| |
| |||||||
Log-Analyse und Auswertung: RKIT/Agent.desj in BAcroIEHelpe171.dll als MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.07.2012, 04:35
| #1 |
 |  RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware einen guten Tag an alle freundlichen Helfer, ich bin neu hier, weil ich dieses Ding RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware gefunden habe. Antivir hat mir diese Fehlermeldung ausgegeben. Hier im Forum habe ich einen Thread über "RKIT/Agent.desg" gefunden und die beiden angegebenen Suchprogramme Malwarebytes Anti-Malware und OTL drüberlaufen lassen. Hier meine Log-Dateien: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.26.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 xy :: XY1 [Administrator] Schutz: Aktiviert 26.07.2012 02:56:11 mbam-log-2012-07-26 (04-27-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 539202 Laufzeit: 1 Stunde(n), 22 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\CLSID\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Keine Aktion durchgeführt. HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\xy\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 19 C:\$Recycle.Bin\S-1-5-21-1304805427-2328156682-2798200666-1000\$RHU85YL.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\GameHouse Games\ocean_express_v10_tft.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Vlcclassic\Uninstall.exe (Trojan.FakeVLC) -> Keine Aktion durchgeführt. C:\Users\xy\Desktop\Download\internet_download_manager_514_build_5.exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\xy\Desktop\Download\internet_download_manager_v5183_repack_winall_incl_crack_rig_[h33t]_[m8].exe (PUP.Adware.MediaGet) -> Keine Aktion durchgeführt. C:\Users\xy\Desktop\Sicherungen\diverses\SoftonicDownloader_fuer_internet-download-manager.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Desktop\Sicherungen\diverses\KeyPatch IDM\KEY PATCH IDM.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\FLVConverterSetup.exe (Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\SoftonicDownloader_fuer_adobe-illustrator_2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\SoftonicDownloader_fuer_adobe-illustrator_3.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\SoftonicDownloader_fuer_mozilla-firefox.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Downloads\Programs\SoftonicDownloader_fuer_mozilla-firefox_2.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Documents\Internet Download Manager [IDM] v6.08 Build 9 - Crack UnREaL\idman608.exe (PUP.SmsPay) -> Keine Aktion durchgeführt. C:\Users\xy\Downloads\SoftonicDownloader_fuer_7-zip.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Downloads\SoftonicDownloader_fuer_luxor-3.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\xy\Downloads\SoftonicDownloader_fuer_winzip.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. S:\EDV\Programme\IDM\KeyPatch IDM\KEY PATCH IDM.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Users\xy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Keine Aktion durchgeführt. C:\Users\xy\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt. (Ende) Und hier Nr. 2 OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/26/2012 4:50:36 AM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\xy\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 59.66% Memory free 8.00 Gb Paging File | 6.12 Gb Available in Paging File | 76.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919.79 Gb Total Space | 622.01 Gb Free Space | 67.63% Space Free | Partition Type: NTFS Drive D: | 286.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive S: | 931.51 Gb Total Space | 817.66 Gb Free Space | 87.78% Space Free | Partition Type: NTFS Computer Name: xy | User Name: xy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - c:\xampp\mysql\bin\mysqld.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\agcp.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe () PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) PRC - C:\Windows\SysWOW64\TSTheme.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe () PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\xy\AppData\Local\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe () MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe () MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (FileZilla Server) -- c:\xampp\FileZillaFTP\FileZillaServer.exe (FileZilla Project) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe () SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG) DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\PdiPorts.sys (Portrait Displays, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (s115mgmt) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation) DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation) DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation) DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation) DRV:64bit: - (s115bus) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation) DRV - (KLAntiFL) -- C:\Windows\SysWOW64\flcss.sys (Kaspersky Lab.) DRV - (cdrbsdrv) -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com/web?l=dis&o=APN10383&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^ABI&apn_uid=3414145426654138&p2=^ABI^YYYYYY^YY^DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 63 15 27 FB 34 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=d2f250df000000000000000000000000 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb106/?search={searchTerms}&loc=IB_DS&a=6PQoHNhJyF&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0 FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {78D3E302-AEE0-40BB-B866-28A0139E12C8}:1.9.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2883880&SearchSource=2&q=" FF - prefs.js..network.proxy.http: "89.187.142.176" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/17 19:24:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\xy\AppData\Roaming\12001.049 [2012/07/25 19:00:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\nettmarketing\AppData\Local\Mozilla Firefox\components [2012/05/07 12:22:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\xy\AppData\Local\Mozilla Firefox\plugins [2012/06/21 03:36:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Users\xy\AppData\Local\Mozilla Thunderbird\components [2012/02/26 03:29:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Users\xy\AppData\Local\Mozilla Thunderbird\plugins [2012/06/21 03:36:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{78D3E302-AEE0-40BB-B866-28A0139E12C8}: C:\Users\xy\AppData\Local\{78D3E302-AEE0-40BB-B866-28A0139E12C8} [2011/02/23 20:57:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\xy\AppData\Roaming\IDM\idmmzcc3 [2012/02/21 14:30:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\xy\AppData\Roaming\12001.049 [2012/07/25 19:00:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\xy\AppData\Roaming\IDM\idmmzcc3 [2012/02/21 14:30:29 | 000,000,000 | ---D | M] [2011/08/24 00:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Extensions [2012/07/22 20:40:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xy\AppData\Roaming\mozilla\Firefox\Profiles\m8tbqzhj.default\extensions [2012/02/17 20:25:51 | 000,002,203 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\searchplugins\MyStart Search.xml [2012/02/09 22:49:34 | 000,003,915 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Mozilla\Firefox\Profiles\m8tbqzhj.default\searchplugins\sweetim.xml [2011/03/14 17:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/03/22 14:03:49 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2012/07/22 20:40:53 | 000,016,192 | ---- | M] () (No name found) -- C:\USERS\XY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M8TBQZHJ.DEFAULT\EXTENSIONS\{DD3D7613-0246-469D-BC65-2A3CC1668ADC}.XPI [2012/07/19 18:31:45 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\XY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M8TBQZHJ.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI ========== Chrome ========== O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - \bin\jp2ssv.dll File not found O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DT PLP] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () O4 - HKCU..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe () O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKCU..\Run: [MediaGet2] C:\Users\xy\AppData\Local\MediaGet2\mediaget.exe (MediaGet LLC) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm () O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDFB34AE-F807-4974-AF8E-758837A55731}: NameServer = 62.220.18.8 89.246.64.8 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\Shell - "" = AutoRun O33 - MountPoints2\{5c45222c-384d-11df-bd63-00016c6d2d52}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/26 03:03:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe [2012/07/26 02:55:11 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\Malwarebytes [2012/07/26 02:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/26 02:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/26 02:55:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/26 02:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/26 02:53:22 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\xy\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/25 19:00:36 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.049 [2012/07/25 17:07:26 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{4D7A0A5E-B48B-4BBC-8145-656EB89FD66E} [2012/07/25 17:05:46 