| |
| |||||||
Log-Analyse und Auswertung: Ransom TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.08.2012, 02:36
| #1 |
| |  Ransom Trojaner Guten Morgen Nach Kaspersky Rescue CD immer noch Fehler Meldung. Mit Malware Bytes die Fehler Meldung weg bekommen. Hier die log Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.30.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jürgen :: JÜRGEN1941 [Administrator] 30.08.2012 21:44:21 mbam-log-2012-08-30 (21-44-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 408776 Laufzeit: 1 Stunde(n), 52 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank für die Hilfe schon mal vorweg Gruß Ralf OLT hinterher OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2012 02:58:24 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jürgen\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,24% Memory free 8,00 Gb Paging File | 5,52 Gb Available in Paging File | 69,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,87 Gb Total Space | 389,59 Gb Free Space | 84,90% Space Free | Partition Type: NTFS Drive D: | 458,87 Gb Total Space | 320,27 Gb Free Space | 69,79% Space Free | Partition Type: NTFS Drive E: | 259,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JÜRGEN1941 | User Name: Jürgen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.31 02:53:39 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.31 03:55:48 | 000,394,392 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe PRC - [2012.05.31 03:55:38 | 000,041,624 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Hook.exe PRC - [2012.05.31 03:55:36 | 001,375,896 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Help.exe PRC - [2012.03.18 15:41:05 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe PRC - [2012.03.18 15:41:04 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.08.05 13:05:54 | 007,740,800 | ---- | M] (Systweak Inc) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 21:46:12 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe ========== Modules (No Company Name) ========== MOD - [2012.03.18 15:41:06 | 000,071,112 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll MOD - [2012.03.18 15:41:05 | 000,267,720 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll MOD - [2012.03.18 15:41:05 | 000,132,552 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll MOD - [2012.03.18 15:41:05 | 000,079,304 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll MOD - [2012.03.18 15:41:05 | 000,032,136 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll MOD - [2012.03.11 19:18:54 | 000,107,896 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\pmc.dll MOD - [2011.07.01 19:44:07 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007.05.29 19:48:10 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) SRV - [2012.08.23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.15 17:41:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.31 03:55:48 | 000,394,392 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc) SRV - [2010.11.04 16:41:46 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.05.29 19:48:10 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.10.26 03:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2009.10.26 03:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.21 09:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 08:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.25 22:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.13 16:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.06 18:36:34 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.07.06 18:36:33 | 000,114,080 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s IE - HKLM\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431232 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com?a=6OxWnouNoD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{0BD51F79-37CA-4F01-897F-E419E715E593}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&tmpl=8&qkw={searchTerms}&tbid=60368 IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{5BB6BFC0-C8F1-49EC-AA65-F2061842CB12}: "URL" = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{A9F7BCAB-9715-460E-B4D5-38E1B0B2EC27}: "URL" = hxxp://go.gmx.net/suchbox/ie_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{BBEFD6CD-FF6B-4958-BDBA-A6F996510324}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80814&lng=de IE - HKCU\..\SearchScopes\{C2EE10D8-5432-48F6-BEB2-4B6B5FC848CE}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=6OxWnouNoD IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms} IE - HKCU\..\SearchScopes\{E711466C-EF1E-4DCF-B8C7-000387715B4C}: "URL" = hxxp://wa.ui-portal.de/gmx/gmx/s?produkte.browser.link.ebaysuche&s_brand=gmx&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707- IE - HKCU\..