| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.08.2012, 09:24
| #1 |
 |  Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Hallo ihr lieben Helfer! Ich habe ein problem. Vor ca. 1 Woche hat sich dieses nette Fenster bei mir geöffnet (BKA, illegale Seite, Computer gesperrt bitte zahlen sie..) und direkt während ich noch gelesen habe hat sie sich von allein wieder geschlossen. Ich hab das dann gegoogelt und rausgefunden das es ein Trojaner sein könnte. Es lief aber alles normal. Als ich nach ein paar Tagen das Gefühl hatte dass der PC irgendwie langsamer wird (Firefox braucht ewig, minimiert sich manchmal von allein), habe ich Avira Free Antivirus durchlaufen lassen. Da wurde auch etwas gefunden Beginne mit der Desinfektion: C:\Users\Janine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7f3b5be2-441158bb [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.AO [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '565376ca.qua' verschoben! UND Beginne mit der Suche in 'C:\Users\Janine\AppData\Local\Temp\rty0_7z.exe' Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit> wurde erfolgreich repariert. C:\Users\Janine\AppData\Local\Temp\rty0_7z.exe [FUND] Ist das Trojanische Pferd TR/Injector.QV.1 [HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Programs> wurde erfolgreich repariert. [HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Programs> wurde erfolgreich repariert. [HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu> wurde erfolgreich repariert. [HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Start Menu> wurde erfolgreich repariert. [HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup> wurde erfolgreich repariert. [HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Startup> wurde erfolgreich repariert. [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '556077cf.qua' verschoben! Mehr finde ich jetzt nicht wieder.. aufjedenfall (bitte schlagt mich nicht), habe ich aus Panik und Unwissenheit als die Viren gefunden wurden unter Quarantäne alles löschen lassen. Nun taucht jedes Mal beim starten des Rechners folgende Meldung auf: Problem beim Starten von: C:/users/username/appdata/local/temp/rty0_7z.exe Das angegebene Modul wurde nicht gefunden. Ansonsten..der PC läuft, auch mit Internet.. wie gesagt nur ab und zu braucht er ewig. Jetzt ist meine Frage, was kann ich tun? Ich habe viel Horrosachen gelesen, dass alles was ich angeschlossen habe (USB Stick, externe Festplatte) auch infiziert sein könnte. Wie kann ich denn all meine Fotos etc retten? Muss ich den PC wirklich platt machen? Denn ich hab nur die externe Festplatte zum retten meiner Daten, und wenn ich die rüberschiebe, infiziere ich sie dann auch? Und mein größtes Problem ist das ich keine Windows CD habe. Ihr seht ich bin überfordert. Und zudem habe ich wirklich null Ahnung. Also falls hier wirklich jemand ist der sich erbarmt mir zu helfen.. dann bitte für ganz Blöde erklären  .Ich freu mich über jede Hilfe!! Liebe Grüße |
|
04.08.2012, 18:28
| #2 |
| /// Helfer-Team  |  Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
05.08.2012, 13:00
| #3 |
| | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Hallo t'john!!
__________________Ich danke dir so sehr dass du mir hilfst, das ist total lieb!! Also ich hab alles gemacht, hier ist das was bei malware rauskam: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.05.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Janine :: JANINE-PC [Administrator] Schutz: Aktiviert 05.08.2012 10:24:36 mbam-log-2012-08-05 (13-15-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377797 Laufzeit: 2 Stunde(n), 16 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) --> Ich hab dann auf entfernen geklickt und hoffe mal es ist nun gelöscht. Dann bei OTL das eine OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.08.2012 13:19:30 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Janine\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 53,29% Memory free 3,49 Gb Paging File | 2,07 Gb Available in Paging File | 59,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 136,95 Gb Total Space | 47,39 Gb Free Space | 34,61% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 601,96 Gb Free Space | 64,62% Space Free | Partition Type: NTFS Drive F: | 483,56 Mb Total Space | 342,13 Mb Free Space | 70,75% Space Free | Partition Type: FAT Computer Name: JANINE-PC | User Name: Janine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Janine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Boonty Games) -- C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (DKbFltr) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e627&r=273602100505l0384z1k5r4852351n IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e627&r=273602100505l0384z1k5r4852351n IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e627&r=273602100505l0384z1k5r4852351n IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e627&r=273602100505l0384z1k5r4852351n IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e627&r=273602100505l0384z1k5r4852351n IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1286296952&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fby131w.bay131.mail.live.com%2Fdefault.aspx%3Fwa%3Dwsignin1.0&lc=1031&id=64855&mkt=de-de IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE365DE365 IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e627&r=273602100505l0384z1k5r4852351n" FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010.04.13 19:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.17 18:22:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 09:48:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.03 21:26:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.17 18:22:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 09:48:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.03 21:26:01 | 000,000,000 | ---D | M] [2010.02.09 20:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\Extensions [2012.05.03 16:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine\AppData\Roaming\mozilla\Firefox\Profiles\owdk3ycl.default\extensions [2012.01.03 10:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.18 09:48:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.01.03 10:16:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.03 10:16:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.03 10:16:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.03 10:16:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.03 10:16:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.03 10:16:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ Away Reader.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{210A6D85-5C15-4AFC-9E10-EA3813A64404}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E807CD5E-96A6-46FF-875A-195D75B29AE8}: DhcpNameServer = 217.0.43.193 217.0.43.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.05 13:16:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Janine\Desktop\OTL.exe [2012.08.05 10:22:19 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Malwarebytes [2012.08.05 10:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.05 10:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.05 10:21:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.05 10:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.05 10:08:55 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{3F90A785-870B-4EA8-B972-F3743A59DE7E} [2012.08.05 10:08:04 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{DAEB1A17-6DB7-49E7-A868-7647B104689B} [2012.08.04 09:42:39 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{4B8001C1-3911-45D1-8D38-7C62D1EA132C} [2012.08.04 09:40:59 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{857610D0-0295-4EF9-8FC1-0923EA79BBCF} [2012.08.03 21:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012.08.03 21:26:01 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.03 21:25:14 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.03 21:25:14 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.03 10:33:46 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{B44DB4E5-9A0D-4965-946E-303DBF9AD159} [2012.08.03 