomtom) o4 - hkcu..\run: [tomtomhome.exe] c:\program files (x86)\tomtom home 2\tomtomhomerunner.exe (tomtom) o4 - hklm..\runonce: [ malwarebytes anti-malware ] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe (malwarebytes corporation) o4 - hklm..\runonce: [ malwarebytes anti-malware (cleanup)] c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll (malwarebytes corporation) o6 - hklm\software\policies\microsoft\internet explorer\low rights present o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktop = 1 o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Noactivedesktopchanges = 1 o6 - hklm\software\microsoft\windows\currentversion\policies\explorer: Nocontrolpanel = 0 o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 5 o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3 o8:64bit: - extra context menu item: An onenote s&enden - res://c:\progra~2\micros~4\office14\onbttnie.dll/105 file not found o8:64bit: - extra context menu item: Nach microsoft e&xcel exportieren - res://c:\progra~2\micros~4\office14\excel.exe/3000 file not found o8 - extra context menu item: An onenote s&enden - res://c:\progra~2\micros~4\office14\onbttnie.dll/105 file not found o8 - extra context menu item: Nach microsoft e&xcel exportieren - res://c:\progra~2\micros~4\office14\excel.exe/3000 file not found o9:64bit: - extra button: An onenote senden - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\programme\microsoft office\office14\onbttnie.dll (microsoft corporation) o9:64bit: - extra 'tools' menuitem : An onenote s&enden - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\programme\microsoft office\office14\onbttnie.dll (microsoft corporation) o9:64bit: - extra button: Verknüpfte &onenote-notizen - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\programme\microsoft office\office14\onbttnielinkednotes.dll (microsoft corporation) o9:64bit: - extra 'tools' menuitem : Verknüpfte &onenote-notizen - {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - c:\programme\microsoft office\office14\onbttnielinkednotes.dll (microsoft corporation) o9 - extra button: Skype click to call - {898ea8c8-e7ff-479b-8935-aec46303b9e5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll (skype technologies s.a.) o9 - extra 'tools' menuitem : Skype click to call - {898ea8c8-e7ff-479b-8935-aec46303b9e5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll (skype technologies s.a.) o1364bit: - gopher prefix: Missing o13 - gopher prefix: Missing o16 - dpf: {1c11b948-582a-433f-a98d-a8c4d5cc64f2} hxxp://kitchenplanner.ikea.com/de/core/player/2020playerax_win32.cab (20-20 3d viewer) o16 - dpf: Microsoft xml parser for java file:///c:/windows/java/classes/xmldso.cab (reg error: Key error.) o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 192.168.2.1 o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{d1129fa3-1cbd-479e-9f95-653a28b9c0e9}: Dhcpnameserver = 192.168.2.1 o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{ddb23e67-7b03-402c-8be4-ddef15f64ce5}: Dhcpnameserver = 192.168.8.1 194.25.2.129 o18:64bit: - protocol\handler\livecall - no clsid value found o18:64bit: - protocol\handler\ms-help - no clsid value found o18:64bit: - protocol\handler\msnim - no clsid value found o18:64bit: - protocol\handler\skype4com - no clsid value found o18:64bit: - protocol\handler\skype-ie-addon-data - no clsid value found o18:64bit: - protocol\handler\wlmailhtml - no clsid value found o18 - protocol\handler\livecall {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~2\wic4a1~1\messen~1\msgrap~1.dll (microsoft corporation) o18 - protocol\handler\msnim {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~2\wic4a1~1\messen~1\msgrap~1.dll (microsoft corporation) o18 - protocol\handler\skype4com {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll (skype technologies) o18 - protocol\handler\skype-ie-addon-data {91774881-d725-4e58-b298-07617b9b86a8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll (skype technologies s.a.) o18:64bit: - protocol\filter\application/x-mfe-ipt {3ef5086b-5478-4598-a054-786c45d75692} - c:\programme\mcafee\msc\mcsniepl64.dll (mcafee, inc.) o18:64bit: - protocol\filter\text/xml {807573e5-5146-11d5-a672-00b0d022e945} - c:\programme\common files\microsoft shared\office14\msoxmlmf.dll (microsoft corporation) o18 - protocol\filter\application/x-mfe-ipt {3ef5086b-5478-4598-a054-786c45d75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (mcafee, inc.) o20:64bit: - hklm winlogon: Shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation) o20:64bit: - hklm winlogon: Userinit - (c:\windows\system32\userinit.exe) - c:\windows\sysnative\userinit.exe (microsoft corporation) o20:64bit: - hklm winlogon: Vmapplet - (systempropertiesperformance.exe) - c:\windows\sysnative\systempropertiesperformance.exe (microsoft corporation) o20:64bit: - hklm winlogon: Vmapplet - (/pagefile) - file not found o20 - hklm winlogon: Shell - (explorer.exe) - c:\windows\syswow64\explorer.exe (microsoft corporation) o20 - hklm winlogon: Userinit - (userinit.exe) - c:\windows\syswow64\userinit.exe (microsoft corporation) o20 - hklm winlogon: Vmapplet - (/pagefile) - file not found o21:64bit: - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found. O21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found. O32 - hklm cdrom: Autorun - 1 o33 - mountpoints2\{1ae4f8b5-6807-11e0-bd6e-206a8a16016d}\shell - "" = autorun o33 - mountpoints2\{1ae4f8b5-6807-11e0-bd6e-206a8a16016d}\shell\autorun\command - "" = e:\lgautorun.exe o33 - mountpoints2\{a222260b-be54-11e0-a6a6-206a8a16016d}\shell - "" = autorun o33 - mountpoints2\{a222260b-be54-11e0-a6a6-206a8a16016d}\shell\autorun\command - "" = e:\autorun.exe o33 - mountpoints2\{d1bd3718-2c82-11e0-ba37-5cac4cb09ae7}\shell - "" = autorun o33 - mountpoints2\{d1bd3718-2c82-11e0-ba37-5cac4cb09ae7}\shell\autorun\command - "" = e:\autorun.exe o33 - mountpoints2\{d1bd3731-2c82-11e0-ba37-5cac4cb09ae7}\shell - "" = autorun o33 - mountpoints2\{d1bd3731-2c82-11e0-ba37-5cac4cb09ae7}\shell\autorun\command - "" = e:\autorun.exe o33 - mountpoints2\{e332d8bd-bf61-11e0-bb2a-5cac4cb09ae7}\shell - "" = autorun o33 - mountpoints2\{e332d8bd-bf61-11e0-bb2a-5cac4cb09ae7}\shell\autorun\command - "" = e:\autorun.exe o34 - hklm