\SearchScopes\{F5091E79-DF8C-4D67-947D-708F89658BF2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F4398E38-82CD-4FC6-9315-2FA360780F68&apn_sauid=56EE5416-49FD-40BB-B587-730BC581F7E1& IE - HKCU\..\SearchScopes\{FAE99F87-D6F6-4C36-B78D-D6B24C705A04}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com" FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.7.2 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1.1 FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.29 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.02 20:26:17 | 000,000,000 | ---D | M] [2010.03.29 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Extensions [2012.06.04 13:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions [2011.05.23 12:06:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.05.23 12:06:35 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2011.05.23 12:06:35 | 000,000,000 | ---D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\allglassv2@ambroos.neowin.net [2012.06.04 13:19:43 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\inboxcomtoolbar@inbox.com [2010.03.29 11:43:39 | 000,005,591 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\1und1-suche.xml [2010.03.29 11:43:39 | 000,001,371 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\amazonde.xml [2010.03.29 11:43:39 | 000,010,605 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\gmx-suche.xml [2010.10.27 10:49:55 | 000,002,149 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\MyStart Search.xml [2010.08.16 20:52:26 | 000,001,418 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\preisvergleich.xml [2010.03.29 11:43:39 | 000,005,588 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\webde-suche.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120702160049.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120702160049.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0974848A-B5BC-49F2-9778-307742B4A55D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 1 Toolbar) - {0FC85F5D-6207-4515-A490-45A549D285C0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (PCRx.com, LLC) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = File not found O4 - Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0A5032-3D3C-4592-8D93-C5B7CF2B18B0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\inbox - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9e562f0b-9edf-11df-ab15-001f16fd8349}\Shell - "" = AutoRun O33 - MountPoints2\{9e562f0b-9edf-11df-ab15-001f16fd8349}\Shell\AutoRun\command - "" = I:\iStudio.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 02:52:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.08.31 02:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.08.30 21:39:39 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Malwarebytes [2012.08.30 21:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.30 21:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 21:38:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.30 21:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.30 21:38:04 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\Documents\Downloads [2012.08.15 22:56:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 22:56:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 22:56:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 22:56:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 22:56:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 22:56:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 22:56:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 22:56:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 22:56:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 22:56:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 22:56:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 22:56:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 22:56:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 10:09:10 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 10:09:06 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 10:09:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 10:09:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 10:09:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:09:03 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:09:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:08:58 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2009.08.14 20:40:45 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.31 03:01:58 | 000,511,265 | ---- | M] () -- C:\Users\Jürgen\Desktop\adwcleaner.exe [2012.08.31 02:53:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 02:53:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 02:53:39 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.08.31 02:51:15 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.08.31 02:48:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.31 02:46:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.31 