10:32:07 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{3A15155F-1771-43F2-A9DC-B0229B6F0454} [2012.08.02 10:04:42 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{ED8EAFDF-7C03-49E4-82EF-7C2700C0B63A} [2012.08.02 10:04:00 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{8FA92618-8FCF-43C1-B979-1269D7B44E7A} [2012.08.01 07:10:18 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{02FB83EF-75B2-4712-8AC7-3443B2CC1495} [2012.08.01 07:09:37 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{8F16CD1E-EE06-42BE-811C-D16761BD49B6} [2012.07.31 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{469CB869-320B-4C78-8D07-1962DAF28F11} [2012.07.31 10:44:21 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{EA6DF65E-871D-4112-9154-76724700B194} [2012.07.30 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{8D201A04-198A-4A66-9A84-759E3BC64500} [2012.07.30 09:28:21 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{11DD3859-C14D-42F5-9E57-EB49265413EE} [2012.07.29 18:56:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AztecTribeNewLand [2012.07.29 11:07:30 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{CF12846B-A711-492A-96ED-186C86CE9B2F} [2012.07.28 10:34:42 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{B5771AFF-728E-4014-AE57-1AE6D10FB066} [2012.07.28 10:33:25 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{A5FADCE9-D02C-4EC9-AA55-92062DE3BB1A} [2012.07.27 09:34:21 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{D6E07E9C-5DE8-4113-8DBD-1E68A10FBE77} [2012.07.27 09:34:06 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{FE593932-6967-4E49-BD4A-5482413C3E16} [2012.07.26 07:55:35 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{A90843FF-133F-4FA1-8FAF-40712AC1A207} [2012.07.25 07:43:54 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{9433B4D5-4833-49EF-80B2-6825D4FD480D} [2012.07.25 07:43:33 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{43343CD3-0798-48EF-8E9C-2AE129F6BAE7} [2012.07.24 10:06:22 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{8E56916B-53D2-4D46-A3E3-FC5EAE802258} [2012.07.24 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{A3043252-BF4A-4F31-BE17-06073EC6A21D} [2012.07.23 09:33:26 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{E49C6F91-D01E-426B-9B7E-F74E75235A91} [2012.07.23 09:32:33 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{D808E35E-589C-46D6-BD7B-EDD883005EDB} [2012.07.22 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{861E9B1B-097C-4439-9737-3EC52BE5DD91} [2012.07.22 12:18:27 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{1AF5D2B2-FC29-4DE1-9915-B03914D658F2} [2012.07.21 10:30:34 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{D4908851-E321-4017-B68A-7B8D05FD9071} [2012.07.20 09:55:49 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{CBBD0323-6685-4840-8D7B-8518DB26848C} [2012.07.19 09:20:26 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{0F2BAC01-808D-4D8E-865C-7C394C1D1BF9} [2012.07.19 09:19:51 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{E1F10CF2-5F59-4E6D-9805-A3B8E052D8EE} [2012.07.18 22:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.07.18 09:47:58 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{6760BDEC-F7EA-4F76-8607-CFCD61AB8349} [2012.07.18 09:47:12 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{F377048F-7B24-4E86-A68B-D28C219D3958} [2012.07.17 18:31:47 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\HP [2012.07.17 18:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012.07.17 18:30:21 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\HP [2012.07.17 18:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2012.07.17 18:22:46 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Roaming\Yahoo! [2012.07.17 18:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! [2012.07.17 18:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012.07.17 18:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2012.07.17 18:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.07.17 18:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2012.07.17 18:14:59 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2012.07.17 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.07.17 18:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.07.17 18:12:58 | 000,966,656 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p01a.dll [2012.07.17 18:12:58 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll [2012.07.17 18:12:58 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll [2012.07.17 18:12:57 | 001,411,584 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p01a.dll [2012.07.17 18:12:57 | 000,512,512 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p01a.dll [2012.07.17 09:45:51 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{C683ACE3-A173-4DA9-B027-930ECFC65A61} [2012.07.17 09:45:10 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{88B6FBEA-359F-4305-B652-E2F3A89B79F3} [2012.07.16 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{63587FE4-E79B-47CA-9160-41C16AE297E2} [2012.07.16 09:26:59 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{F92F95DC-87E3-440A-8372-6E7D80D2AA48} [2012.07.15 09:25:06 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{DFBA4D64-16BA-4E5B-8E7F-D88F5FA6BEB9} [2012.07.15 09:24:35 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{87D03043-81CD-498A-9EBB-9E72623D537B} [2012.07.14 16:46:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.14 16:46:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.14 16:46:39 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.14 16:46:34 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.14 16:46:32 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.07.14 16:34:59 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{A305C1CA-B934-4F12-A939-7DB2C4FDB807} [2012.07.14 16:34:18 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{8F134113-BFDC-44DB-BB57-EB186C95FCEC} [2012.07.10 06:40:30 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{8F8B530E-0E35-4A4F-86F8-2B1142081649} [2012.07.10 06:38:36 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{3385B0E9-D573-4C91-8F0C-E98953DC8D26} [2012.07.09 12:02:08 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{7A73B29D-C96F-4640-A654-DEAE2133728F} [2012.07.08 21:16:19 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{883EAC53-11E1-4D5D-843E-AF68569A70F1} [2012.07.08 21:15:56 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{6E41CB07-7A83-4114-9BB5-3D3AE2E14DF3} [2012.07.08 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{C71D3EEB-58DF-4868-B175-CB490B9640E3} [2012.07.08 09:13:06 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{5001BC4F-456E-47C6-A179-52B2E8B7A246} [2012.07.07 10:41:51 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\Macromedia [2012.07.07 10:40:37 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.07.07 10:38:30 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{FC7E52A7-1B2A-4367-8CCB-A6FD280B7622} [2012.07.07 10:37:12 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{E760076C-926F-45A8-9FBA-3C32C74D639B} [2012.07.06 14:37:19 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{CDA81F80-EB32-4E34-95B5-187E27A61CE6} [2012.07.06 14:36:51 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{E83C2B6C-4A36-4FF9-90A9-C123D1C601BF} [2009.10.23 23:44:31 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.05 13:34:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.05 13:17:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Janine\Desktop\OTL.exe [2012.08.05 12:45:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.05 10:22:01 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.05 10:15:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.05 10:15:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.05 10:07:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.05 10:06:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.05 10:06:34 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys [2012.08.03 15:45:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 15:45:51 