| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.06.2012, 16:26
| #1 |
 |  Verschlüsselungs Trojaner Hallo zusammen, Ich habe diesen Trojaner eingefangen und bin froh um Hilfe. Den Check mit MalewareBytes hab ich bereits gemacht: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.06.02 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Nicole :: SAMSUNG [Administrator] Schutz: Deaktiviert 06.06.2012 12:44:03 malwarbyte Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 359810 Laufzeit: 39 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 13 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt. HKCR\CLSID\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.BFlix) -> Keine Aktion durchgeführt. HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.BFlix) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5f09bce-3a9f-020c-c58e-e473f8bc3061} (Adware.LoudMo) -> Keine Aktion durchgeführt. HKCR\CLSID\{e5f09bce-3a9f-020c-c58e-e473f8bc3061} (Adware.LoudMo) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5F09BCE-3A9F-020C-C58E-E473F8BC3061} (Adware.LoudMo) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5F09BCE-3A9F-020C-C58E-E473F8BC3061} (Adware.LoudMo) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|A4DF8040 (Trojan.Agent) -> Daten: C:\Users\Nicole\AppData\Roaming\Lqcpb\4491C4B6A4DF80409468.exe -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.Palevo) -> Daten: explorer.exe,C:\Users\Nicole\AppData\Roaming\juzjf.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\TheBflix (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\data (PUP.BFlix) -> Keine Aktion durchgeführt. Infizierte Dateien: 11 C:\Users\Nicole\AppData\Roaming\Lqcpb\4491C4B6A4DF80409468.exe (Trojan.Agent) -> Keine Aktion durchgeführt. C:\Users\Nicole\AppData\Local\Temp\kravozydgm.pre (Trojan.Agent) -> Keine Aktion durchgeführt. C:\Users\Nicole\AppData\Local\Temp\rmgejpbdar.pre (Trojan.Agent) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\hpilclpacieflhmobalmaccogiioldoo.crx (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\data\nQgfAJsdpqgsanNUx (PUP.BFlix) -> Keine Aktion durchgeführt. C:\ProgramData\TheBflix\data\NUGeovrDyQGfajsDpE (PUP.BFlix) -> Keine Aktion durchgeführt. (Ende) Besten Dank für jede Hilfe. Ich hab noch den Scan mit dem OLT gemacht. OLT.txt: Code:
ATTFilter OTL logfile created on: 6/6/2012 6:44:58 PM - Run 1 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Nicole\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 70.60% Memory free 5.99 Gb Paging File | 5.27 Gb Available in Paging File | 88.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 141.49 Gb Total Space | 86.62 Gb Free Space | 61.22% Space Free | Partition Type: NTFS Drive D: | 141.50 Gb Total Space | 36.92 Gb Free Space | 26.10% Space Free | Partition Type: NTFS Drive E: | 519.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: SAMSUNG | User Name: Nicole | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nicole\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation) SRV - (SharedAccess) -- C:\Windows\System32\ipnathlp.dll (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (GtDetectSc) -- C:\Program Files\Orange\GlobeTrotter Connect\GtDetectSc.exe (OptionNV) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (StarOpen) -- C:\windows\System32\drivers\StarOpen.sys () DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.) DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb119?a=6PQpiW1uHg&i=26 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2F7ACB53-23F8-415E-83FC-88494625638A}: "URL" = hxxp://www.chameleonsearch.com/search.php?src=tops&q={SearchTerms} IE - HKCU\..\SearchScopes\{4A370633-5B82-4827-8535-C10546664F20}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de IE - HKCU\..\SearchScopes\{8B035C2B-7508-42FC-9ED0-F7C03B020953}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\..\SearchScopes\{9198A103-03DB-4105-B76E-E33A6FB3476A}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{B0AC2587-F76B-4576-9DD6-062B08F53CAC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{C01E9A0A-BEF9-49F0-A75C-136D3161A529}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQpiW1uHg&i=26 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/18 19:55:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 19:55:08 | 000,000,000 | ---D | M] [2012/03/10 19:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions [2012/03/10 19:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012/06/06 00:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\crkogry4.default\extensions [2012/02/23 20:40:09 