02:46:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 02:46:33 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 02:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 21:39:05 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.30 10:25:55 | 083,023,306 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.29 18:29:20 | 000,000,761 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 TDCi DPF Titanium Glasdach AHK etc. als Van-Kleinbus in Oberasbach.url [2012.08.29 16:56:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.29 16:56:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.29 16:56:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.29 16:56:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.29 16:56:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.18 21:13:52 | 462,028,506 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.17 12:52:36 | 000,000,259 | ---- | M] () -- C:\Users\Jürgen\Desktop\DEUTZ AG Aktie - Aktienkurs - Kurs - Realtimekurs - 630500 - DE0006305006 - OnVista.url [2012.08.16 19:25:59 | 000,000,205 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2 TDCi DPF Durashift-6-tronic Titanium, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.16 19:11:59 | 000,000,792 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max 616 Wunderschöner 2.2TDCi DPF Titanium Die als Kombi in Augsburg.url [2012.08.16 19:07:40 | 000,000,786 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max Titanium 2,2 TDCI Durashift-6-Tronik als Van-Kleinbus in Nürnberg.url [2012.08.16 10:33:08 | 000,368,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 17:41:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 17:41:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.09 16:20:54 | 000,000,205 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2TDCi Durashift Titanium Navi WSS-Heiz., Diesel, € 25.990,- AutoScout24 Detailansicht.url [2012.08.08 14:04:40 | 000,000,201 | ---- | M] () -- C:\Users\Jürgen\Desktop\Apfelgelee - Marions Kochbuch.url [2012.08.08 13:36:06 | 000,000,201 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen BMW, 330, d Touring Aut.Navi Leder Xenon Bluetooth PDC, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.08 11:43:45 | 000,025,003 | ---- | M] () -- C:\Users\Jürgen\Documents\Schreiben an TUI Deutschland v. 08.08.2012.odt [2012.08.07 17:57:14 | 000,950,937 | ---- | M] () -- C:\Users\Jürgen\Documents\Je_aelter_ich_werde.ppsm [2012.08.07 17:51:09 | 000,000,022 | ---- | M] () -- C:\Users\Jürgen\Documents\1.Sommerfest in der Wahlitzer Heidebreite,2.Version.zip [2012.08.07 17:50:58 | 000,007,702 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat [2012.08.07 11:18:32 | 000,010,752 | ---- | M] () -- C:\Users\Jürgen\Documents\Kündigung von TV Movie am 07.08.2012.wps [2012.08.07 11:01:26 | 000,000,250 | ---- | M] () -- C:\Users\Jürgen\Desktop\Robert Palmer- Addicted To Love - Video Dailymotion.url [2012.08.07 10:57:25 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.31 03:01:58 | 000,511,265 | ---- | C] () -- C:\Users\Jürgen\Desktop\adwcleaner.exe [2012.08.30 21:39:05 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 23:38:11 | 083,023,306 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.29 18:29:20 | 000,000,761 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 TDCi DPF Titanium Glasdach AHK etc. als Van-Kleinbus in Oberasbach.url [2012.08.16 19:25:59 | 000,000,205 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2 TDCi DPF Durashift-6-tronic Titanium, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.16 19:11:59 | 000,000,792 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max 616 Wunderschöner 2.2TDCi DPF Titanium Die als Kombi in Augsburg.url [2012.08.16 19:07:40 | 000,000,786 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max Titanium 2,2 TDCI Durashift-6-Tronik als Van-Kleinbus in Nürnberg.url [2012.08.09 16:20:54 | 000,000,205 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2TDCi Durashift Titanium Navi WSS-Heiz., Diesel, € 25.990,- AutoScout24 Detailansicht.url [2012.08.08 14:04:40 | 000,000,201 | ---- | C] () -- C:\Users\Jürgen\Desktop\Apfelgelee - Marions Kochbuch.url [2012.08.08 13:36:06 | 000,000,201 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen BMW, 330, d Touring Aut.Navi Leder Xenon Bluetooth PDC, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.08 13:17:30 | 000,000,267 | ---- | C] () -- C:\Users\Jürgen\Documents\AG Frankfurt Forderung der IContent GmbH besteht nicht - Rechtsanwalt Thomas Meier.url [2012.08.08 11:36:01 | 000,025,003 | ---- | C] () -- C:\Users\Jürgen\Documents\Schreiben an TUI Deutschland v. 08.08.2012.odt [2012.08.07 17:57:13 | 000,950,937 | ---- | C] () -- C:\Users\Jürgen\Documents\Je_aelter_ich_werde.ppsm [2012.08.07 11:18:32 | 000,010,752 | ---- | C] () -- C:\Users\Jürgen\Documents\Kündigung von TV Movie am 07.08.2012.wps [2012.07.09 20:53:11 | 000,120,898 | ---- | C] () -- C:\Users\Jürgen\ESt2011_Griffel_Hans-Jürgen_und_Griffel_Hannelore v.09.07.2012.elfo [2012.06.14 23:02:55 | 000,083,984 | ---- | C] () -- C:\Users\Jürgen\ESt2011_Griffel_Hans-Jürgen_und_Griffel_Hannelore.elfo [2012.02.15 12:23:17 | 000,000,039 | ---- | C] () -- C:\Windows\ImageViewer.INI [2011.12.14 19:18:32 | 000,000,000 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\{0D95320E-5C11-49E1-9E5D-AB5FE55B496C} [2011.03.27 13:58:42 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{7CD10299-04E2-4C15-880A-BC245346FA3D}.dat [2011.03.20 14:34:53 | 003,406,336 | ---- | C] () -- C:\Windows\SysWow64\GMX-DLLUpdate1.exe [2011.02.12 14:13:17 | 000,000,085 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\DAXACHRT.INI [2011.01.18 19:23:54 | 000,110,100 | ---- | C] () -- C:\Users\Jürgen\ESt2010_Griffel_Hans-Jürgen_und_Griffel_Hannelore.elfo [2010.06.23 15:09:47 | 000,000,017 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\resmon.resmoncfg [2010.04.18 19:37:37 | 000,023,552 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.02 20:53:18 | 000,007,702 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat ========== Files - Unicode (All) ========== [2012.08.29 15:53:33 | 000,000,737 | ---- | M] ()(C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP? 47.360,- als Van-Kleinbus in Neumünster.url) -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP€ 47.360,- als Van-Kleinbus in Neumünster.url [2012.08.29 15:53:33 | 000,000,737 | ---- | C] ()(C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP? 47.360,- als Van-Kleinbus in Neumünster.url) -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP€ 47.360,- als Van-Kleinbus in Neumünster.url < End of report > Und Adwcleaner # AdwCleaner v2.000 - Datei am 08/31/2012 um 03:31:52 erstellt # Aktualisiert am 30/08/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Jürgen - JÜRGEN1941 # Normaler Modus : Normal # Ausgeführt unter : C:\Users\Jürgen\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** Gefunden : 24x7HelpSvc ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\MyStart Search.xml Datei Gefunden : C:\Windows\SysWOW64\conduitEngine.tmp Ordner Gefunden : C:\Program Files (x86)\Ask.com Ordner Gefunden : C:\Program Files (x86)\Conduit Ordner Gefunden : C:\Program Files (x86)\ConduitEngine Ordner Gefunden : C:\Program Files (x86)\Inbox Toolbar Ordner Gefunden : C:\Program Files (x86)\IncrediMail_MediaBar_2 Ordner Gefunden : C:\Program Files (x86)\IncrediMail_MediaBar_2 Ordner Gefunden : C:\Program Files (x86)\PHPNukeEN Ordner Gefunden : C:\Program Files (x86)\Radio_Bar_1 Ordner Gefunden : C:\ProgramData\Ask Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar Ordner Gefunden : C:\ProgramData\Partner Ordner Gefunden : C:\Users\Jürgen\AppData\Local\Conduit Ordner Gefunden : C:\Users\Jürgen\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Jürgen\AppData\LocalLow\ConduitEngine Ordner Gefunden : C:\Users\Jürgen\AppData\LocalLow\Inbox Toolbar Ordner Gefunden : C:\Users\Jürgen\AppData\LocalLow\IncrediMail_MediaBar_2 Ordner Gefunden : C:\Users\Jürgen\AppData\LocalLow\IncrediMail_MediaBar_2 Ordner Gefunden : C:\Users\Jürgen\AppData\LocalLow\PHPNukeEN Ordner Gefunden : C:\Users\Jürgen\AppData\LocalLow\PriceGong Ordner Gefunden : C:\Users\Jürgen\AppData\LocalLow\Radio_Bar_1 Ordner Gefunden : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\extensions\inboxcomtoolbar@inbox.com Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\24x7HELP Schlüssel Gefunden : HKCU\Software\APN Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2 Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2 Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PHPNukeEN Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Radio_Bar_1 Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\IM Schlüssel Gefunden : HKCU\Software\ImInstaller Schlüssel Gefunden : HKCU\Software\Inbox Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FC85F5D-6207-4515-A490-45A549D285C0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FC85F5D-6207-4515-A490-45A549D285C0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1083ECD8-9E5B-4D2E-B47A-3D87076C1ABB} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : HKLM\Software\24x7HELP Schlüssel Gefunden : HKLM\Software\APN Schlüssel Gefunden : HKLM\Software\AskToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2055800 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2086743 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2405725 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431232 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2724386 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\conduitEngine Schlüssel Gefunden : HKLM\Software\conduitEngine Schlüssel Gefunden : HKLM\Software\ImInstaller Schlüssel Gefunden : HKLM\Software\Inbox Toolbar