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.01 21:26:07 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.01 21:26:07 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.01 21:26:07 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.01 21:26:07 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.01 21:26:07 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.29 18:52:25 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Aztec Tribe New Land.lnk [2012.07.25 23:23:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad [2012.07.18 09:44:17 | 000,426,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.17 18:29:59 | 000,221,257 | ---- | M] () -- C:\Windows\hpoins30.dat [2012.07.17 18:20:02 | 000,002,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.05 10:22:01 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.29 18:52:25 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Aztec Tribe New Land.lnk [2012.07.25 10:36:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad [2012.07.17 18:20:02 | 000,002,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.07.17 18:13:39 | 000,221,257 | ---- | C] () -- C:\Windows\hpoins30.dat [2012.07.17 18:13:39 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat [2012.07.07 10:40:39 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.30 21:43:22 | 000,000,152 | ---- | C] () -- C:\Windows\Missing.ini [2011.11.20 16:35:56 | 000,012,770 | ---- | C] () -- C:\Users\Janine\AppData\Local\slot1.mm1 [2010.12.24 09:43:17 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.02.09 18:17:11 | 000,000,144 | ---- | C] () -- C:\Users\Janine\AppData\Roaming\wklnhst.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9B52F176 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:C2F4E9AE @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D9CED075 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:8DD36B71 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:5506D17E @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3DB62269 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3DB251F0 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:2C4CFF17 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FFBCBDB7 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:AC73CDCE @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:43D7076B @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:F8C595D1 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9F47F32C @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:6A37FCC3 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CAF8DAC8 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:8EEE3BBB @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:65621319 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5EBA4934 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:013CE219 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E3C56885 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B0BD7797 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:701B92FB @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:38FF076E @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:367F03D2 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A95624CB @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F2DC4B0B @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9D74BB19 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:94124B85 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:86B23CB4 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5E3FBF9D @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3D0C4F47 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CB5C4185 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:751D6870 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:73879882 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3AE22B1A @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:138A0A84 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:50717788 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9BCFB47A @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:6A16A184 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:56A74E89 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:24FFE96C @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:CA4FAE31 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:898109B4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:BAC56E61 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B64798F2 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:40464012 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:DD95E6D9 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:C04C48D4 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6ECD2470 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5EB551C8 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B6C1A5F4 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:657AE62F @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C602FACB @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:38849DE5 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:95C6C67C @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:39DFF372 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:27D3515D @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:F9CA48AF @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:D01ACC06 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9D03192E @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9B72C2B1 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94E8CC47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:47A24D4B @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:39637387 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F0E52E4F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C6CD88E9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AC0528D9 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4A74A9A7 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A851461E @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:831F2C78 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3EB6E559 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:36EEEDAC @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5A0CAF8 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:DD9FFC08 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D4E54A89 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F2B366E @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2BE4216C @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:51387F29 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:9B750A13 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:217A2A36 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0E544CF5 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5A6EA835 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:CA99FD89 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:AED4FFF5 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A279C25A @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6ABA8CF1 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:39613F68 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:19A40E81 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CB0FEE2B @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:755BD5CD @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:351730E8 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:969736FD @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D33169E5 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:81AF749E @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2702A8B3 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2FDFA8E2 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7FD199E4 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:14F07CC4 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6EE5C3ED @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:17927369 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:E99D1D3C @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:35629AE6 < End of report > Und das zweite , Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.08.2012 13:19:30 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Janine\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 53,29% Memory free
3,49 Gb Paging File | 2,07 Gb Available in Paging File | 59,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136,95 Gb Total Space | 47,39 Gb Free Space | 34,61% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 601,96 Gb Free Space | 64,62% Space Free | Partition Type: NTFS