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{82D677AB-8531-48E9-ACF1-F5C9D0F82390} [2012/07/24 17:05:10 | 000,000,000 | ---D | C] -- C:\Users\xy\Documents\Abelssoft [2012/07/24 16:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012/07/24 16:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Downloader [2012/07/24 16:57:35 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\Abelssoft [2012/07/24 16:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Downloader [2012/07/24 10:10:00 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{E21AF4D3-7E6E-4FAF-AA15-D82CB44B5363} [2012/07/24 10:09:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{0CB7FB11-7E9F-452D-B5BE-B60B0C55F956} [2012/07/23 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{11F2392D-2581-46DC-AEB7-413CF9DE4057} [2012/07/23 16:11:28 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{D28E86B6-66FB-488C-8A9B-B870FDC79420} [2012/07/22 23:49:38 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\DOSBox [2012/07/22 23:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 [2012/07/22 23:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74 [2012/07/22 23:49:08 | 001,448,809 | ---- | C] (DOSBox Team) -- C:\Users\xy\Desktop\DOSBox0.74-win32-installer.exe [2012/07/22 21:58:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.048 [2012/07/22 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{020CA139-17A0-47C6-BF52-54527A3F2533} [2012/07/22 19:05:03 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{93807DCA-1931-42B3-B4AA-387E6396E480} [2012/07/21 12:20:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{EA1932EC-D00C-482D-B34D-1B184CD997EC} [2012/07/21 12:19:28 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{9C3B821B-110F-49D9-8C6F-57DB997AAA11} [2012/07/21 12:19:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.047 [2012/07/20 23:14:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.046 [2012/07/20 20:23:40 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.045 [2012/07/20 18:18:58 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{FCDE9EF0-BE38-4581-9C3F-50C3DB60F6E6} [2012/07/20 18:18:46 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{1051A9E8-002D-416E-A0E3-CFD45F5AB649} [2012/07/20 04:26:05 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{70450F31-7FF2-4CB8-8881-139759D4E01B} [2012/07/20 04:20:38 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{E489FD4B-FA14-4F72-A00A-7EB7221CFCDC} [2012/07/19 12:39:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{69F3B32D-93C7-41AE-BB16-241CCE71A5CB} [2012/07/19 12:38:36 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{C9104B7B-C5CF-4042-B103-8A6755483179} [2012/07/18 19:48:12 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\diverse [2012/07/18 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.044 [2012/07/18 17:47:22 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{A637AEAC-2F07-447E-B136-7544A0BD6EF0} [2012/07/18 17:47:08 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{B7DA9789-032C-4E52-844D-BB679EA577C7} [2012/07/18 01:51:01 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.043 [2012/07/18 01:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia [2012/07/18 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Macromedia [2012/07/18 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia [2012/07/18 01:31:46 | 000,000,000 | ---D | C] -- C:\Dreamweaver [2012/07/18 01:29:34 | 063,826,688 | ---- | C] (Macromedia ) -- C:\Dreamweaver8-de.exe [2012/07/18 00:36:53 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{571C3852-7267-4EFC-99A4-D0858DE92FBD} [2012/07/17 11:42:55 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{56FD8C72-0DE1-4322-9A46-E1D2D7527466} [2012/07/17 11:41:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{EB173A65-EB10-48C2-B86B-03A8FDA78963} [2012/07/16 16:32:53 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{D671580E-15AB-4023-8F0A-DE23E3471717} [2012/07/15 20:58:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.042 [2012/07/15 16:47:14 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{B58883FD-F600-4FDF-97CC-F25D4553AB2E} [2012/07/15 16:45:56 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{730FF455-C96C-4801-AEA2-65137EC589B5} [2012/07/15 03:22:31 | 000,000,000 | ---D | C] -- C:\Users\xy\Desktop\Symbole Georg [2012/07/13 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{9998E708-CB4A-439D-9B43-465335CDBA6E} [2012/07/13 20:50:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{31B72970-27F3-40DA-9D53-B033114F3B94} [2012/07/13 17:10:08 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.041 [2012/07/13 16:11:18 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{5CEA8BA6-BF66-4D53-BBC9-845120473842} [2012/07/12 22:04:12 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.039 [2012/07/12 17:31:20 