Schlüssel Gefunden : HKLM\Software\IncrediMail_MediaBar_2 Schlüssel Gefunden : HKLM\Software\IncrediMail_MediaBar_2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1083ECD8-9E5B-4D2E-B47A-3D87076C1ABB} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2A40E739-CF52-4CCB-8166-3323AD433A09} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CE3D196-CBB4-414E-BAED-075115349C60} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Schlüssel Gefunden : HKLM\Software\PHPNukeEN Schlüssel Gefunden : HKLM\Software\Radio_Bar_1 Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FC85F5D-6207-4515-A490-45A549D285C0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1083ECD8-9E5B-4D2E-B47A-3D87076C1ABB} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2A40E739-CF52-4CCB-8166-3323AD433A09} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CE3D196-CBB4-414E-BAED-075115349C60} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FF49010-9F23-497D-B561-94D69AE318EA} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F71D2C6-2370-4047-A2A3-5A57A9986A42} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{996463BC-8E21-4ADD-B222-91FCDDE3D498} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9B1F3F33-99B0-4ED3-879A-633770C63EAF} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBDB8B40-8735-43A0-AA44-3FB6B501AC7A} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FC85F5D-6207-4515-A490-45A549D285C0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD02A4EB-4AFD-4D60-99D8-E67F964CA813} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1 Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeEN Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Radio_Bar_1 Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Schlüssel Gefunden : HKU\S-1-5-21-3296613501-2093130938-1811267169-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Schlüssel Gefunden : HKU\S-1-5-21-3296613501-2093130938-1811267169-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96} Schlüssel Gefunden : HKU\S-1-5-21-3296613501-2093130938-1811267169-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Schlüssel Gefunden : HKU\S-1-5-21-3296613501-2093130938-1811267169-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0FC85F5D-6207-4515-A490-45A549D285C0}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0FC85F5D-6207-4515-A490-45A549D285C0}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0FC85F5D-6207-4515-A490-45A549D285C0}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Profilname : default Datei : C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\prefs.js Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search"); Gefunden : user_pref("browser.search.selectedEngine", "MyStart Search"); ************************* AdwCleaner[R1].txt - [15689 octets] - [31/08/2012 03:31:52] ########## EOF - C:\AdwCleaner[R1].txt - [15750 octets] ########## |
|
31.08.2012, 06:44
| #2 | |||||
| /// Helfer-Team    | Ransom Trojaner Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Code:
ATTFilter :OTL
[2012.08.30 10:25:55 | 083,023,306 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.29 23:38:11 | 083,023,306 | ---- | C] () -- C:\ProgramData\nud0repor.pad
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Zitat:
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
3. erneut einen Scan mit OTL:
Zitat:
Nur bei Probleme inzwischen melden! ** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
31.08.2012, 14:48
| #3 |
| | Ransom Trojaner Danke schon mal für die schnelle Reaktion! Mal sehen ob das mit den Code Tags klappt
__________________Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\nud0repor.pad moved successfully.
File C:\ProgramData\nud0repor.pad not found.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Jürgen\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jürgen
->Temp folder emptied: 781394472 bytes
->Temporary Internet Files folder emptied: 757807623 bytes
->Java cache emptied: 5464898 bytes
->FireFox cache emptied: 81186555 bytes
->Flash cache emptied: 96699 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 445710312 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101413 bytes
RecycleBin emptied: 739501424 bytes
Total Files Cleaned = 2.681,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 08312012_152849
Files\Folders moved on Reboot...
C:\Users\Jürgen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jürgen\AppData\Local\Temp\~DF4F38210B969AEC9E.TMP not found!
File\Folder C:\Users\Jürgen\AppData\Local\Temp\~DF50A801B5BB991C84.TMP not found!
File\Folder C:\Users\Jürgen\AppData\Local\Temp\~DF6808A85ACD188107.TMP not found!
File\Folder C:\Users\Jürgen\AppData\Local\Temp\~DFF7E45EF76AAFEEDC.TMP not found!