Drive F: | 483,56 Mb Total Space | 342,13 Mb Free Space | 70,75% Space Free | Partition Type: FAT
Computer Name: JANINE-PC | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E7E4D-E3EE-43EC-BDD8-F74727990BAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{098E4909-FD68-467E-ABA8-8BB99A48D671}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0BC5BFA6-60B1-4645-AC10-44312FB61B6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FEBAB4C-7548-433E-A827-871FED45AECC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14F5D32F-052C-4E5A-A7AE-822AABB840EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D307951-9B4C-49AE-91C9-EFB04E83BD4D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D6C6DDE-53B4-4351-9119-04DCA6FC697F}" = lport=137 | protocol=17 | dir=in | app=system |
"{26C35844-FA36-475F-97F3-D9E86EBA6708}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F197DBB-3298-4EC6-B50D-9FC1B8355B71}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{36332713-4803-4F80-A43F-84C7EC135C20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{373DF0DC-A88E-4361-AE0A-A45BED435C50}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3940A17D-DD74-4E67-A7A7-4DC5B58DD1C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{462B9D2E-8083-4773-B61B-887C93D23857}" = lport=139 | protocol=6 | dir=in | app=system |
"{4C0E8124-C00A-4929-A941-090722258EBC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{557F1E8A-D510-49A2-9A2F-601A69AB4FDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{560374AA-12CE-468D-9111-BD0EFAC8B632}" = rport=2869 | protocol=6 | dir=out | app=system |
"{598BBD37-92C0-45AD-AF89-ACDD70D362B7}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D5F2999-A7A5-4180-A0CE-DCE497824F8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E617792-3023-4013-8257-23EF7EF73EAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{607D927F-1A15-403A-9967-5A459C36A943}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{69669309-D111-4C9E-83A8-301EC7E44766}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A22F30B-8A9B-4E5E-825E-1421B88C001C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6AC36E0D-5660-4750-94B8-EC4368A9FE10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E747C1C-20F1-4BCC-9AE7-9FF27C8CADDE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{711C543B-BEDD-45A5-BF4A-1D1D20C3DA8B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{732BE68D-943E-437D-B50F-DDF8777E7D4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CB71F98-150A-4D3A-9B82-5F90B156B6BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{82563217-6721-49AC-BFB4-E3265B3B89C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{84676E06-B7B5-41AE-BBB5-730206A95942}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{84AFC8C3-CDD2-4680-AAB9-7DDA0E019D03}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95F22231-B2A2-4E89-9DC7-27DE518C4E5F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{981EFB9A-CE3E-465C-9CBC-0DA180587D3C}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A0A5A6D-E4A2-4003-AA79-DF87193085AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9B238D90-A55E-4C37-8E6D-1BF9C99B72BA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A95A9EF1-827B-4596-AFF3-229CB4B3A04A}" = rport=139 | protocol=6 | dir=out | app=system |
"{AEF080EC-3007-498A-A450-183BF4D4F7ED}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{B052DB42-CE06-47AF-8E47-002F0057FE92}" = rport=138 | protocol=17 | dir=out | app=system |
"{B1EB5E17-FD04-496D-997A-3CE7AD7C0A99}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B8EF8535-B2D6-4AF5-8AEE-6C34A8D03671}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BA1C67D3-1CDB-45EE-A53E-ACA1CD70F492}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D62A3EBC-655C-4627-8632-40B6E83F387F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D918735C-712B-4F3C-9478-945352CE8A26}" = rport=445 | protocol=6 | dir=out | app=system |
"{EE4BC7AD-DDCD-447E-AA79-97F6470F7C1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F08E644C-4DAD-480C-B30E-E53457629C4D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F33D01B0-BA03-4860-A3E1-88FB3BB8A1EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DD4281-B5F2-49E6-BA0A-D1EE8B628FAA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{07094C2D-2B32-45BE-8E76-E0540473CAE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0E9705ED-9006-47E8-95EC-4CC27E19786F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{12983D4C-950C-486F-B91F-7478486A0DD3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{156CF187-78A3-4AF9-BCF1-681FAA35BBF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15B88438-32D3-4E31-A219-883D1FFFB8AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{16D6E763-FF9F-4C25-BE2B-9684448730D4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{16EBAEE3-A57F-4DED-9CEB-88F1B3425E47}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{1CD37C2C-ADFC-4A6A-A01B-CFDB73FA4DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1E14D63A-D431-43A4-9A91-D233164C1D06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EAAB755-7EB5-487C-8479-6B39C6D00DAC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{1F49B054-3A12-4391-863D-55D3658E82F7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{20331ACA-A1ED-4F21-90E0-937E574753F8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{20948457-A479-4C87-A848-EFF8EF4669DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22ED0072-82F4-4BF0-8623-90B5AEE0414D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{2B0FB30E-3B2C-41E7-94A7-602896178124}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E134C30-4F1E-4170-B912-205D7EC9AAE5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{31BCFED0-3C23-4155-A082-1921F651FCC1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{32DADA69-D900-4537-8A2A-5031FA7EF931}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{37E5F1E4-1C85-4D0E-8688-89EB7B4BE315}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{386DFE07-1F28-4FB8-B064-E5297E117245}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{44154568-450F-49B2-918E-0BDD298020BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{44AE17EB-5E67-44E5-B121-89ADA590D32F}" = protocol=17 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{4548105B-637C-4245-8361-0ED03267A5FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{46992107-B1FA-4946-A694-B04FADB1F58A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{49E755B9-803B-4CCD-B0F0-C8475EFBE005}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D73771A-9DF8-4E24-B182-CBDF16334042}" = dir=in | app=c:\users\janine\appdata\local\temp\7zs7142\setup\hpznui40.exe |
"{513ECF46-08F6-431C-921D-533C6F3F2678}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{55D6BF8A-147A-4BE0-8CE0-2BC6083B8708}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A7B1598-9554-494A-BC25-6FB051B277E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5AE8D98E-DF1C-4BA3-A26D-87880785A053}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{665185D2-97F1-42C1-A092-2925BD0203B2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6701B3C8-EABF-4EF9-89F7-E8FD03E332A7}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{68C3FFB0-AE50-4FE8-9163-CC36AA504425}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\iwingames.exe |
"{6AB92302-3229-4D8B-8146-E77B8E6E424A}" = protocol=6 | dir=out | app=system |