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\crkogry4.default\extensions\info@bflix.info [2011/11/02 23:22:07 | 000,002,457 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\DXetdruTlsdOvyEx [2011/11/02 23:22:07 | 000,002,419 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\eaxfuOlXUGJNjnf [2011/11/02 23:22:07 | 000,000,933 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\gvryEXeQgLqTDftEjsa [2011/08/12 09:28:52 | 000,005,508 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\GVtugyEdGNQjLeagJ [2011/11/02 23:22:07 | 000,010,525 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\OJNEjpeQgyoTDtdjnea [2012/02/23 20:39:23 | 000,002,203 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\TlpfsgveaGVNunysUNuE [2011/03/10 08:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/05/07 11:06:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/07 11:57:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/02/07 11:57:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/07 11:57:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/02/07 11:57:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/02/07 11:57:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/02/07 11:57:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (TheBflix Class) - {3228B03C-11A2-4598-B127-089103A37FAC} - C:\ProgramData\TheBflix\bhoclass.dll (Injector) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll File not found O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) O2 - BHO: (chameleontom) - {e5f09bce-3a9f-020c-c58e-e473f8bc3061} - C:\windows\system32\-wnbLv-5ciFpS-.dll File not found O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [A4DF8040] C:\Users\Nicole\AppData\Roaming\Lqcpb\4491C4B6A4DF80409468.exe (Al Momento Non è Registrata) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm () O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: absolog.ch ([silviokeller] https in Trusted sites) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxp://www.lokalisten.de/iup/ImageUploader6.cab (Image Uploader Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B836DB-879A-4D3A-90FF-7ED802146BA9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9FD38A0-81A9-4AEE-98B3-F7338FFC24BA}: DhcpNameServer = 195.141.56.5 193.192.227.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Nicole\AppData\Roaming\juzjf.exe) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/10/20 07:14:28 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{539e5775-e600-11de-aa10-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{539e5775-e600-11de-aa10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2010/11/05 08:43:36 | 001,888,193 | R--- | M] (Macromedia, Inc.) O33 - MountPoints2\{bbac63b6-f263-11e0-a07f-002454240b80}\Shell - "" = AutoRun O33 - MountPoints2\{bbac63b6-f263-11e0-a07f-002454240b80}\Shell\AutoRun\command - "" = F:\Start_eBanking_Login-Stick_Win.exe O33 - MountPoints2\{c802ddb6-8225-11df-9ea9-002454240b80}\Shell - "" = AutoRun O33 - MountPoints2\{c802ddb6-8225-11df-9ea9-002454240b80}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\{e7b4ded8-47e7-11df-a1ac-002454240b80}\Shell - "" = AutoRun O33 - MountPoints2\{e7b4ded8-47e7-11df-a1ac-002454240b80}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/06 12:24:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012/06/06 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes [2012/06/06 12:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/06 12:24:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/06 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/06 12:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/06 00:37:01 | 000,000,000 | -HSD | C] -- C:\found.000 [2012/06/06 00:27:04 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3586743A-8CE9-4132-8862-3A72771ECE7F} [2012/06/06 00:26:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{684DCE48-620F-4E6A-B670-ADE83C80A311} [2012/06/05 23:37:08 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Lqcpb [2012/06/05 11:58:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{2129B552-6B2C-4615-A299-681BDE15084E} [2012/06/05 11:58:25 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{1FDA4053-7F9B-4D3A-A5E1-325F57C829F7} [2012/06/04 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{0760A984-9FD0-48F7-9CDE-880035D8CA1A} [2012/06/04 23:57:45 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{A86532B8-F091-41C6-B758-5440EC5D343F} [2012/06/04 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{7778C1D7-E4D3-4E7E-9787-F7805D271542} [2012/06/02 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{ADABA92C-1EB0-4A46-AA3F-5F9D43D41187} [2012/06/02 16:05:53 