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{93EA5E4D-096B-4E77-A324-F9E81E28AEA6} [2012/07/12 17:31:09 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{6DBCD172-FFE9-48C1-A8F8-EFD5142F1BC3} [2012/07/12 01:28:30 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{85517877-691C-4F5C-8149-14C5A9F2FBC0} [2012/07/12 01:27:08 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{DFCE3867-4C81-41B9-8BF9-CECC4C63D9E6} [2012/07/11 20:11:24 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.038 [2012/07/11 13:37:07 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{D9920FB2-9A2D-4FE4-89E4-E98117819A25} [2012/07/10 21:45:42 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.037 [2012/07/10 21:39:56 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{7B198E84-07E4-433F-A67D-359F0EB73BD4} [2012/07/09 20:43:06 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/07/09 20:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012/07/09 19:19:55 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{E206C76B-0ABF-47CE-A01C-E80DA4248E4B} [2012/07/09 19:18:29 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{B127DE71-843A-473D-AB66-3C219DA9D123} [2012/07/09 18:12:25 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.036 [2012/07/09 04:21:44 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{2EF289B3-7EBD-4182-BD42-16251DCF4162} [2012/07/09 04:20:10 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{DB96A567-BAEF-4EB4-9D33-01F1EE3261BF} [2012/07/08 17:00:31 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.035 [2012/07/08 16:53:59 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{B100FE45-C78B-426D-BF84-05869903DE12} [2012/07/07 23:41:36 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{9991520E-C80B-4579-9934-0226D9282E8F} [2012/07/06 18:41:35 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.034 [2012/07/06 18:36:26 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{40988373-CEFD-440F-932C-7E036325CEF2} [2012/07/06 18:36:14 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{CB006CD2-6D3D-4F65-AFCD-5D1230A70084} [2012/07/06 18:25:07 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{57C4123C-61DB-49B5-9099-98DD2460632D} [2012/07/06 00:20:03 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.033 [2012/07/05 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{F47ED7B9-CCEB-4A25-B0A2-06E7C1CB69B0} [2012/07/05 15:53:06 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{0668A87B-2BCF-412F-A8B6-0AA1924C3F4B} [2012/07/04 18:15:15 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.032 [2012/07/04 15:51:30 | 001,128,916 | ---- | C] (www.hellopdf.com ) -- C:\Users\xy\Desktop\pdf2wordsetup.exe [2012/07/04 15:28:10 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{083E7C3A-9592-4022-89F1-4CB548F8349A} [2012/07/03 20:20:37 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.031 [2012/07/03 20:20:33 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{66A55336-DCFB-4A0E-ABAF-6F09EF267747} [2012/07/03 15:21:54 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{C627445B-F20F-4768-9B20-BBF5B96B7619} [2012/07/02 19:00:59 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{03846435-EE6A-4BD5-BCDF-A268E5C1BD5F} [2012/07/02 19:00:16 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{2B0240D3-20C2-49A9-BB89-E068510B8F62} [2012/07/01 13:36:53 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{220245A4-8D90-47D0-8B8A-A659C239D677} [2012/07/01 13:35:41 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{D416A0C9-E6BD-4380-8228-0E8036325A6E} [2012/06/30 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{83ACC411-3A01-4F89-8F68-92CBAB913479} [2012/06/29 18:56:59 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.030 [2012/06/29 18:01:37 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{F0430FCB-236C-40B9-BB2A-0657C3449CD8} [2012/06/29 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{3887AA61-1BBE-4196-A76A-4768989AD252} [2012/06/29 02:04:10 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{CF501BD7-F1AC-4FB9-A926-43461ED99B6C} [2012/06/29 02:03:24 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{4DFC9BDC-06F4-4B34-8E5B-742BEFD5656D} [2012/06/28 18:39:00 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{91F1357B-F89C-4630-836F-06A58BD7ECD4} [2012/06/28 18:38:43 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{36F10E53-0475-4D37-B536-F4F4BDE61FB0} [2012/06/28 05:27:35 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{EA1FBD3F-B711-4F45-9E71-7AB4241FF7EE} [2012/06/28 05:26:01 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{66E48C4C-436E-48B1-8D1B-CF2C5C0D3F35} [2012/06/27 19:30:23 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.029 [2012/06/27 00:59:47 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Roaming\12001.027 [2012/06/26 