bootexecute: (autocheck autochk *) o35:64bit: - hklm\..comfile [open] -- "%1" %* o35:64bit: - hklm\..exefile [open] -- "%1" %* o35 - hklm\..comfile [open] -- "%1" %* o35 - hklm\..exefile [open] -- "%1" %* o37:64bit: - hklm\...com [@ = comfile] -- "%1" %* o37:64bit: - hklm\...exe [@ = exefile] -- "%1" %* o37 - hklm\...com [@ = comfile] -- "%1" %* o37 - hklm\...exe [@ = exefile] -- "%1" %* o38 - subsystems\\windows: (serverdll=winsrv:userserverdllinitialization,3) o38 - subsystems\\windows: (serverdll=winsrv:conserverdllinitialization,2) o38 - subsystems\\windows: (serverdll=sxssrv,4) ========== files/folders - created within 30 days ========== [2012.06.05 12:39:26 | 000,000,000 | ---d | c] -- c:\users\florence\appdata\roaming\malwarebytes [2012.06.05 12:39:20 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware [2012.06.05 12:39:10 | 000,000,000 | ---d | c] -- c:\programdata\malwarebytes [2012.06.05 12:39:06 | 000,024,904 | ---- | c] (malwarebytes corporation) -- c:\windows\sysnative\drivers\mbam.sys [2012.06.05 12:39:06 | 000,000,000 | ---d | c] -- c:\program files (x86)\malwarebytes' anti-malware [2012.06.05 08:53:40 | 000,337,240 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswsp.sys [2012.06.05 08:53:40 | 000,024,408 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswfsblk.sys [2012.06.05 08:53:40 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\avast! Free antivirus [2012.06.05 08:53:39 | 000,059,224 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswtdi.sys [2012.06.05 08:53:39 | 000,053,080 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswrdr2.sys [2012.06.05 08:53:38 | 000,819,032 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswsnx.sys [2012.06.05 08:53:35 | 000,258,520 | ---- | c] (avast software) -- c:\windows\sysnative\aswboot.exe [2012.06.05 08:53:35 | 000,069,976 | ---- | c] (avast software) -- c:\windows\sysnative\drivers\aswmonflt.sys [2012.06.05 08:52:36 | 000,041,184 | ---- | c] (avast software) -- c:\windows\avastss.scr [2012.06.05 08:52:33 | 000,201,352 | ---- | c] (avast software) -- c:\windows\syswow64\aswboot.exe [2012.06.05 08:52:20 | 000,000,000 | ---d | c] -- c:\programdata\avast software [2012.06.05 08:52:20 | 000,000,000 | ---d | c] -- c:\program files\avast software [2012.06.05 08:32:58 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\mcafee [2012.06.04 17:27:25 | 000,000,000 | -h-d | c] -- c:\mywinlockerdata [2012.06.04 15:07:53 | 000,000,000 | ---d | c] -- c:\windows\sysnative\spreview [2012.06.04 15:06:09 | 000,000,000 | ---d | c] -- c:\windows\sysnative\eventproviders [2012.06.03 20:03:09 | 000,000,000 | ---d | c] -- c:\users\***\desktop\neuer ordner [2012.06.01 18:54:59 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\dealply [2012.06.01 18:54:54 | 000,000,000 | ---d | c] -- c:\program files (x86)\dealply [2012.06.01 18:52:40 | 000,000,000 | ---d | c] -- c:\users\***\appdata\roaming\babylontoolbar [2012.06.01 18:52:36 | 000,000,000 | ---d | c] -- c:\program files (x86)\babylontoolbar [2012.06.01 18:52:08 | 000,000,000 | ---d | c] -- c:\users\***\appdata\local\i want this [2012.06.01 18:52:02 | 000,000,000 | ---d | c] -- c:\program files (x86)\i want this [2012.06.01 18:45:36 | 000,000,000 | ---d | c] -- c:\program files (x86)\wiseconvert [2012.06.01 11:41:28 | 000,000,000 | -hsd | c] -- c:\found.000 [2012.05.28 18:16:06 | 000,000,000 | ---d | c] -- c:\programdata\data becker downloads [2012.05.28 18:15:55 | 000,000,000 | ---d | c] -- c:\users\***\appdata\roaming\protectdisc [2012.05.28 18:15:54 | 000,000,000 | ---d | c] -- c:\program files (x86)\protectdisc driver installer [2012.05.28 18:15:46 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\data becker [2012.05.28 18:15:41 | 000,000,000 | ---d | c] -- c:\program files (x86)\common files\data becker shared [2012.05.28 18:15:19 | 000,000,000 | ---d | c] -- c:\program files (x86)\common files\data becker druckereien [2012.05.28 18:14:02 | 000,000,000 | ---d | c] -- c:\users\***\documents\data becker druckereien [2012.05.28 18:14:02 | 000,000,000 | ---d | c] -- c:\program files (x86)\data becker [2012.05.28 16:22:13 | 560,591,248 | ---- | c] (data becker ) -- c:\users\***\desktop\urkundendruckerei_r1.exe [2012.05.26 06:37:33 | 000,000,000 | ---d | c] -- c:\users\***\appdata\roaming\sf software [2012.05.26 06:37:33 | 000,000,000 | ---d | c] -- c:\users\***\appdata\local\sf [2012.05.26 06:33:33 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\sf [2012.05.26 06:33:24 | 000,000,000 | ---d | c] -- c:\programdata\sf [2012.05.26 06:33:23 | 000,000,000 | ---d | c] -- c:\program files (x86)\sf [2012.05.26 06:31:08 | 000,000,000 | ---d | c] -- c:\users\***\appdata\local\cre [2012.05.26 06:29:51 | 000,000,000 | ---d | c] -- c:\program files (x86)\freeware.de [2012.05.15 09:54:10 | 000,000,000 | ---d | c] -- c:\users\***\desktop\fußball [2012.05.09 06:52:35 | 000,000,000 | ---d | c] -- c:\users\***\desktop\elternbeirat helmstedt ========== files - modified within 30 days ========== [2012.06.05 14:17:02 | 000,001,110 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachineua.job [2012.06.05 12:39:20 | 000,001,113 | ---- | m] () -- c:\users\public\desktop\ malwarebytes anti-malware .lnk [2012.06.05 12:21:41 | 000,000,000 | ---- | m] () -- c:\users\***\defogger_reenable [2012.06.05 12:15:44 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat [2012.06.05 08:53:40 | 000,001,845 | ---- | m] () -- c:\users\public\desktop\avast! Free antivirus.lnk [2012.06.05 08:53:35 | 000,000,000 | ---- | m] () -- c:\windows\syswow64\config.nt [2012.06.05 08:36:31 | 000,017,376 | -h-- | m] () -- c:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0 [2012.06.05 08:36:31 | 000,017,376 | -h-- | m] () -- c:\windows\sysnative\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0 [2012.06.05 08:35:01 | 001,613,412 | ---- | m] () -- c:\windows\sysnative\perfstringbackup.ini [2012.06.05 08:35:01 | 000,697,098 | ---- | m] () -- c:\windows\sysnative\perfh007.dat [2012.06.05 08:35:01 | 000,652,376 | ---- | m] () -- c:\windows\sysnative\perfh009.dat [2012.06.05 08:35:01 | 000,148,362 | ---- | m] () -- c:\windows\sysnative\perfc007.dat [2012.06.05 08:35:01 | 000,121,308 | ---- | m] () -- c:\windows\sysnative\perfc009.dat [2012.06.05 08:28:28 | 000,001,106 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job [2012.06.05 08:27:44 | 000,581,928 | ---- | m] () -- c:\windows\sysnative\fntcache.dat [2012.06.05 08:27:21 | 3111,514,112 | -hs- | m] () -- c:\hiberfil.sys [2012.06.04 20:31:45 | 000,000,777 | ---- | m] () -- c:\users\***\documents\qxgeqtgefpseuggvu - verknüpfung.lnk [2012.06.04 20:00:41 | 000,060,321 | ---- | m] () -- c:\users\***\desktop\ihre_vip-mitgliedschaft_bei_flirtfever_florence_kraus.eml [2012.06.04 09:18:34 | 262,767,926 | ---- | m] () -- c:\windows\memory.dmp [2012.06.01 18:52:40 | 000,001,539 | ---- | m] () -- c:\user.js [2012.05.28 18:22:37 | 000,004,096 | ---- | m] () -- c:\users\public\documents\pyenjudyysvatll [2012.05.28 18:17:48 | 000,002,183 | ---- | m] () -- c:\users\public\desktop\urkunden-druckerei.lnk [2012.05.28 18:12:59 | 560,591,248 | ---- | m] (data becker ) -- c:\users\***\desktop\urkundendruckerei_r1.exe [2012.05.26 06:33:35 | 000,001,953 | ---- | m] () -- c:\users\public\desktop\sf-karte.lnk [2012.05.14 08:05:02 | 000,327,254 | ---- | m] () -- c:\users\***\pdtdatoequudatge [2012.05.07 19:07:56 | 000,112,236 | ---- | m] () -- c:\users\***\yglyflxadxtosq ========== files created - no company name ========== [2012.06.05 12:39:20 | 000,001,113 | ---- | c] () -- c:\users\public\desktop\ malwarebytes anti-malware .lnk [2012.06.05 12:21:41 | 000,000,000 | ---- | c] () -- c:\users\***\defogger_reenable [2012.06.05 08:53:40 | 000,001,845 | ---- | c] () -- c:\users\public\desktop\avast! Free antivirus.lnk [2012.06.05 08:53:35 | 000,000,000 | ---- | c] () -- c:\windows\syswow64\config.nt [2012.06.04 20:39:29 | 000,000,777 | ---- | c] () -- c:\users\***\documents\qxgeqtgefpseuggvu - verknüpfung.lnk [2012.06.04 20:00:41 | 000,060,321 | ---- | c] () -- c:\users\***\desktop\ihre_vip-mitgliedschaft_bei_flirtfever_florence_kraus.eml [2012.06.04 17:30:28 | 000,088,616 | ---- | c] () -- c:\users\***\documents\adugptvtlegnajqvs [2012.06.01 18:52:31 | 000,001,539 | ---- | c] () -- c:\user.js [2012.05.28 18:15:46 | 000,002,183 | ---- | c] () -- c:\users\public\desktop\urkunden-druckerei.lnk [2012.05.28 18:15:19 | 002,089,984 | ---- | c] () -- c:\windows\syswow64\custompic.dll [2012.05.26 06:33:35 | 000,001,953 | ---- | c] () -- c:\users\public\desktop\sf-karte.lnk [2011.12.08 12:19:03 | 001,591,306 | ---- | c] () -- c:\windows\syswow64\perfstringbackup.ini [2011.09.22 06:38:47 | 000,006,656 | ---- | c] () -- c:\users\***\appdata\local\dcbc2a71-70d8-4dan-ehr8-e0d61dea3fdf.ini [2011.08.15 10:38:05 | 000,006,550 | ---- | c] () -- c:\windows\jautoexp.dat [2010.12.18 16:15:49 | 000,000,425 | ---- | c] () -- c:\windows\brwmark.ini [2010.12.18 16:15:49 | 000,000,027 | ---- | c] () -- c:\windows\brpp2ka.ini [2010.12.18 13:47:45 | 000,000,056 | -h-- | c] () -- c:\programdata\ezsidmv.dat [2010.09.10 11:34:55 | 000,001,035 | ---- | c] () -- c:\windows\syswow64\atipblag.dat [2010.09.10 11:33:57 | 000,001,604 | ---- | c] () -- c:\windows\wpatchprogress.ini [2010.09.10 02:13:54 | 000,000,033 | ---- | c] () -- c:\windows\launapp.ini [2010.09.10 01:55:13 | 000,000,000 | ---- | c] () -- c:\windows\ativpsrm.bin ========== lop check ========== [2011.05.08 15:05:15 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\amazon [2012.06.04 06:11:12 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\babylon [2012.06.01 18:52:41 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\babylontoolbar [2011.02.06 13:09:03 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\cerasus.media [2012.06.05 08:24:14 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\go [2011.05.15 21:20:09 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\leadertech [2010.12.16 07:35:05 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\lite [2012.06.04 06:11:13 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\liteon [2012.06.04 15:55:39 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\origin [2012.06.04 19:16:18 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\protectdisc [2012.05.26 06:37:33 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\sf software [2011.01.30 17:13:12 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\t-mobile [2012.06.04 19:16:18 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\t-mobile internet manager [2011.01.28 15:09:13 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\tomtom [2011.03.24 09:42:29 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\tuneup software [2011.04.01 18:26:22 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\wildlife park 2 [2011.04.03 09:01:20 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\wildlife park 2 - abenteuer auf der ranch [2011.04.01 18:54:17 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\wildlife park 2 - crazy zoo [2011.04.04 14:49:51 | 000,000,000 | ---d | m] -- c:\users\***\appdata\roaming\wildlife park 2 - marine world [2011.07.15 06:50:29 | 000,032,584 | ---- | m] () -- c:\windows\tasks\schedlgu.txt ========== purity check ========== ========== alternate data streams ========== @alternate data stream - 949 bytes -> c:\users\florence\desktop\ihre_vip-mitgliedschaft_bei_flirtfever_florence_kraus.eml:oecustomproperty @alternate data stream - 136 bytes -> c:\programdata\temp:93de1838 @alternate data stream - 135 bytes -> c:\programdata\temp:93eb7685 @alternate data stream - 132 bytes -> c:\programdata\temp:5d7e5a8f < end of report > Hier teil 2OTL EXTRAS Logfile: Code:
ATTFilter otl extras logfile created on: 05.06.2012 13:37:10 - run 1
otl by oldtimer - version 3.2.46.1 folder = c:\users\***\downloads
64bit- home premium edition service pack 1 (version = 6.1.7601) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy
3,86 gb total physical memory | 1,57 gb available physical memory | 40,61% memory free
7,73 gb paging file | 4,57 gb available in paging file | 59,15% paging file free
paging file location(s): ?:\pagefile.sys [binary data]
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files (x86)
drive c: | 452,48 gb total space | 372,29 gb free space | 82,28% space free | partition type: Ntfs
drive d: | 270,88 mb total space | 0,00 mb free space | 0,00% space free | partition type: Udf
computer name: ***-pc | user name: *** | logged in as administrator.