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3C42FE58-F2EF-4F24-A009-89CE455603F6} [2012/06/01 20:51:47 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{36D163E3-D22F-4071-A571-73633DA2FD78} [2012/06/01 20:51:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8B1A03A4-F3FB-4FAF-BFFE-A778128174E9} [2012/05/31 11:00:01 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{9E9FD00B-AAAA-4BFE-9553-3EEBDEAA5A57} [2012/05/31 10:59:49 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{ADBB3C1B-1D27-472A-9B44-53FCF7F9979C} [2012/05/30 17:58:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{9F5F35F1-CB8C-4259-B207-0B3A6EE4A95D} [2012/05/30 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{65201E5F-29B8-4E22-914E-FA78EA0FE4BE} [2012/05/29 05:10:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{2C3D1E0E-9FDF-468C-A905-B35BABA564CA} [2012/05/29 05:10:18 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{CF13DFD7-4A01-4E6F-8BD2-0D01123382D9} [2012/05/28 17:09:51 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{5372B4A0-B523-4AB7-8B89-738301C85F47} [2012/05/28 17:09:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{29D85BA9-84AC-428E-BA6D-FAFFEFC12CA5} [2012/05/28 05:09:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{255FDC48-94E4-4289-9508-C1732BB007EC} [2012/05/27 20:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2012/05/27 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{C5C2DCFF-9680-41E1-B656-676B1E86E5BC} [2012/05/27 17:08:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{D4AEA7F5-C593-40E5-B7CD-CB09B2777C24} [2012/05/26 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8A2EB421-DAD2-43C5-97AD-FA78B353C069} [2012/05/26 12:18:45 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{BEBBBD1B-D097-46CF-BDE6-ADEFBC3DF0D5} [2012/05/24 12:16:44 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{F5578B99-5E07-421B-823A-E47B085A8B9C} [2012/05/24 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{47A4459D-9962-45BE-9B69-8D0022F5D683} [2012/05/23 23:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8D412523-2178-4B84-BCB6-875AC9C18EFA} [2012/05/23 23:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{6A9A4EDF-9709-49E6-8962-CF3C820ADB90} [2012/05/23 11:27:02 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{2597FC09-9ECE-44DD-983F-06613CA9D52E} [2012/05/23 11:26:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{050B55E5-2A61-4EF6-A9E2-47EADB17C177} [2012/05/22 23:26:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{325C7423-4092-423C-BC91-EE7817DD6067} [2012/05/22 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{BEA792EE-46E6-4C8D-A8D0-70DB0FC2BDF8} [2012/05/22 11:18:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{4DCE5FFC-151A-413B-8465-A9E88F5C766C} [2012/05/22 11:18:04 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{B498A526-1F35-481A-8CED-0BB5B4D57096} [2012/05/21 16:18:52 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{6F6235F4-94C2-4E41-8BEE-4A09D95DA0C0} [2012/05/21 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{22DAD31F-08BB-4530-8745-5F7EACBBE5B4} [2012/05/20 16:35:29 | 000,000,000 | R--D | C] -- C:\Users\Nicole\Podcasts [2012/05/20 16:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune [2012/05/20 16:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Zune [2012/05/19 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\I Phone Bilder [2012/05/19 14:11:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{A6D958EA-202C-43D4-AF9E-39D76D00F54D} [2012/05/19 14:11:27 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{54B3F663-1BD7-4033-B359-DA51FA71AF7B} [2012/05/18 19:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/18 19:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/05/18 19:54:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{BC83D4E3-048A-4A5F-99D9-2EDBCA30DFFE} [2012/05/18 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3D215BB3-26ED-4B7C-8CFE-33F94C850F14} [2012/05/18 07:53:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{7B56347D-D35B-4CD2-BA9D-2E5843F97D1F} [2012/05/18 07:53:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{E5AC9DE9-6798-4872-8014-C5DCDA32E068} [2012/05/17 16:29:42 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\ewige libi [2012/05/17 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{F7BCD2F6-DB81-4E92-9288-BC6759998336} [2012/05/17 16:14:08 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8360D53D-5747-47E2-8C16-C685391DB4EC} [2012/05/17 07:42:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{962482CE-6DD8-4275-97BF-EE219B6A8A92} [2012/05/17 07:40:54 