"{7290C00B-66C1-4AFF-891D-6FBE73591579}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{72E36C6F-1CBD-447A-B918-72715D7E18A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{894F0E4F-4463-4F78-BB5D-BDE60F558B4E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{91362EE9-3D06-4DE7-A2E9-9105910BE171}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9671E980-CFE8-4880-B64F-9498D53F07C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{986A374B-E7DC-419A-9E4C-DEA1D6F53800}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C42CAD0-DA0D-41FD-9938-C5BE14040E74}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{9DE501FF-3BE8-4109-87F8-DA6F4566AE06}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A27D5B99-CC71-484D-95BD-2D30FB61E1BD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A38DB2CF-656B-4448-A2A3-0D322B21389B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A4507B4D-87A8-47A9-B5EA-77E0D1B5D596}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{A475FAD0-8B1C-41F0-A421-E707DF1158C1}" = protocol=6 | dir=in | app=c:\program files (x86)\iwin games\webupdater.exe |
"{AA1A9528-6F27-484C-8966-5A90DE923464}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{AE1C54AB-3F5F-48DD-86D1-6ADB566C834F}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AE4B667C-8B83-43D4-959B-655BC4E775D6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{AE4BDC01-1D0A-4619-A9EF-48FEE9C506E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE74664B-6B25-4914-A7CB-1590CFD93A17}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B82EFE21-E65B-478C-A432-DCB13795C8FC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{B830C6B7-809D-4D99-9454-4D5D7F9B337D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{C42019A5-F746-4478-8AF0-3314AFE1A3D7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C8D5B716-4D86-4E37-9CB5-9E5AB37A8A04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C91CB99A-A680-4ACD-9ECC-FEDE076ACAD4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{CAF59A23-44B4-4A92-86C8-9382CB549BA0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{CD184A9B-5612-4FC2-B033-B55885FBF2E3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D1B7E568-1F0B-40F2-9A16-7E0065C7E15A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{D55BC428-C5F7-471E-B7EA-5F61AE28FEE2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DA753225-ED46-4EB4-A2F3-FEDB73FC4CEF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DDDA5A0E-B9BA-444B-A848-35EAA790353C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E44A6496-37AE-4A79-B82C-9BD0F2524441}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E566F67E-F6B8-4044-A2B6-E3CB7E684B93}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E8F9973F-81F9-4A88-A8D1-1E54C052119A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ED008F3D-807A-4DED-9964-CEF7B2E9FEE8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{F935660A-1F71-4387-B851-C391A2CCCC43}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F9E42F87-5378-4B3C-A1A7-F372D8017BFC}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{FBBCC2EC-8169-49F7-B6A3-18D15A6B81BD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{FD60B420-C502-4891-825F-AB24AAEAF3AC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"TCP Query User{610BFEF5-8B37-495C-BE61-108BFD318E22}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{CF507B15-9BDA-4624-8070-1CB80D08941F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{79776905-737B-4019-9113-02BAF8116D06}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F7BD88CC-8E68-4256-8AF6-32AA2EAE3195}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1" = eMachines GameZone Console
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E3409E1E-9E28-4A48-AE27-599F0A0EB857}" = The Partners
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Aztec Tribe: New Land" = Aztec Tribe: New Land
"Be a King: Golden Empire" = Be a King: Golden Empire (nur deinstallation)
"Beetle Ju 3" = Beetle Ju 3
"bgbennyboyEMIReplacementSetup_is1" = Escape From Monkey Island
"DivX Setup.divx.com" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EADM" = EA Download Manager
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"iWinArcade" = iWin Games (remove only)
"LastFM_is1" = Last.fm 1.5.4.27091
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MISEC" = Monkey Island™ Special Edition Collection
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Royal Envoy" = Royal Envoy
"ScummVM_is1" = ScummVM 1.4.1
"Tales of Monkey Island" = Tales of Monkey Island
"TeamViewer 7" = TeamViewer 7
"The Fall Trilogy - Chapter 1: Separation" = The Fall Trilogy - Chapter 1: Separation (nur deinstallation)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.03.2012 12:32:18 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.03.2012 12:32:18 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.03.2012 12:32:18 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.03.2012 07:15:10 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 18.03.2012 07:53:56 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 18.03.2012 07:55:16 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 18.03.2012 07:55:44 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.03.2012 07:55:44 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.03.2012 07:55:44 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 18.03.2012 07:55:44 | Computer Name = Janine-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 03.08.2012 15:51:06 | Computer Name = Janine-PC | Source = ipnathlp | ID = 30013
Description =
Error - 03.08.2012 16:11:05 | Computer Name = Janine-PC | Source = ipnathlp | ID = 30013
Description =
Error - 04.08.2012 03:39:21 | Computer Name = Janine-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 04.08.2012 03:39:21 | Computer Name = Janine-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 04.08.2012 03:42:03 | Computer Name = Janine-PC | Source = ipnathlp | ID = 34001
Description =
Error - 04.08.2012 03:42:03 | Computer Name = Janine-PC | Source = ipnathlp | ID = 30013
Description =
Error - 05.08.2012 04:06:43 | Computer Name = Janine-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 05.08.2012 04:06:43 | Computer Name = Janine-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 05.08.2012 04:08:27 | Computer Name = Janine-PC | Source = ipnathlp | ID = 34001
Description =
Error - 05.08.2012 04:08:27 | Computer Name = Janine-PC | Source = ipnathlp | ID = 30013
Description =
< End of report >
Ich hoffe so ists richtig! Was nun? Liebe Güße! |
|
05.08.2012, 20:16
| #4 |
| /// Helfer-Team | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE365DE365
IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e627&r=273602100505l0384z1k5r4852351n"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ Away Reader.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
[2012.07.25 23:23:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:9B52F176
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:C2F4E9AE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D9CED075
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8DD36B71
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:5506D17E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3DB62269
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3DB251F0
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:2C4CFF17
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:FFBCBDB7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AC73CDCE
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:43D7076B
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8C595D1
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:9F47F32C
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:6A37FCC3
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CAF8DAC8
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8EEE3BBB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:65621319
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5EBA4934
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:013CE219
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:B0BD7797
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:701B92FB
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:38FF076E
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:367F03D2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:A95624CB
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F2DC4B0B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:9D74BB19