16:44:15 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{126CE1F2-F11C-422B-8191-C40B087A2C7C} [2012/06/26 16:44:03 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{7C7D8982-FB2B-4EEA-9A51-5EE0600B71B2} [2012/06/26 05:27:19 | 000,000,000 | ---D | C] -- C:\Users\xy\AppData\Local\{75178E1A-F862-43E8-AABF-C71FDE145C64} [1 C:\Users\xy\AppData\Roaming\*.tmp files -> C:\Users\xy\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/26 04:29:17 | 000,000,032 | ---- | M] () -- C:\Users\xy\AppData\Roaming\blckdom.res [2012/07/26 04:13:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/26 03:03:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xy\Desktop\OTL.exe [2012/07/26 02:55:07 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/26 02:53:39 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\xy\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/26 02:46:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/25 14:58:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/25 14:58:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/25 14:52:52 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys [2012/07/24 18:51:18 | 000,268,944 | ---- | M] () -- C:\Users\xy\AppData\Roaming\AcroIEHelpe174.dll [2012/07/24 18:51:18 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe174.dll [2012/07/24 18:29:07 | 000,056,320 | ---- | M] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/24 16:57:35 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Song Downloader.lnk [2012/07/24 16:57:28 | 001,586,074 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/24 16:57:28 | 000,694,250 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/07/24 16:57:28 | 000,651,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/24 16:57:28 | 000,147,374 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/07/24 16:57:28 | 000,120,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/24 16:57:17 | 001,585,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/24 16:48:33 | 000,373,153 | ---- | M] () -- C:\Users\xy\Desktop\Unbenannt.wma [2012/07/24 13:06:47 | 000,000,230 | ---- | M] () -- C:\Users\xy\Desktop\Mithören oo.url [2012/07/23 17:12:45 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe173.dll [2012/07/22 23:49:21 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2012/07/22 23:49:10 | 001,448,809 | ---- | M] (DOSBox Team) -- C:\Users\xy\Desktop\DOSBox0.74-win32-installer.exe [2012/07/22 23:47:23 | 000,272,779 | ---- | M] () -- C:\Users\xy\Desktop\logical(1).zip [2012/07/22 23:45:12 | 000,272,779 | ---- | M] () -- C:\Users\xy\Desktop\logical.zip [2012/07/20 23:14:53 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe172.dll [2012/07/20 19:36:16 | 000,000,132 | ---- | M] () -- C:\Users\xy\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012/07/20 19:22:02 | 003,747,947 | ---- | M] () -- C:\Users\xy\Desktop\20120720-Sceneline-72.jpg [2012/07/19 17:03:00 | 000,000,349 | ---- | M] () -- C:\Users\xy\Desktop\Tell IT Statistik.url [2012/07/19 14:28:00 | 000,000,513 | ---- | M] () -- C:\Users\xy\Desktop\Report SFD01.url [2012/07/18 19:15:41 | 005,500,408 | ---- | M] () -- C:\Users\xy\Desktop\leg1.jpg [2012/07/18 18:42:25 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe171.dll [2012/07/18 16:32:08 | 005,134,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/18 01:34:56 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Macromedia Dreamweaver 8.lnk [2012/07/18 01:34:56 | 000,002,011 | ---- | M] () -- C:\Users\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Macromedia Dreamweaver 8.lnk [2012/07/16 16:43:28 | 004,881,904 | R--- | M] () -- C:\Users\xy\Desktop\Verdeckter Vermittler - THE AWAKENED GUIDE TO CONSPIRACY, DEIN BEGLEITER ZUM ÜBERLEBEN IN DER NEUEN WELTORDNUNG.pdf [2012/07/16 16:37:26 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe169.dll [2012/07/12 22:04:24 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe167.dll [2012/07/11 20:11:36 | 000,006,400 | ---- | M] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe165.dll [2012/07/09 20:39:32 | 002,500,792 | ---- | M] () -- C:\Users\xy\Desktop\AdobeDownloadAssistant.exe [2012/07/04 15:52:45 | 000,001,060 | ---- | M] () -- C:\Users\xy\Desktop\Free PDF to Word Doc Converter.lnk [2012/07/04 15:51:42 | 001,128,916 | ---- | M] (www.hellopdf.com ) -- C:\Users\xy\Desktop\pdf2wordsetup.exe [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/29 17:13:53 | 041,304,829 | ---- | M] () -- C:\Users\xy\Desktop\Autoren_und_Coaches_gesucht_Webinar.zip [1 C:\Users\xy\AppData\Roaming\*.tmp files -> C:\Users\xy\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/26 02:55:07 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/24 18:51:18 | 000,268,944 | ---- | C] () -- C:\Users\xy\AppData\Roaming\AcroIEHelpe174.dll [2012/07/24 18:51:18 