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{D391F326-B432-4CA4-AB10-C160E811CDF9} [2012/05/15 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8E3BE15D-5F1C-4CD8-AB9C-4E6D09056DCA} [2012/05/15 10:11:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{612C55B2-8956-4159-8797-3B58FFC2B68B} [2012/05/14 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{4AFA7C0C-9097-46F4-BE4D-D1DBFCA7CB7C} [2012/05/14 00:11:51 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{67E9C848-87B0-44B5-8BDC-EFE943600FD2} [2012/05/14 00:11:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3F2F641A-AD44-4BA5-8C3E-4E064A8F31CE} [2012/05/13 12:11:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{85AAF572-CE27-4505-99B7-54F7E9C75137} [2012/05/13 12:10:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{B8137D6E-A044-4C3E-A2D9-BC694B09D6E2} [2012/05/13 00:10:23 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{BADF6564-62EB-4BCF-AE61-24B4F18B66EB} [2012/05/13 00:10:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3A3E035F-849B-459B-921A-7C77768FC363} [2012/05/12 10:50:54 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{05F44A4D-5B92-4457-8E5A-890859855E32} [2012/05/11 18:59:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8B88B5C9-D81A-464D-B4F5-992717CAA2B0} [2012/05/11 18:59:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{72F1439E-C440-45AB-9385-43B0735FFC75} [2012/05/10 17:38:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2012/05/10 17:38:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2012/05/10 17:38:57 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/05/10 17:38:53 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll [2012/05/10 17:31:44 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{45F1393A-2E0D-446C-9B30-C4756296A92C} [2012/05/10 17:31:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{527470A2-C9A8-4E8D-ABFF-32CDA2527905} [2012/05/09 19:10:45 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{D74B993A-1F72-41BB-9522-26237F03DE62} [2012/05/09 19:10:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{2FA2833C-CADD-47F9-9EB4-8D5340545D3B} [2012/05/08 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{38453675-A31D-4645-B7F2-7F5B1A68E090} [2012/05/08 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{196D0367-118A-4A59-9AAD-8E642E11F18B} [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/06 12:43:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012/06/06 12:24:48 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/06/06 12:21:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/06 12:21:21 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys [2012/06/06 06:57:17 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/06 05:59:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/06 00:46:26 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/06 00:46:26 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/27 20:08:46 | 000,000,000 | ---- | M] () -- C:\windows\BRPARAM.INI [2012/05/20 16:37:08 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2012/05/20 16:36:49 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012/05/20 16:34:12 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk [2012/05/18 19:55:04 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/17 16:17:36 | 000,714,880 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/05/17 16:17:36 | 000,665,854 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/05/17 16:17:36 | 000,154,776 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/05/17 16:17:36 | 000,124,988 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/05/11 18:57:07 | 000,418,704 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/05/09 19:09:59 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2012/05/09 19:09:59 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/06 12:24:48 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/05/27 20:08:46 | 000,000,000 | ---- | C] () -- C:\windows\BRPARAM.INI [2012/05/20 16:37:08 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf [2012/05/20 16:36:49 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf [2012/05/20 16:34:12 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk [2012/05/18 19:55:04 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/02/09 15:20:38 | 004,794,880 | ---- | C] () -- C:\windows\System32\x264vfw.dll [2012/01/28 13:12:40 | 000,079,360 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2012/01/09 20:45:18 | 000,178,688 | ---- | C] () -- C:\windows\System32\unrar.dll [2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\windows\System32\lagarith.dll [2011/01/25 23:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\EyvgtVlTQrUtep [2011/01/25 23:29:40 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\oqnvgeXoqQrUtnA [2010/08/21 18:22:57 | 000,003,584 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/14 11:07:32 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll ========== LOP Check ========== [2010/03/23 13:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Canneverbe Limited [2012/06/06 00:18:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\ICQ [2010/06/17 21:13:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech [2012/06/05 23:37:08 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Lqcpb [2010/07/01 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\mquadr.at [2010/12/17 18:58:16 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Netgear Live Parental Controls [2010/08/30 22:06:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TeamViewer [2012/03/10 19:47:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TomTom [2012/02/26 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Win7codecs [2012/05/18 07:51:37 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 6/6/2012 6:44:58 PM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Nicole\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 70.60% Memory free
5.99 Gb Paging File | 5.27 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 86.62 Gb Free Space | 61.22% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 36.92 Gb Free Space | 26.10% Space Free | Partition Type: NTFS
Drive E: | 519.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: SAMSUNG | User Name: Nicole | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7197BB-5021-4609-888B-911DF5E320A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1BB7FCAF-93D9-4DBE-8F6C-DC41C22950FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1FD529A9-1027-430B-81E8-052EB257ED34}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{25F028D0-36CC-427C-84F3-02D92D4F5043}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3147C501-3127-43B4-82D0-63AB47313349}" = lport=10243 | protocol=6 | dir=in | app=system |
"{38630A73-299C-4FB9-AB99-189C89CA1F3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60CCBA5C-C865-42BE-8B29-9AD27DE9D5A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C0043FB-00DF-4CF2-AC73-0FEE329803E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EDA6529-BA78-4C62-AF41-17413E63E8AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system |
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system |
"{ACB3E3D3-0454-461A-A5B5-D8B7218C5983}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{B8BCD630-9592-4D39-95E0-A12946132900}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system |
"{BFBE398E-0D5A-41CC-B277-DEA3E251317B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system |
"{EB5D97CA-7AAE-43C2-9084-52B2CEBDF295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED2FF2D9-6BEB-45CC-9179-588EFD18FCDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system |
"{FE2BDF4A-F758-4163-B4BC-9D5E9052B9E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FEE13DE9-EAD6-4229-A513-D6767A361086}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A08DA5-F282-4D01-8DF4-E1EF93333A6B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{06EBEECC-DEDB-44AB-9EE1-4EADD19FDA49}" = protocol=6 | dir=in | app=c:\program files\cablecom\installer\cablecom_installer.exe |
"{0EF1A57E-E131-4AB0-890F-73A8FDC7638A}" = protocol=17 | dir=in | app=c:\program files\cablecom\installer\cablecom_installer.exe |
"{200F9486-01E8-4029-9F7A-49684305A794}" = protocol=6 | dir=out | app=system |
"{20888706-74B2-47BF-8776-BB55BCD07C0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{234152F2-E18D-4046-B3EF-58F9252B7B02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2E2E7F16-10AC-4013-A873-35804C3B3C77}" = protocol=17 | dir=in | app=c:\program files\cablecom\installer\cablecom_installer.exe |