Boot mode: Normal | scan mode: Current user | quick scan | include 64bit scans
company name whitelist: On | skip microsoft files: On | no company name whitelist: On | file age = 30 days
========== extra registry (safelist) ==========
========== file associations ==========
64bit: [hkey_local_machine\software\classes\<extension>]
.html[@ = chromehtml] -- c:\program files (x86)\google\chrome\application\chrome.exe (google inc.)
.url[@ = internetshortcut] -- c:\windows\sysnative\rundll32.exe (microsoft corporation)
[hkey_local_machine\software\classes\<extension>]
.cpl [@ = cplfile] -- c:\windows\syswow64\control.exe (microsoft corporation)
.html [@ = chromehtml] -- c:\program files (x86)\google\chrome\application\chrome.exe (google inc.)
[hkey_current_user\software\classes\<extension>]
.html [@ = chromehtml] -- reg error: Key error. File not found
========== shell spawning ==========
64bit: [hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- reg error: Key error.
Http [open] -- "c:\program files (x86)\google\chrome\application\chrome.exe" -- "%1" (google inc.)
https [open] -- "c:\program files (x86)\google\chrome\application\chrome.exe" -- "%1" (google inc.)
inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
internetshortcut [open] -- "c:\windows\system32\rundll32.exe" "c:\windows\system32\ieframe.dll",openurl %l (microsoft corporation)
internetshortcut [print] -- "c:\windows\system32\rundll32.exe" "c:\windows\system32\mshtml.dll",printhtml "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
[hkey_local_machine\software\classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %systemroot%\system32\control.exe "%1",%* (microsoft corporation)
exefile [open] -- "%1" %*
helpfile [open] -- reg error: Key error.
Http [open] -- "c:\program files (x86)\google\chrome\application\chrome.exe" -- "%1" (google inc.)
https [open] -- "c:\program files (x86)\google\chrome\application\chrome.exe" -- "%1" (google inc.)
inffile [install] -- %systemroot%\system32\infdefaultinstall.exe "%1" (microsoft corporation)
piffile [open] -- "%1" %*
regfile [merge] -- reg error: Key error.
Scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,installscreensaver %l
scrfile [open] -- "%1" /s
txtfile [edit] -- reg error: Key error.
Unknown [openas] -- %systemroot%\system32\rundll32.exe %systemroot%\system32\shell32.dll,openas_rundll %1
directory [cmd] -- cmd.exe /s /k pushd "%v" (microsoft corporation)
directory [find] -- %systemroot%\explorer.exe (microsoft corporation)
folder [open] -- %systemroot%\explorer.exe (microsoft corporation)
folder [explore] -- reg error: Value error.
Drive [find] -- %systemroot%\explorer.exe (microsoft corporation)
========== security center settings ==========
64bit: [hkey_local_machine\software\microsoft\security center]
"cval" = 1
64bit: [hkey_local_machine\software\microsoft\security center\monitoring]
64bit: [hkey_local_machine\software\microsoft\security center\svc]
"vistasp1" = 28 4d b2 76 41 04 ca 01 [binary data]
"antivirusoverride" = 0
"antispywareoverride" = 0
"firewalloverride" = 0
64bit: [hkey_local_machine\software\microsoft\security center\svc\vol]
[hkey_local_machine\software\microsoft\security center]
[hkey_local_machine\software\microsoft\security center\svc]
========== firewall settings ==========
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile]
"disablenotifications" = 0
"enablefirewall" = 1
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"disablenotifications" = 0
"enablefirewall" = 1
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\publicprofile]
"disablenotifications" = 0
"enablefirewall" = 1
========== authorized applications list ==========
========== vista active open ports exception list ==========
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{128b2afb-231f-4884-a70e-165f9a8d03ce}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1b1f978a-9bb1-4fcd-8800-88e236f92768}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{23a419b7-0dfa-4007-ac07-c8e6ff5d60c8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{292f2b58-fafb-471a-9773-8d19341d3671}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{32593e52-6a1d-473b-a262-b8980d26d629}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{33de41e2-04f5-431c-9d4e-09358885b9c7}" = lport=445 | protocol=6 | dir=in | app=system |
"{36d73743-efe6-490b-a328-07b944d54a89}" = rport=137 | protocol=17 | dir=out | app=system |
"{422e1edd-c5da-4453-9eb3-daa945f7e819}" = rport=445 | protocol=6 | dir=out | app=system |
"{5088d1ba-95f6-4c21-b10f-b27e3fc85237}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6d3af3f4-f4ff-4595-8b26-84f12256dc73}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7998e1d1-42fd-49a5-98c5-e2eac7a42b24}" = rport=139 | protocol=6 | dir=out | app=system |
"{7ad2855d-cb16-4a84-8fd6-112e354f0e11}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8a7a556d-868d-4525-b08d-d01ad91193c6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{a7cf377d-8d9a-42b2-8c65-f5db718e2e75}" = lport=138 | protocol=17 | dir=in | app=system |
"{aa7a1047-d2c6-44de-8c88-04d4aff7190e}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ae635111-2161-464a-8b69-74ec220aa494}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{b395ea34-f304-49a7-858a-a03bc0a9da25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{c3049784-8421-4e53-be33-9a0b17748fba}" = lport=139 | protocol=6 | dir=in | app=system |
"{c3a13845-87cd-45ed-bd83-11cad45d903d}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ce4edf01-629e-4b14-9f60-c46048c99439}" = rport=138 | protocol=17 | dir=out | app=system |
"{cffa21f3-9f03-4557-b14d-4425a502a232}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{e23e30ed-7447-4026-b3d6-05dba48f0d20}" = lport=137 | protocol=17 | dir=in | app=system |
"{f26e4b54-b2ae-4eb8-a84e-eb1c7c504fdd}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== vista active application exception list ==========
[hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules]