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe174.dll [2012/07/24 16:57:35 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Song Downloader.lnk [2012/07/24 16:55:32 | 001,586,074 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/24 16:48:33 | 000,373,153 | ---- | C] () -- C:\Users\xy\Desktop\Unbenannt.wma [2012/07/24 13:06:31 | 000,000,230 | ---- | C] () -- C:\Users\xy\Desktop\Mithören Tell IT.url [2012/07/23 17:12:45 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe173.dll [2012/07/22 23:49:21 | 000,001,925 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2012/07/22 23:47:22 | 000,272,779 | ---- | C] () -- C:\Users\xy\Desktop\logical(1).zip [2012/07/22 23:45:12 | 000,272,779 | ---- | C] () -- C:\Users\xy\Desktop\logical.zip [2012/07/20 23:14:53 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe172.dll [2012/07/20 22:22:35 | 000,000,032 | ---- | C] () -- C:\Users\xy\AppData\Roaming\blckdom.res [2012/07/20 19:22:00 | 003,747,947 | ---- | C] () -- C:\Users\xy\Desktop\20120720-Sceneline-72.jpg [2012/07/19 17:02:47 | 000,000,349 | ---- | C] () -- C:\Users\xy\Desktop\Tell IT Statistik.url [2012/07/19 14:37:52 | 000,000,513 | ---- | C] () -- C:\Users\xy\Desktop\Report SFD01.url [2012/07/18 19:14:59 | 005,500,408 | ---- | C] () -- C:\Users\xy\Desktop\leg1.jpg [2012/07/18 18:42:25 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe171.dll [2012/07/18 18:16:21 | 000,000,502 | ---- | C] () -- C:\Users\xy\Desktop\ProduktA - ProduktB.url [2012/07/18 01:34:56 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Macromedia Dreamweaver 8.lnk [2012/07/18 01:34:56 | 000,002,011 | ---- | C] () -- C:\Users\xy\Application Data\Microsoft\Internet Explorer\Quick Launch\Macromedia Dreamweaver 8.lnk [2012/07/16 16:43:23 | 004,881,904 | R--- | C] () -- C:\Users\xy\Desktop\Verdeckter Vermittler - THE AWAKENED GUIDE TO CONSPIRACY, DEIN BEGLEITER ZUM ÜBERLEBEN IN DER NEUEN WELTORDNUNG.pdf [2012/07/16 16:37:26 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe169.dll [2012/07/12 22:04:24 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe167.dll [2012/07/11 20:11:36 | 000,006,400 | ---- | C] () -- C:\Users\xy\AppData\Roaming\BAcroIEHelpe165.dll [2012/07/09 20:39:18 | 002,500,792 | ---- | C] () -- C:\Users\xy\Desktop\AdobeDownloadAssistant.exe [2012/07/04 15:52:11 | 000,001,060 | ---- | C] () -- C:\Users\xy\Desktop\Free PDF to Word Doc Converter.lnk [2012/06/29 17:08:59 | 041,304,829 | ---- | C] () -- C:\Users\xy\Desktop\Autoren_und_Coaches_gesucht_Webinar.zip [2012/06/04 19:39:00 | 000,000,055 | ---- | C] () -- C:\Windows\Ulead32.ini [2012/06/04 19:39:00 | 000,000,036 | ---- | C] () -- C:\Windows\dswplug.ini [2012/06/04 19:39:00 | 000,000,011 | ---- | C] () -- C:\Windows\Msdevctl.ini [2012/05/25 17:10:10 | 000,000,013 | ---- | C] () -- C:\Users\xy\AppData\Roaming\urhtps.dat [2012/05/07 13:27:52 | 000,004,096 | -H-- | C] () -- C:\Users\xy\AppData\Local\keyfile3.drm [2012/03/30 00:14:48 | 000,000,030 | ---- | C] () -- C:\Users\xy\easyWhiteboard.ini [2012/03/29 20:01:26 | 000,030,720 | ---- | C] () -- C:\Users\xy\AIRMAIL.POT [2012/03/24 01:48:20 | 000,003,000 | ---- | C] () -- C:\Users\xy\index.php [2012/03/23 20:59:13 | 000,001,888 | ---- | C] () -- C:\Users\xy\setup.ts [2012/02/27 17:13:29 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys [2012/02/27 17:13:29 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys [2012/02/21 18:16:00 | 000,000,023 | -HS- | C] () -- C:\Windows\SysWow64\baefbaeac5_d.dll [2012/02/09 21:17:50 | 000,003,572 | ---- | C] () -- C:\ProgramData\paths_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,818 | ---- | C] () -- C:\ProgramData\actvxcom_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,578 | ---- | C] () -- C:\ProgramData\ext_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,438 | ---- | C] () -- C:\ProgramData\softempt_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,432 | ---- | C] () -- C:\ProgramData\shrdlls_2012_02_09_201714.reg [2012/02/09 21:17:50 | 000,000,332 | ---- | C] () -- C:\ProgramData\runs_2012_02_09_201714.reg [2011/08/23 01:18:46 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011/08/23 01:17:52 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2011/08/23 01:17:33 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011/07/15 21:29:50 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2011/03/10 21:14:15 | 000,003,245 | ---- | C] () -- C:\Users\xy\133_5161_0305_Informationen zur Abgabe LStB 2010 - 0_ElsterOnline19.pdf [2011/03/04 19:12:50 | 000,000,036 | ---- | C] () -- C:\Users\xy\AppData\Local\housecall.guid.cache [2011/03/04 18:56:28 | 000,001,618 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011/02/23 20:57:25 | 000,000,120 | ---- | C] () -- C:\Users\xy\AppData\Local\Bxohuqucadot.dat [2011/02/23 20:57:25 | 000,000,000 | ---- | C] () -- C:\Users\xy\AppData\Local\Uyureqoharus.bin [2011/02/22 23:25:14 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2010/11/28 22:52:49 | 000,056,320 | ---- | C] () -- C:\Users\xy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/09 23:43:14 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010/08/11 00:07:30 | 000,001,456 | ---- | C] () -- C:\Users\xy\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010/08/10 20:16:18 | 000,000,132 | ---- | C] () -- C:\Users\xy\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010/07/13 01:06:00 | 000,000,427 | ---- | C] () -- C:\Users\xy\.jalbum-ftp-accounts.xml [2010/07/10 20:07:47 | 000,000,051 | ---- | C] () -- C:\Users\xy\.jalbum-recent-projects.properties [2010/07/10 20:00:29 | 000,000,948 | ---- | C] () -- C:\Users\xy\.jalbum-defaults.jap [2010/05/26 18:42:26 | 000,010,231 | ---- | C] () -- C:\Users\xy\cc_privat_elster_2048.pfx [2010/03/30 23:17:11 | 000,000,678 | ---- | C] () -- C:\Users\xy\.jmf-resource ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:EDAD7DB0 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B9F8237A @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5AC256BC @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:890CC2F3 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:CE0A077E < End of report > Und zuletzt OTL extra:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/26/2012 4:50:36 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\xy\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 59.66% Memory free
8.00 Gb Paging File | 6.12 Gb Available in Paging File | 76.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.79 Gb Total Space | 622.01 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
Drive D: | 286.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 931.51 Gb Total Space | 817.66 Gb Free Space | 87.78% Space Free | Partition Type: NTFS
Computer Name: XY1 | User Name: xy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BA771DE-8237-458B-9381-CB915417C84B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35B38B70-1CB5-41DC-BB8F-E73EF993B399}" = lport=49170 | protocol=6 | dir=in | name=akamai netsession interface |
"{663EB8AB-1D8E-4157-986D-E72ED8BF0C4B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{7730B69B-16E3-467C-A9DD-CD6968875A48}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F1F512EA-286A-4B01-8EE6-996C4829B860}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F935FC2D-1EF8-4A0F-9B5C-469C825CEB8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3EC37C99-ABAC-4009-94F8-A45C16D04E05}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D174681B-AD0C-454D-B8EC-B02969E921F5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F31E583E-7269-44CA-AA6D-2BC3EBBCDF66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{ABDA87DF-E9A5-4C5A-BE5C-63593915945D}_is1" = Visitor 1.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EF231A-7218-41B1-AB84-F5B48B74C50A}" = SmartControl
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"81% Gewinn für Jedermann_is1" = 81% Gewinn für Jedermann
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Color Lines Classic" = Color Lines Classic
"Die Macht des Steuerzahlers_is1" = Die Macht des Steuerzahlers
"DivX Setup" = DivX-Setup
"DriverFinder" = DriverFinder
"easy Whiteboard" = easy Whiteboard
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Finanzierungen mit und ohne SCHUFA_is1" = Finanzierungen mit und ohne SCHUFA
"FormatFactory" = FormatFactory 2.60
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Internet Download Manager 5.18 Buld 3" = Internet Download Manager 5.18 Buld 3
"IsoBuster_is1" = IsoBuster 2.8.5
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"loadtbs-2.1" = loadtbs-2.1
"Luxor Amun Rising with Luxor" = Luxor Amun Rising with Luxor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mittel gegen Titel_is1" = Mittel gegen Titel
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird (3.1.16)" = Mozilla Thunderbird (3.1.16)
"Nero - Burning Rom!UninstallKey" = Nero - Burning Rom (Web installer)
"Pyramids" = Pyramids
"QuarkXPress Passport" = QuarkXPress Passport 4.0
"RegSupreme Pro_is1" = RegSupreme Pro
"Restorer Ultimate 7.5NSIS" = Restorer Ultimate 7.5
"So brummt Ihr Laden_is1" = Reich durch Vergleich
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"ST5UNST #2" = Eyes v2.0
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"Usenet.nl_is1" = Usenet.nl
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.7
"Xilisoft PowerPoint to Video Converter Free" = Xilisoft PowerPoint to Video Converter Free
========== Last 20 Event Log Errors ==========
[ Media Center Events ]
Error - 3/17/2011 4:50:16 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 09:50:16 - Error connecting to the internet. 09:50:16 - Unable
to contact server..