"{3F1CC036-CD90-41BD-A5F1-056F5774DF47}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{472A7034-358D-4FB2-9EF7-759A4EBC00FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{478CCFC9-FFC1-4AA6-AA84-80B44486FDBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{503C3C57-1B80-4D55-81ED-8315D02D5A0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54F20C4D-58C7-44E4-BFC8-8DC0E4957BC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5AD4AE74-3EC7-45F3-9111-57C2214FEFBC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6902CE81-79C7-4D7E-9C56-04207AF7347E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{69857331-C722-432F-A433-BEF892F893C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{726B8299-B040-4CD1-8A94-19CD6E49A7B6}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{734E034A-22EF-4EED-AA38-82B341377EA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7F6F2D2F-0A22-4249-B381-2B88F5DE6CA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85E2ECC2-078D-4021-BAAF-2B4F58CE3F37}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{9065E2A5-4B96-421C-9ABF-AC2741D7BEB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94962D29-6C96-4AF4-B777-CBA1839128A4}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{A5B174F8-E643-490C-93A1-943926C5E0F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD6FD4CD-F9F3-403A-B5A5-FCFA3DE7724B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CC5956A9-6882-4805-AC88-046AD1763F76}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{D1FF9A5D-831B-4C0B-B197-D4431CB07E06}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D5B4B955-4D3D-4C0C-AA32-C6DE6CB25DFD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E61CD4B2-8779-4F2B-9C6A-0D9843C329C6}" = protocol=6 | dir=in | app=c:\program files\cablecom\installer\cablecom_installer.exe |
"{F8D8FB5C-F8A9-4638-AA38-6115A55BCB69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{8D7005BC-08F2-4D8F-9E20-168D0F4F0501}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CEB697A4-AEB4-432F-A389-A0B36A686150}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D91B68F7-24DE-4DF5-AA40-35CAE70F52C7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EB28421E-22CE-4331-BABC-5397035D300D}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{0D61AB39-77AF-46C9-86EA-BAC90D956D48}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{197C351A-941B-4056-9303-9C082018CAB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6FF3F985-DF7D-42FD-96F9-F6E9B29B087B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{DD42B2E7-A199-4F12-BD6B-EB89C5C34542}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{29EFF077-2E09-4AF3-9744-54E41D245E93}" = Motorola Phone Tools
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2D7C3E18-E696-4B67-8B5D-45CD3BE6B27E}" = SweetIM for Messenger 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{631141AD-79AA-447F-B403-21C704D39B8C}" = UPC Fiber Power Optimizer
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{973B2A28-51AC-4985-A23B-158F546ED7DD}" = GlobeTrotter Connect
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F61310F9-DE52-4EF9-B514-F41DE0BC0418}" = cablecom installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"cablecom installer" = cablecom installer
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"ChameleonTom" = Chameleon Tom
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"ifolor-Designer" = ifolor Designer
"incredibar" = Incredibar Toolbar on IE and Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NETGEAR Live Parental Controls Management Utility" = NETGEAR Live Parental Controls Management Utility 2.1b12
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"PROR" = Microsoft Office Professional 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.3.2499
"UPC Fiber Power Optimizer" = UPC Fiber Power Optimizer
"WinLiveSuite" = Windows Live Essentials
"Zune" = Zune
"Zynga Toolbar" = Zynga Toolbar
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
07.06.2012, 17:22
| #2 |
| /// Malware-holic   | Verschlüsselungs Trojaner update Malwarebytes bitte, dann vollständiger scan und löschen.
__________________dann sende mir die infektionsquelle, wie das geht steht in meiner signatur. http://www.trojaner-board.de/115496-...tml#post831090 bitte dann shadow explorer versuchen
__________________ |
|
07.06.2012, 22:12
| #3 |
| | Verschlüsselungs Trojaner Neu gescannt und gelöscht.
__________________Soll ich den log nochmals posten? Aufstarten geht wieder normal. Nur sind alle Dateien noch Verschlüsselt (bis auf C:/Programme und C:/Windows). Werde ShadowExplorer noch versuchen. Infektionsquelle sende ich nächstens auch. |
|
| Themen zu Verschlüsselungs Trojaner |
| administrator, alternate, anti-malware, appdata, autostart, benutzerregistrierung, browser, canon, cdburnerxp, check, code, conduit, dateien, dateisystem, ebanking, explorer, explorer.exe, feedback, gen, google earth, hallo zusammen, helper, heuristiks/extra, heuristiks/shuriken, incredibar toolbar, install.exe, malwarebytes, microsoft, microsoft office word, montera, office 2007, origin, pup.mywebsearch, quarantäne, roaming, searchscopes, security scan, software, speicher, staropen, temp, test, trojan.agent, trojane, trojaner, uninstall.exe, verschieben, version=1.0, visual studio |
Linear-Darstellung