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:94124B85
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:86B23CB4
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5E3FBF9D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3D0C4F47
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:CB5C4185
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:751D6870
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:73879882
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3AE22B1A
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:138A0A84
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:50717788
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:9BCFB47A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6A16A184
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:56A74E89
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:CBEB737E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:24FFE96C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CA4FAE31
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:898109B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BAC56E61
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:B64798F2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:40464012
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:DD95E6D9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C04C48D4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6ECD2470
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5EB551C8
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:B6C1A5F4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:657AE62F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:C602FACB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:38849DE5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:95C6C67C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:39DFF372
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:27D3515D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F9CA48AF
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D01ACC06
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9D03192E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9B72C2B1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:94E8CC47
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:47A24D4B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:39637387
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:F0E52E4F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:C6CD88E9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AC0528D9
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4A74A9A7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A851461E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:831F2C78
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:3EB6E559
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:36EEEDAC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:E5A0CAF8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:DD9FFC08
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D4E54A89
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:9F2B366E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:2BE4216C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:51387F29
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:9B750A13
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:217A2A36
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0E544CF5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:5A6EA835
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:CA99FD89
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AED4FFF5
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A279C25A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6ABA8CF1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:39613F68
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:19A40E81
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:CB0FEE2B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:755BD5CD
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:351730E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:969736FD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:D33169E5
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:81AF749E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:2702A8B3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2FDFA8E2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:7FD199E4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:14F07CC4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:6EE5C3ED
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:17927369
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E99D1D3C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:35629AE6
[2012.08.05 13:34:07 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 12:45:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 10:07:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 10:08:55 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{3F90A785-870B-4EA8-B972-F3743A59DE7E}
[2012.08.05 10:08:04 | 000,000,000 | ---D | C] -- C:\Users\Janine\AppData\Local\{DAEB1A17-6DB7-49E7-A868-7647B104689B}
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
06.08.2012, 09:48
| #5 |
| | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? okay ich habs gemacht, hoffentlich richtig, das kam am ende raus.. ich hoffe ich poste es jetzt auch richtig  Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Program Files was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_USERS\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-1200776420-1261404832-3851839743-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e627&r=273602100505l0384z1k5r4852351n" removed from browser.startup.homepage
Prefs.js: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Janine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ICQ Away Reader.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\z7_0ytr.pad moved successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:9B52F176 deleted successfully.
ADS C:\ProgramData\Temp:C2F4E9AE deleted successfully.
ADS C:\ProgramData\Temp:D9CED075 deleted successfully.
ADS C:\ProgramData\Temp:8DD36B71 deleted successfully.
ADS C:\ProgramData\Temp:5506D17E deleted successfully.
ADS C:\ProgramData\Temp:3DB62269 deleted successfully.
ADS C:\ProgramData\Temp:3DB251F0 deleted successfully.
ADS C:\ProgramData\Temp:2C4CFF17 deleted successfully.
ADS C:\ProgramData\Temp:FFBCBDB7 deleted successfully.
ADS C:\ProgramData\Temp:AC73CDCE deleted successfully.
ADS C:\ProgramData\Temp:43D7076B deleted successfully.
ADS C:\ProgramData\Temp:F8C595D1 deleted successfully.
ADS C:\ProgramData\Temp:9F47F32C deleted successfully.
ADS C:\ProgramData\Temp:6A37FCC3 deleted successfully.
ADS C:\ProgramData\Temp:CAF8DAC8 deleted successfully.
ADS C:\ProgramData\Temp:8EEE3BBB deleted successfully.
ADS C:\ProgramData\Temp:65621319 deleted successfully.
ADS C:\ProgramData\Temp:5EBA4934 deleted successfully.
ADS C:\ProgramData\Temp:013CE219 deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
ADS C:\ProgramData\Temp:B0BD7797 deleted successfully.
ADS C:\ProgramData\Temp:701B92FB deleted successfully.
ADS C:\ProgramData\Temp:38FF076E deleted successfully.
ADS C:\ProgramData\Temp:367F03D2 deleted successfully.
ADS C:\ProgramData\Temp:A95624CB deleted successfully.
ADS C:\ProgramData\Temp:F2DC4B0B deleted successfully.
ADS C:\ProgramData\Temp:9D74BB19 deleted successfully.
ADS C:\ProgramData\Temp:94124B85 deleted successfully.
ADS C:\ProgramData\Temp:86B23CB4 deleted successfully.
ADS C:\ProgramData\Temp:5E3FBF9D deleted successfully.
ADS C:\ProgramData\Temp:3D0C4F47 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:CB5C4185 deleted successfully.
ADS C:\ProgramData\Temp:751D6870 deleted successfully.
ADS C:\ProgramData\Temp:73879882 deleted successfully.
ADS C:\ProgramData\Temp:3AE22B1A deleted successfully.
ADS C:\ProgramData\Temp:138A0A84 deleted successfully.
ADS C:\ProgramData\Temp:50717788 deleted successfully.
ADS C:\ProgramData\Temp:9BCFB47A deleted successfully.
ADS C:\ProgramData\Temp:6A16A184 deleted successfully.