Error - 3/17/2011 4:50:29 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 09:50:21 - Error connecting to the internet. 09:50:21 - Unable
to contact server..
Error - 3/17/2011 5:52:07 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 10:52:07 - Error connecting to the internet. 10:52:07 - Unable
to contact server..
Error - 3/17/2011 5:52:14 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 10:52:12 - Error connecting to the internet. 10:52:12 - Unable
to contact server..
Error - 3/17/2011 6:53:54 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 11:53:54 - Error connecting to the internet. 11:53:54 - Unable
to contact server..
Error - 3/17/2011 6:54:01 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 11:53:59 - Error connecting to the internet. 11:53:59 - Unable
to contact server..
Error - 3/17/2011 7:55:40 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 12:55:40 - Error connecting to the internet. 12:55:40 - Unable
to contact server..
Error - 3/17/2011 7:55:47 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 12:55:45 - Error connecting to the internet. 12:55:45 - Unable
to contact server..
Error - 3/18/2011 8:03:10 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 13:03:09 - Error connecting to the internet. 13:03:10 - Unable
to contact server..
Error - 3/18/2011 8:03:23 AM | Computer Name = xy1 | Source = MCUpdate | ID = 0
Description = 13:03:15 - Error connecting to the internet. 13:03:15 - Unable
to contact server..
[ System Events ]
Error - 7/24/2012 2:01:57 PM | Computer Name = xy1 | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 7/25/2012 8:52:49 AM | Computer Name = xy1 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 7/25/2012 8:52:50 AM | Computer Name = xy1 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 7/25/2012 8:53:15 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "KLAntiFL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 7/25/2012 8:53:15 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 7/25/2012 8:53:15 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE and AuthIP IPsec Keying Modules" ist von folgendem
Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 7/25/2012 8:53:15 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec Policy Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 7/25/2012 8:53:18 AM | Computer Name = xy1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computer Browser" wurde mit folgendem Fehler beendet:
%%1060
Error - 7/25/2012 9:23:34 AM | Computer Name = xy1 | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 7/25/2012 8:01:36 PM | Computer Name = xy1 | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
Ich hoffe, dass ihr mit diesen Meldungen etwas anfangen und am besten mir weiterhelfen könnt. Ich bedanke mich im Voraus für eure Mühe und Unterstützung und wünsche einen schönen stressfreien Tag. Lyci Geändert von lyci (26.07.2012 um 04:47 Uhr) |
| Themen zu RKIT/Agent.desj in BAcroIEHelpe171.dll als Malware |
| .dll, administrator, adobe flash player, audacity, avira, bho, browser, desktop, error, explorer, fehlermeldung, flash player, format, helper, hijacker.application, hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?ext=%s, install.exe, kaspersky, langs, launch, logfile, malware, malware gefunden, microsoft, neu, nvidia, plug-in, pup.adware.mediaget, pup.smspay, realtek, recycle.bin, registry, rkit/agent.desj, rogue.antimalwaredoctor, scan, schufa, search the web, searchscopes, security, server, software |
Baum-Darstellung