"{141e552c-afb8-4730-b3e2-a1622df958c7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1bbf7245-1d13-4f33-98aa-1cca8d4201dd}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{265def6b-7102-4c3f-b85a-884cff19bb3e}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{29f83c1a-d31e-46a8-b85f-ff00b647c64f}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{3a79436e-4999-43fa-98ef-3e0d2d68cc7a}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3eb1f1ed-8654-4668-90ec-bb7c68a63ad3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4cdbd54e-422f-47b9-b235-e889bb81ecab}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{57de9c7d-e017-46dd-b364-af3820a65628}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5a053d68-91ab-40d2-8da5-8bf2840fbe52}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{5aab97bf-25f9-4d24-9df7-de40c8b0a39a}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5bf5a179-7fb8-464d-aeee-4c97aebebba3}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{7018c944-7c07-4f2a-9bfe-d5ee2db6935b}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{721fdcf7-ef17-4399-ab92-5d84ee09f3c3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{7c8fddc5-93ee-4fcc-9c8e-ad7b5faabded}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{93b419c5-1fa2-4512-9a00-db3f25faa2c1}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{93ca7ef4-efed-4ff3-84d5-fe6b2c24a902}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{a8557992-b574-42e5-a183-af9bfd415599}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{c74e7e11-31a6-4ce0-8828-55978ccaaa09}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{cfa50fc5-7307-48da-9895-dff6972ce0ea}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{dac1d444-d779-495a-a37c-3ad6e9225ad9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{f5e7c22d-ff05-4863-9a56-8ecf3dabc4c7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
========== hkey_local_machine uninstall list ==========
64bit: [hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{1d8e6291-b0d5-35ec-8441-6616f567a0f7}" = microsoft visual c++ 2010 x64 redistributable - 10.0.40219
"{1f557316-cfc0-41bd-aff7-8bc49ce444d7}" = shredder
"{3ed4ad02-f631-4a4c-aac8-2325996e5a56}" = microsoft intellipoint 8.1
"{4b6c7001-c7d6-3710-913e-5bc23fce91e6}" = microsoft visual c++ 2008 redistributable - x64 9.0.30729.4148
"{5fce6d76-f5dc-37ab-b2b8-22ab8cedb1d4}" = microsoft visual c++ 2008 redistributable - x64 9.0.30729.6161
"{8338783a-0968-3b85-afc7-baae0a63dc50}" = microsoft visual c++ 2008 redistributable - kb2467174 - x64 9.0.30729.5570
"{8b79b3a9-6e49-5ffb-2017-a822bbdc4992}" = ati catalyst install manager
"{8e34682c-8118-31f1-bc4c-98cd9675e1c2}" = microsoft .net framework 4 extended
"{90140000-002a-0000-1000-0000000ff1ce}" = microsoft office office 64-bit components 2010
"{90140000-002a-0407-1000-0000000ff1ce}" = microsoft office shared 64-bit mui (german) 2010
"{95120000-00b9-0409-1000-0000000ff1ce}" = microsoft application error reporting
"{987fe247-4e69-4a2e-a961-d14f901fdbf6}" = logitech webcam software
"{9f72ef8b-aec9-4ca5-b483-143980afd6fd}" = alps touch pad driver
"{a84db02b-9c2b-4272-9d2d-a80e00a56513}" = broadcom gigabit netlink controller
"{b0b97cf2-5032-a645-7ffc-bd1e39fc4e3f}" = ccc-utility64
"{f5b09cfd-f0b2-36af-8df4-1df6b63fc7b4}" = microsoft .net framework 4 client profile
"adobe flash player activex" = adobe flash player 11 activex 64-bit
"microsoft .net framework 4 client profile" = microsoft .net framework 4 client profile
"microsoft .net framework 4 extended" = microsoft .net framework 4 extended
"microsoft intellipoint 8.1" = microsoft intellipoint 8.1
[hkey_local_machine\software\microsoft\windows\currentversion\uninstall]
"{002d9d5e-29ba-3e6d-9bc4-3d7d6dbc735c}" = microsoft visual c++ 2008 atl update kb973924 - x86 9.0.30729.4148
"{02a414ea-0e5f-cd08-61ef-e155f31dff76}" = catalyst control center graphics previews vista
"{08938019-97fa-1c7a-19e0-0c8d56ed7cb2}" = ccc help hungarian
"{08c7a49d-2b12-46f6-8b41-26d3b0d1c01f}" = visual studio c++ 9.0 runtime
"{0a4d717b-e6e8-11fa-e7d2-385ebb1a4a85}" = ccc help japanese
"{0d7cd0d9-4a88-4a63-8f91-3f4e8f371768}" = mywinlocker
"{12efa1a4-ac3b-443c-8143-237ede760403}" = nti backup now standard
"{13ba5548-1065-4dbe-b115-681afb77263b}" = ccc help swedish
"{15d967b5-a4be-42ae-9e84-64cd062b25aa}" = esobi v2
"{16793295-2366-40f7-a045-a3e42a81365e}" = bing bar
"{16890d7f-1c77-733b-d8e4-f5d4315a5f93}" = catalyst control center localization all
"{18455581-e099-4ba8-bc6b-f34b2f06600c}" = google toolbar for internet explorer
"{1cbdb473-e303-efae-88d1-6f741acd5b31}" = ccc help czech
"{1d8912b0-343c-eb1f-28ee-b672d444c192}" = catalyst control center installproxy
"{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.4148
"{205c6bdd-7b73-42de-8505-9a093f35a238}" = windows live-uploadtool
"{22b775e7-6c42-4fc5-8e10-9a5e3257bd94}" = msvcrt
"{2318c2b1-4965-11d4-9b18-009027a5cd4f}" = google toolbar for internet explorer
"{2413930c-8309-47a6-bc61-5ef27a4222bc}" = nti media maker 8
"{287ecfa4-719a-2143-a09b-d6a12de54e40}" = acrobat.com
"{2ba722d1-48d1-406e-9123-8ae5431d63ef}" = windows live fotogalerie
"{2c59bf0e-66a5-681e-60fe-8d18ce6319a1}" = ccc help german
"{2c9d4fca-3e7f-9368-6955-ea6d65f7dc78}" = ccc help english
"{2d2d8fe2-605c-4d3c-b706-36e981e7eef0}" = cyberlink bd_3d advisor 2.0
"{2d37f6ae-d201-4580-b91a-6bf9bb93ed2d}" = die sims™ 2 super deluxe
"{3788b9b7-c15f-4c64-d52b-3dd1ba494b7a}" = ccc help korean
"{39286675-3166-9420-2336-779493021964}" = dein eigenes fohlen
"{3b4e636e-9d65-4d67-ba61-189800823f52}" = windows live communications platform
"{3d200eb9-44fc-432f-1e35-c20ab5fdcd77}" = ccc help thai
"{3db0448d-ad82-4923-b305-d001e521a964}" = acer epower management
"{3e29ee6c-963a-4aae-86c1-dc237c4a49fc}" = intel(r) rapid storage technology
"{3efef049-23d4-4b46-8903-4592fea51018}" = windows live movie maker
"{3f0d0abe-cdaf-431a-00bc-cbbe018ea74e}" = simcity 4 deluxe
"{41e654a9-26d0-4eac-854b-0fa824fffabb}" = windows live messenger
"{4286e640-b5fb-11df-ac4b-005056c00008}" = google earth
"{4412f224-3849-4461-a3e9-deef8d252790}" = visual studio c++ 10.0 runtime
"{44d52071-5077-2839-1ae6-863563aea269}" = ccc help russian