ADS C:\ProgramData\Temp:56A74E89 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
ADS C:\ProgramData\Temp:CBEB737E deleted successfully.
ADS C:\ProgramData\Temp:24FFE96C deleted successfully.
ADS C:\ProgramData\Temp:CA4FAE31 deleted successfully.
ADS C:\ProgramData\Temp:898109B4 deleted successfully.
ADS C:\ProgramData\Temp:BAC56E61 deleted successfully.
ADS C:\ProgramData\Temp:B64798F2 deleted successfully.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
ADS C:\ProgramData\Temp:40464012 deleted successfully.
ADS C:\ProgramData\Temp:DD95E6D9 deleted successfully.
ADS C:\ProgramData\Temp:C04C48D4 deleted successfully.
ADS C:\ProgramData\Temp:6ECD2470 deleted successfully.
ADS C:\ProgramData\Temp:5EB551C8 deleted successfully.
ADS C:\ProgramData\Temp:B6C1A5F4 deleted successfully.
ADS C:\ProgramData\Temp:657AE62F deleted successfully.
ADS C:\ProgramData\Temp:C602FACB deleted successfully.
ADS C:\ProgramData\Temp:38849DE5 deleted successfully.
ADS C:\ProgramData\Temp:95C6C67C deleted successfully.
ADS C:\ProgramData\Temp:39DFF372 deleted successfully.
ADS C:\ProgramData\Temp:27D3515D deleted successfully.
ADS C:\ProgramData\Temp:F9CA48AF deleted successfully.
ADS C:\ProgramData\Temp:D01ACC06 deleted successfully.
ADS C:\ProgramData\Temp:9D03192E deleted successfully.
ADS C:\ProgramData\Temp:9B72C2B1 deleted successfully.
ADS C:\ProgramData\Temp:94E8CC47 deleted successfully.
ADS C:\ProgramData\Temp:47A24D4B deleted successfully.
ADS C:\ProgramData\Temp:39637387 deleted successfully.
ADS C:\ProgramData\Temp:F0E52E4F deleted successfully.
ADS C:\ProgramData\Temp:C6CD88E9 deleted successfully.
ADS C:\ProgramData\Temp:AC0528D9 deleted successfully.
ADS C:\ProgramData\Temp:4A74A9A7 deleted successfully.
ADS C:\ProgramData\Temp:A851461E deleted successfully.
ADS C:\ProgramData\Temp:831F2C78 deleted successfully.
ADS C:\ProgramData\Temp:3EB6E559 deleted successfully.
ADS C:\ProgramData\Temp:36EEEDAC deleted successfully.
ADS C:\ProgramData\Temp:E5A0CAF8 deleted successfully.
ADS C:\ProgramData\Temp:DD9FFC08 deleted successfully.
ADS C:\ProgramData\Temp:D4E54A89 deleted successfully.
ADS C:\ProgramData\Temp:9F2B366E deleted successfully.
ADS C:\ProgramData\Temp:2BE4216C deleted successfully.
ADS C:\ProgramData\Temp:51387F29 deleted successfully.
ADS C:\ProgramData\Temp:9B750A13 deleted successfully.
ADS C:\ProgramData\Temp:217A2A36 deleted successfully.
ADS C:\ProgramData\Temp:0E544CF5 deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:5A6EA835 deleted successfully.
ADS C:\ProgramData\Temp:CA99FD89 deleted successfully.
ADS C:\ProgramData\Temp:AED4FFF5 deleted successfully.
ADS C:\ProgramData\Temp:A279C25A deleted successfully.
ADS C:\ProgramData\Temp:6ABA8CF1 deleted successfully.
ADS C:\ProgramData\Temp:39613F68 deleted successfully.
ADS C:\ProgramData\Temp:19A40E81 deleted successfully.
ADS C:\ProgramData\Temp:CB0FEE2B deleted successfully.
ADS C:\ProgramData\Temp:755BD5CD deleted successfully.
ADS C:\ProgramData\Temp:351730E8 deleted successfully.
ADS C:\ProgramData\Temp:969736FD deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:D33169E5 deleted successfully.
ADS C:\ProgramData\Temp:81AF749E deleted successfully.
ADS C:\ProgramData\Temp:2702A8B3 deleted successfully.
ADS C:\ProgramData\Temp:2FDFA8E2 deleted successfully.
ADS C:\ProgramData\Temp:7FD199E4 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:14F07CC4 deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:6EE5C3ED deleted successfully.
ADS C:\ProgramData\Temp:17927369 deleted successfully.
ADS C:\ProgramData\Temp:E99D1D3C deleted successfully.
ADS C:\ProgramData\Temp:35629AE6 deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Janine\AppData\Local\{3F90A785-870B-4EA8-B972-F3743A59DE7E} folder moved successfully.
C:\Users\Janine\AppData\Local\{DAEB1A17-6DB7-49E7-A868-7647B104689B} folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Janine\Desktop\cmd.bat deleted successfully.
C:\Users\Janine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Janine
->Temp folder emptied: 1791153027 bytes
->Temporary Internet Files folder emptied: 53351254 bytes
->Java cache emptied: 1579 bytes
->FireFox cache emptied: 186651943 bytes
->Flash cache emptied: 6148617 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 375331262 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.301,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Janine
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08062012_072842
Files\Folders moved on Reboot...