"{4bcbc4d0-1d88-462d-809e-506f34ea11c0}" = catalyst control center - branding
"{51f026fa-5146-4232-a8ba-1364740bd053}" = acer crystal eye webcam
"{52b97218-98cb-4b8b-9283-d213c85e1aa4}" = windows live anmelde-assistent
"{5d4c60aa-84e6-4e1a-8a68-69970d387be1}" = tuneup utilities language pack (de-de)
"{5fc68772-6d56-41c6-9df1-24e868198ae6}" = windows live call
"{6030fcd7-8f1a-427d-af05-8dd1a2ea2aba}" = alcor micro usb card reader
"{65153ea5-8b6e-43b6-857b-c6e4fc25798a}" = intel(r) management engine components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = microsoft visual c++ 2005 redistributable
"{719cdc89-b1b8-49bc-9194-80cafc7dc9c0}_is1" = 22 pferdespiele
"{7299052b-02a4-4627-81f2-1818da5d550d}" = microsoft visual c++ 2005 redistributable
"{72b776e5-4530-4c4b-9453-751df87d9d93}" = backup manager basic
"{738bf5c3-af7b-4bb0-b7ef-e505efc756be}" = mywinlocker suite
"{740b51d7-c903-4536-9530-b6304c937f51}" = wildlife park 2 familien edition
"{76618402-179d-4699-a66b-d351c59436bc}" = windows live sync
"{770657d0-a123-3c07-8e44-1c83ec895118}" = microsoft visual c++ 2005 atl update kb973923 - x86 8.0.50727.4053
"{778f22ef-506b-4b87-b551-99540f526f2c}_is1" = klavitomat, das notenlernprogramm
"{7d5dec56-4f64-49ea-a3d6-3c0537b7e768}" = quickverein plus xpressupdate
"{7f811a54-5a09-4579-90e1-c93498e230d9}" = acer erecovery management
"{82c36957-d2b8-4ef2-b88c-5fa03aa848c7-110300453}" = spin & win
"{82c36957-d2b8-4ef2-b88c-5fa03aa848c7-11273477}" = amazonia
"{82c36957-d2b8-4ef2-b88c-5fa03aa848c7-113832110}" = dream day first home
"{83aa2913-c123-4146-85bd-ad8f93971d39}" = babylonobjectinstaller
"{83beefb4-8c28-4f4f-8a9d-e0d1adce335b}" = die*sims*mittelalter
"{86ce85e6-dbac-3ffd-b977-e4b79f83c909}" = microsoft visual c++ 2008 redistributable - kb2467174 - x86 9.0.30729.5570
"{87976d85-dbf6-f263-39b6-500acb658ce0}" = catalyst control center graphics full existing
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = microsoft silverlight
"{8b33496c-ce5c-43db-9890-a9fb5dfa01bf}" = quickverein plus 2011
"{8cf49342-170d-4ded-bb22-cfe5e1c68a57}" = sf-karte 4.00
"{8f3c31c5-9c3a-4aa8-8efa-71290a7ad533}" = tomtom home visual studio merge modules
"{90140000-0015-0407-0000-0000000ff1ce}" = microsoft office access mui (german) 2010
"{90140000-0015-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0016-0407-0000-0000000ff1ce}" = microsoft office excel mui (german) 2010
"{90140000-0016-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0018-0407-0000-0000000ff1ce}" = microsoft office powerpoint mui (german) 2010
"{90140000-0018-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-0019-0407-0000-0000000ff1ce}" = microsoft office publisher mui (german) 2010
"{90140000-0019-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001a-0407-0000-0000000ff1ce}" = microsoft office outlook mui (german) 2010
"{90140000-001a-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001b-0407-0000-0000000ff1ce}" = microsoft office word mui (german) 2010
"{90140000-001b-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0407-0000-0000000ff1ce}" = microsoft office proof (german) 2010
"{90140000-001f-0407-0000-0000000ff1ce}_office14.singleimage_{65a2328e-fdfb-4ca3-8582-357ea6825fea}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0409-0000-0000000ff1ce}" = microsoft office proof (english) 2010
"{90140000-001f-0409-0000-0000000ff1ce}_office14.singleimage_{99acca38-6dd3-48a8-96ae-a283c9759279}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-040c-0000-0000000ff1ce}" = microsoft office proof (french) 2010
"{90140000-001f-040c-0000-0000000ff1ce}_office14.singleimage_{46298f6a-1e7e-4d4a-b5f5-106a4f0e48c6}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-001f-0410-0000-0000000ff1ce}" = microsoft office proof (italian) 2010
"{90140000-001f-0410-0000-0000000ff1ce}_office14.singleimage_{c0743197-ffee-4c19-baeb-8f7437dc4c8a}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-002a-0000-1000-0000000ff1ce}_office14.singleimage_{967ef02c-5c7e-4718-8fcb-bdc050190ccf}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-002a-0407-1000-0000000ff1ce}_office14.singleimage_{594128c9-2cdf-43ce-8103-dc100cf013b6}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-002c-0407-0000-0000000ff1ce}" = microsoft office proofing (german) 2010
"{90140000-002c-0407-0000-0000000ff1ce}_office14.singleimage_{4275fb46-abdf-4456-876c-17cf64294d9a}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-003d-0000-0000-0000000ff1ce}" = microsoft office single image 2010
"{90140000-003d-0000-0000-0000000ff1ce}_office14.singleimage_{047b0968-e622-4faa-9b4b-121fa109edde}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-006e-0407-0000-0000000ff1ce}" = microsoft office shared mui (german) 2010
"{90140000-006e-0407-0000-0000000ff1ce}_office14.singleimage_{98edfd9f-ea76-40cc-bce9-92c69413f65b}" = microsoft office 2010 service pack 1 (sp1)
"{90140000-00a1-0407-0000-0000000ff1ce}" = microsoft office onenote mui (german) 2010
"{90140000-00a1-0407-0000-0000000ff1ce}_office14.singleimage_{69e54534-4569-4639-89e9-305b60a11601}" = microsoft office 2010 service pack 1 (sp1)
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.17
"{9bbb29a1-c71d-dd1d-66b1-352aaab13fc6}" = ccc help danish
"{9be518e6-ecc6-35a9-88e4-87755c07200f}" = microsoft visual c++ 2008 redistributable - x86 9.0.30729.6161
"{9f4d1d9e-5542-b572-81a7-9dcb0aeed1be}" = ccc help french
"{a2bca9f1-566c-4805-97d1-7fdc93386723}" = adobe air
"{a3ef3fad-6aba-1551-ad3b-d09361c5eec9}" = ccc help polish
"{a73fbc00-44f8-0ecf-76fb-14cf62120b55}" = ccc-core-static
"{a8516ac9-aaf1-47f9-9766-03e2d4cdbcf8}" = cyberlink powerdvd 9
"{a92dab39-4e2c-4304-9ab6-bc44e68b55e2}" = google update helper
"{aa440541-c593-42bc-85ce-d95af1cf0473}_is1" = 22 hundespiele
"{aaceaae9-9cc3-5715-4539-eb13ca3c67ba}" = ccc help spanish
"{abee079e-648e-488b-8301-0c3db48c1bce}_is1" = acer gamezone console
"{ac76ba86-7ad7-ffff-7b44-a91000000001}" = adobe reader 9.4.5 mui
"{b0d792a7-bd06-4c91-ab2a-d082aca9dc0b}_is1" = mein aquarium
"{b2463ad3-1334-a30e-a523-d38e8e7b09a2}" = ccc help dutch
"{b6cf2967-c81e-40c0-9815-c05774fef120}" = skype click to call
"{ba2ad7f2-55ae-87b5-00dd-9b0c6f087fd0}" = catalyst control center graphics light
"{bc940cd7-fc71-83c5-2001-cf6fd07ba3d1}" = ccc help chinese traditional
"{bf847a60-119d-6888-b2da-ec62f1b66bbb}" = ccc help chinese standard
"{c05d8cdb-417d-4335-a38c-a0659edfd6b8}" = die sims™ 3
"{c2695e83-cf1d-43d1-84fe-b3bec561012a}" = shredder
"{c4d738f7-996a-4c81-b8fa-c4e26d767e41}" = windows live mail
"{c57bcde1-7cb9-467d-b3ba-7e119916cdc1}" = norton online backup
"{c97396a9-44bc-c856-0b92-93a6a417d6a8}" = catalyst control center graphics full new
"{ca10114e-3941-e8ed-70a3-17caa2226afc}" = ccc help turkish
"{cab89605-7c12-8082-32df-b419c696bd12}" = catalyst control center core implementation
"{d98c2191-0ae0-4087-9153-018a4810df45}" = ccc help norwegian
"{df7d3c5e-87fc-6ae6-d986-35e0f05fefd9}" = ccc help italian
"{e0a4805d-280a-4dd7-9e74-3a5f85e302a1}" = windows live writer
"{e0b19df7-b1c7-4937-82c4-0e4b1e346965}" = ebay worldwide
"{e1640da5-89b4-4f52-b15d-5da3d14f29d4}" = lg usb modem drivers
"{e2dfe069-083e-4631-9b6c-43c48e991de5}" = junk mail filter update
"{e3e71d07-cd27-46cb-8448-16d4fb29aa13}" = microsoft wse 3.0 runtime
"{eba8538c-f0b1-a089-d555-44dbf3a47c9f}" = ccc help finnish
"{ee171732-beb4-4576-887d-cb62727f01ca}" = acer updater
"{ee7257a2-39a2-4d2f-9dac-f9f25b8ae1d8}" = skype™ 5.8
"{f0b430d1-b6aa-473d-9b06-aa3dd01fd0b8}" = microsoft sql server 2005 compact edition [enu]
"{f0c3e5d1-1ade-321e-8167-68ef0de699a5}" = microsoft visual c++ 2010 x86 redistributable - 10.0.40219
"{f0e12bba-ad66-4022-a453-a1c8a0c4d570}" = microsoft choice guard
"{f132af7f-7bca-4ede-8a7c-958108fe7dbc}" = realtek high definition audio driver
"{f22e305e-bd02-5cc1-92d0-bd7170cdfe45}" = ccc help portuguese
"{f8ff18ee-264a-43fd-b2f6-5ead40798c2f}" = windows live essentials
"{fd4b3108-0915-31e1-5a7c-ac5b3c33846c}" = ccc help greek
"43f7c9185fef15ef8b19191c93c2b4e0" = treasure island
"acer registration" = acer registration
"acer screensaver" = acer screensaver
"acer welcome center" = welcome center
"adobe air" = adobe air
"adobe flash player activex" = adobe flash player 11 activex
"amazon mp3-downloader" = amazon mp3-downloader 1.0.9
"avast" = avast! Free antivirus
"babylontoolbar" = babylon toolbar on ie
"camerawindowdc8" = canon utilities camerawindow dc 8
"camerawindowlauncher" = canon utilities camerawindow launcher
"canon image gateway task" = canon image gateway task for zoombrowser ex
"canon mov decoder" = canon mov decoder
"canon mov encoder" = canon mov encoder
"dealply" = dealply
"freeware.de toolbar" = freeware.de toolbar
"google chrome" = google chrome
"identity card" = identity card
"installshield_{12efa1a4-ac3b-443c-8143-237ede760403}" = nti backup now 5
"installshield_{15d967b5-a4be-42ae-9e84-64cd062b25aa}" = esobi v2
"installshield_{2413930c-8309-47a6-bc61-5ef27a4222bc}" = nti media maker 8
"installshield_{6030fcd7-8f1a-427d-af05-8dd1a2ea2aba}" = alcor micro usb card reader
"installshield_{72b776e5-4530-4c4b-9453-751df87d9d93}" = acer backup manager
"installshield_{738bf5c3-af7b-4bb0-b7ef-e505efc756be}" = mywinlocker suite
"installshield_{a8516ac9-aaf1-47f9-9766-03e2d4cdbcf8}" = cyberlink powerdvd 9
"lg internet kit" = lg internet kit
"lmanager" = launch manager
"logitech vid" = logitech vid hd
"malwarebytes' anti-malware_is1" = malwarebytes Anti-Malware version 1.61.0.1400
"meine katzenwelt_is1" = meine katzenwelt
"movieedittask" = canon movieedit task for zoombrowser ex
"movieuploaderforyoutube" = canon utilities movie uploader for youtube
"msc" = mcafee internet security suite
"mycamera" = canon utilities mycamera
"mycamera download plugin" = canon image gateway mycamera download plugin
"mytomtom" = mytomtom 3.1.0.530
"office14.singleimage" = microsoft office home and student 2010
"origin" = origin
"photostitch" = canon utilities photostitch
"protectdisc driver 11" = protectdisc driver, version 11
"sweet home 3d_is1" = sweet home 3d version 3.1
"t-mobile internet manager" = t-mobile internet manager
"tomtom home" = tomtom home 2.8.3.2499
"urkunden-druckerei_is1" = data becker urkunden-druckerei
"winlivesuite_wave3" = windows live essentials
"wiseconvert toolbar" = wiseconvert toolbar
"zoombrowser ex" = canon utilities zoombrowser ex
"zoombrowser ex memory card utility" = canon zoombrowser ex memory card utility
"zynga toolbar" = zynga toolbar
========== hkey_current_user uninstall list ==========
[hkey_current_user\software\microsoft\windows\currentversion\uninstall]
"game organizer" = gamexn go
"protect disc license helper" = protect disc license helper 1.0.125 (ie)
========== last 10 event log errors ==========
[ application events ]
error - 08.03.2012 05:42:03 | computer name = florence-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
(x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
in zeile 2. Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
Error - 08.03.2012 13:01:46 | computer name = ***-pc | source = application error | id = 1000
description = name der fehlerhaften anwendung: Iexplore.exe, version: 9.0.8112.16421,
zeitstempel: 0x4d76255d name des fehlerhaften moduls: Winmm.dll, version: 6.1.7600.16385,
zeitstempel: 0x4a5bdb42 ausnahmecode: 0xc0000005 fehleroffset: 0x000071ff id des fehlerhaften
prozesses: 0x1c08 startzeit der fehlerhaften anwendung: 0x01ccfd496153e5f0 pfad der
fehlerhaften anwendung: C:\program files (x86)\internet explorer\iexplore.exe pfad
des fehlerhaften moduls: C:\windows\system32\winmm.dll berichtskennung: 62f7a228-6940-11e1-8778-206a8a16016d
error - 09.03.2012 08:27:21 | computer name = florence-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
(x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
in zeile 2. Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
Error - 10.03.2012 07:09:04 | computer name = ***-pc | source = microsoft-windows-capi2 | id = 512
description = vom kryptografiedienst konnte das vss-sicherungsobjekt "system writer"
nicht initialisiert werden. Details: System writer object failed to subscribe to
vss. System error: Unbekannter fehler .