C:\Users\Janine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Janine\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
06.08.2012, 14:59
| #6 |
| /// Helfer-Team | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? |
|
06.08.2012, 17:39
| #7 |
| | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Danke fürs geduldig helfen  Hier also das Ergebnis von malware: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.06.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Janine :: JANINE-PC [Administrator] Schutz: Aktiviert 06.08.2012 16:21:47 mbam-log-2012-08-06 (16-21-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366685 Laufzeit: 2 Stunde(n), 11 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und hier das von dem cleaner: # AdwCleaner v1.800 - Logfile created 08/06/2012 at 18:36:02 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Janine - JANINE-PC # Running from : C:\Users\Janine\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Janine\AppData\Local\Temp\boost_interprocess Folder Found : C:\ProgramData\Trymedia ***** [Registry] ***** Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Conduit [x64] Key Found : HKCU\Software\Softonic ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} [x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} [x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\owdk3ycl.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1567 octets] - [06/08/2012 18:36:02] ########## EOF - C:\AdwCleaner[R1].txt - [1695 octets] ########## Dann zu deiner Frage.. also die Fehlermeldung beim starten ist weg Ich hab das gefühl der Rechner läuft an sich wieder flüssiger, aber bei Firefox kommt immernoch des öfteren "keine Rückmeldung" und dann dauert es immer erstmal bis er sich wieder fängt. Aber hat vermutlich nichts mit Virsu oder Trojaner zu tun?!Ist mein PC nun denn völlig geheilt und gerettet??? Liebe Grüße!!! |
|
06.08.2012, 17:43
| #8 |
| /// Helfer-Team | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
07.08.2012, 08:44
| #9 |
| | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Huhu fleißiger t'john! Zu schritt 1: # AdwCleaner v1.800 - Logfile created 08/06/2012 at 19:10:04 # Updated 01/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Janine - JANINE-PC # Running from : C:\Users\Janine\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Janine\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\ProgramData\Trymedia ***** [Registry] ***** Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Conduit ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Janine\AppData\Roaming\Mozilla\Firefox\Profiles\owdk3ycl.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1688 octets] - [06/08/2012 18:36:02] AdwCleaner[S1].txt - [1362 octets] - [06/08/2012 19:10:04] ########## EOF - C:\AdwCleaner[S1].txt - [1490 octets] ########## bei schritt 2... also ich hab da nichts gelöscht, aber in quarantäne verschoben.. ich hoffe das war nicht falsch.. und ich hab gestern abend vergessen den bericht zu speichern.. hab ihn aber glaube ich unter dokumente-emsisoft malware-reports wieder gefunden: Emsisoft Anti-Malware - Version 6.6 Letztes Update: 06.08.2012 19:23:48 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, E:\ Archiv Scan: An ADS Scan: An Scan Beginn: 06.08.2012 19:24:23 Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1 Gescannt 620039 Gefunden 2 Scan Ende: 06.08.2012 22:09:14 Scan Zeit: 2:44:51 Key: hkey_local_machine\software\trymedia systems Quarantäne Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\trymedia systems\activemark software Quarantäne Trace.Registry.trymedia!E1 Quarantäne 2 |
|
07.08.2012, 13:23
| #10 |
| /// Helfer-Team | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
07.08.2012, 17:35
| #11 |
| | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Also.. es gab ein paar Probleme.. ich habe Eset mit rechtklick, als Administrator ausgeführt.. dann gings los, aber vor dem scan kam eine error meldung und die möglichkeit auf back zu klicken. habe ich gemacht und dann einfach nochmal von da aus gestartet und dann gings. jedoch nach dem scan habe ich auf finish geklickt und dann mit x geschlossen. daraufhin kam diese meldung (siehe angehängt jpg datei) hier dann noch der log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=e3d0e064472d7447aa1c0534f797d628 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-07 03:40:10 # local_time=2012-08-07 05:40:10 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 4865667 4865667 0 0 # compatibility_mode=4096 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 5007187 95974751 0 0 # compatibility_mode=8192 67108863 100 0 433 433 0 0 # scanned=191723 # found=0 # cleaned=0 # scan_time=9110 deinstalliert habe ich es jetzt vorsichtshalber erstmal noch nicht.. nicht dass ichs jetzt nochmal machen muss? |
|
07.08.2012, 18:27
| #12 |
| /// Helfer-Team | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Alles OK, kannst es deinstallieren. Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
07.08.2012, 19:43
| #13 |
| | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? okay habe alles gemacht - und nun?? Fertig? LG |
|
07.08.2012, 19:50
| #14 |
| /// Helfer-Team | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Sehr gut! damit bist Du sauber und entlassen! Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
08.08.2012, 12:45
| #15 |
| | Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? Hallo T'John, ich habe nun alles gemacht was du noch geschrieben hast.. nur bei dem Zurücksetzen der Sicherheitszonen habe ich eine Frage.. ich habe das bei dem Internet Explorer gemacht,... ich benutze aber eigentlich nur Mozilla Firefox..wo finde ich das dort?? Ich hab mich schon dusselig gesucht?! Als nächstes werde ich dann noch die von dir vorgeschlagene Lektüre abarbeiten Bin ich nun völlig sauber und kann eine Datensicherungscd erstellen? Ich danke dir vielmals für deine Hilfe, das kann ich nicht oft genug sagen.. gibt es irgendwas womit ich mich bedanken kann? Ich verschicke auch Schokolade oder überweise etwas Hab schon gesehen, dass man das Forum mit PayPal unterstützen kann, finde dieses Forum eine wirklich wirklich tolle Sache, aber ich wollte mich nicht bei PayPal anmelden :-/Viele liebe Grüße |
|
| Themen zu Trojaner? BKA? Aber alles funktioniert? Fehlermeldung in C:/users? |
| antivirus, avira, beim starten, computer, explorer, externe festplatte, fehlermeldung, festplatte, firefox, frage, gesperrt, infiziert, löschen, microsoft, rty0_7z.exe, software, starten, stick, suche, temp, trojaner, trojaner?, usb, viren, windows |
Linear-Darstellung