Error - 11.03.2012 05:45:52 | computer name = ***-pc | source = application error | id = 1000
description = name der fehlerhaften anwendung: Iexplore.exe, version: 9.0.8112.16421,
zeitstempel: 0x4d76255d name des fehlerhaften moduls: Msvcrt.dll, version: 7.0.7600.16930,
zeitstempel: 0x4eeaf834 ausnahmecode: 0xc0000005 fehleroffset: 0x00009b60 id des fehlerhaften
prozesses: 0x15a8 startzeit der fehlerhaften anwendung: 0x01ccff694a727a04 pfad der
fehlerhaften anwendung: C:\program files (x86)\internet explorer\iexplore.exe pfad
des fehlerhaften moduls: C:\windows\syswow64\msvcrt.dll berichtskennung: Fd1da199-6b5e-11e1-9be4-206a8a16016d
error - 11.03.2012 12:16:17 | computer name = ***-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
(x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
in zeile 2. Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
Error - 12.03.2012 04:41:52 | computer name = ***-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
(x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
in zeile 2. Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
Error - 12.03.2012 05:18:38 | computer name = ***-pc | source = sidebyside | id = 16842827
description = fehler beim generieren des aktivierungskontextes für "c:\program files
(x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe". Fehler in manifest-
oder richtliniendatei "c:\program files (x86)\skype\toolbars\internet explorer\skypeiepluginbroker.exe"
in zeile 2. Mehrere requestedprivileges-elemente sind nicht im manifest zulässig.
Error - 12.03.2012 05:19:53 | computer name = ***-pc | source = sidebyside | id = 16842815
description = fehler beim generieren des aktivierungskontextes für "c:\program files
(x86)\common files\adobe air\versions\1.0\adobe air.dll". Fehler in manifest- oder
richtliniendatei "c:\program files (x86)\common files\adobe air\versions\1.0\adobe
air.dll" in zeile 3. Der wert "major_version.minor_version.build_number_major.build_number_minor"
des "version"-attributs im assemblyidentity-element ist ungültig.
Error - 12.03.2012 05:24:00 | computer name = ***-pc | source = sidebyside | id = 16842787
description = fehler beim generieren des aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\moviemaker.exe". Fehler in manifest- oder richtliniendatei
"c:\program files (x86)\windows live\photo gallery\wlmfds.dll" in zeile 8. Die
im manifest gefundene komponenten-id stimmt nicht mit der id der angeforderten komponente
überein. Verweis: Wlmfds,processorarchitecture="amd64",type="win32",version="1.0.0.1".
Definition:
Wlmfds,processorarchitecture="x86",type="win32",version="1.0.0.1". Verwenden sie
das programm "sxstrace.exe" für eine detaillierte diagnose.
[ media center events ]
error - 17.11.2011 09:49:48 | computer name = ***-pc | source = mcupdate | id = 0
description = 14:49:48 - fehler beim herstellen der internetverbindung. 14:49:48
- serververbindung konnte nicht hergestellt werden..
Error - 17.11.2011 09:50:08 | computer name = ***-pc | source = mcupdate | id = 0
description = 14:49:55 - fehler beim herstellen der internetverbindung. 14:49:55
- serververbindung konnte nicht hergestellt werden..
Error - 17.11.2011 22:09:17 | computer name = ***-pc | source = mcupdate | id = 0
description = 03:09:17 - fehler beim herstellen der internetverbindung. 03:09:17
- serververbindung konnte nicht hergestellt werden..
Error - 18.11.2011 01:52:10 | computer name = ***-pc | source = mcupdate | id = 0
description = 03:09:24 - fehler beim herstellen der internetverbindung. 03:09:24
- serververbindung konnte nicht hergestellt werden..
[ system events ]
error - 04.06.2012 10:51:42 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde: %%1068
error - 04.06.2012 10:51:42 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde: %%1068
error - 04.06.2012 10:51:59 | computer name = ***-pc | source = dcom | id = 10005
description =
error - 04.06.2012 10:51:59 | computer name = ***-pc | source = dcom | id = 10005
description =
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde: %%1068
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde: %%1068
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde: %%1068
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde: %%1068
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde: %%1068
error - 04.06.2012 10:52:01 | computer name = ***-pc | source = service control manager | id = 7001
description = der dienst "netzwerklistendienst" ist vom dienst "nla (network location
awareness)" abhängig, der aufgrund folgenden fehlers nicht gestartet wurde: %%1068
< end of report >
|
|
05.06.2012, 20:26
| #2 |
| /// Malware-holic   | verschlüsselungs trojaner hi,
__________________1. öffne mcafee poste die fundmeldungen. 2. öffne malwarebytes, logdateien, poste alle berichte. 3. entschlüsseln bzw wiederherstellen: http://www.trojaner-board.de/115496-...erstellen.html 4. die infektionsquelle: an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert. wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ: .eml einstellen. dann bitte lesen: markusg - trojaner-board.de und mir die soeben erstellte datei zukommen lassen. wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders. bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen. sie können dann dorthin solche verdächtigen mails senden. diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.
__________________ |
|
07.06.2012, 08:10
| #3 | |||||
| | verschlüsselungs trojaner Hier sind die Berichte
__________________Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
Zu Punkt 1 wie stelle ich das ein bzw. Wie kopiere ich den Bericht/ Meldung?? Zu Punkt 3 wie mache ich das? Habe ich mir runtergeladen. Punkt 4 ist erledigt. Vielen danke an alle die Helfen. |
|
07.06.2012, 12:03
| #4 |
| /// Malware-holic | verschlüsselungs trojaner müsste man auch abkopieren können, nutze das programm nicht, aber ich denke das ist selbsterklärend. hast du für 3. die anleitung gelesen und das vidio angesehen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu verschlüsselungs trojaner |
| alternate, babylon toolbar, babylontoolbar, becker, benötigt, bingbar, code, conduit, datei, dealply, document, e-mail, foto, google earth, heute, hinweis, home, install.exe, kaufen, launch, locker, microsoft, microsoft office word, mywinlocker, namen, neu, neue, neuen, nicht mehr, nicht öffnen, origin, plug-in, problem, prüfen, richtlinie, schnell, schonmal, searchscopes, super, system, t-mobile, trojane, trojaner, update, verschlüsselung, version=1.0, visual studio, windows, windows 7 |
Linear-Darstellung