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0ENDH8R\ads[3].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\617GN0GH\123129-ransom-trojaner[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter 24x7 Help PCRx.com, LLC 04.06.2012 3,04MB 2.0.0.9 Acer Arcade Deluxe CyberLink Corp. 10.10.2007 96,4MB 3.1.6731 Acer Backup Manager NewTech Infosystems 14.08.2009 226MB 2.0.2.19 Acer eRecovery Management Acer Incorporated 10.10.2007 4.05.3003 Acer GameZone Console Oberon Media, Inc. 14.08.2009 5.1.0.2 Acer Registration Acer Incorporated 10.10.2007 1.02.3004 Acer ScreenSaver Acer Incorporated 10.10.2007 1.2.0812 Acer Updater Acer Incorporated 14.08.2009 1.01.3014 Acrobat.com Adobe Systems Incorporated 14.08.2009 1,60MB 1.6.65 Adobe AIR Adobe Systems Inc. 14.08.2009 1.5.0.7220 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.08.2012 6,00MB 11.3.300.271 Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 16.08.2012 168MB 10.1.4 Alice Greenfingers Oberon Media 09.10.2011 Amazonia Oberon Media 09.10.2011 ATI Catalyst Install Manager ATI Technologies, Inc. 10.10.2007 18,2MB 3.0.732.0 CCleaner Piriform 22.08.2012 3.22 Chicken Invaders 2 Oberon Media 09.10.2011 Compatibility Pack für 2007 Office System Microsoft Corporation 15.08.2012 276MB 12.0.6612.1000 Conduit Engine Conduit Ltd. 25.12.2010 Dairy Dash Oberon Media 09.10.2011 Dream Day First Home Oberon Media 09.10.2011 eBay Worldwide OEM 30.10.2009 100KB 2.1.0703 ElsterFormular Landesfinanzdirektion Thüringen 13.06.2012 160MB 13.2.0.8623p ElsterFormular für Privatanwender Landesfinanzdirektion Thüringen 17.01.2011 130GB 12.0.0.5880p ElsterFormular für Privatanwender Landesfinanzdirektion Thüringen 19.06.2011 140GB 12.1.0.6164p eSobi v2 esobi Inc. 14.08.2009 20,4MB 2.0.4.000274 Farm Frenzy 2 Oberon Media 09.10.2011 Feedback Tool Microsoft Corporation 28.02.2011 1,60MB 1.2.0 Firefox 3.6 GMX Edition GMX 09.10.2011 GMX Internet Explorer Addon 1&1 Mail & Media GmbH 19.04.2011 1.0.0.9 GMX Softwareaktualisierung 1&1 Mail & Media GmbH 24.06.2011 2.0.1.5 GMX Toolbar für Internet Explorer 1&1 Mail & Media GmbH 15.07.2011 1.6.5.3 Google Toolbar for Internet Explorer Google Inc. 11.08.2012 7.4.3203.136 Granny In Paradise Oberon Media 09.10.2011 Heroes of Hellas Oberon Media 09.10.2011 Hotkey Utility Acer Incorporated 10.10.2007 1.00.3004 Identity Card Acer Incorporated 10.10.2007 1.00.3001 Inbox Toolbar Inbox.com, Inc. 04.06.2012 2,94MB 1.0.0.135 IncrediMail 2.0 IncrediMail Ltd. 18.03.2012 6.2.9.5181 IncrediMail MediaBar 2 Toolbar IncrediMail MediaBar 2 07.09.2011 6.5.2.8 Intel® Matrix Storage Manager Intel Corporation 10.10.2007 Internet Explorer 8 GMX Edition GMX 09.10.2011 Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 30.08.2012 18,7MB 1.62.0.1300 McAfee AntiVirus Plus McAfee, Inc. 02.07.2012 11.0.678 McAfee Security Scan Plus McAfee, Inc. 25.10.2010 8,30MB 2.0.181.2 Merriam Websters Spell Jam Oberon Media 09.10.2011 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.11.2010 38,8MB 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 17.09.2011 7,95MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 08.02.2012 12.0.6612.1000 Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 08.02.2012 12.0.6612.1000 Microsoft Office Live Add-in 1.5 Microsoft Corporation 13.06.2010 508KB 2.0.4024.1 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 15.08.2012 40,9MB 12.0.6612.1000 Microsoft Office Suite Activation Assistant Microsoft Corporation 14.08.2009 8,36MB 2.9 Microsoft Silverlight Microsoft Corporation 11.05.2012 240MB 4.1.10329.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.10.2007 1,72MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 300KB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 23.11.2009 200KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 13.04.2011 598KB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 01.07.2011 784KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 03.07.2011 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 17.01.2011 598KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 22.11.2009 596KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 01.07.2011 226KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 600KB 9.0.30729.6161 Microsoft Works Microsoft Corporation 18.04.2012 1,01GB 9.7.0621 Microsoft WSE 3.0 Runtime Microsoft Corp. 18.12.2010 942KB 3.0.5305.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 31.10.2009 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,33MB 4.20.9876.0 MyWinLocker Egis Technology Inc. 14.08.2009 47,9MB 3.1.72.0 NAVIGON Fresh 3.4.1 NAVIGON 11.07.2012 3.4.1 Nero 9 Essentials Nero AG 14.08.2009 Netzmanager 10.10.2007 Netzmanager Deutsche Telekom AG 18.12.2010 1.05 OpenOffice.org 3.3 OpenOffice.org 01.07.2011 414MB 3.3.9567 PC Connectivity Solution Nokia 01.07.2012 17,9MB 9.13.1.0 Photo Notifier and Animation Creator IncrediMail Ltd. 18.03.2012 1.0.0.1009 PhotoMail Maker IncrediMail Ltd. 26.07.2010 6.0.0.1007 PHPNukeEN Toolbar PHPNukeEN 25.12.2010 6.2.3.0 PlayReady PC Runtime amd64 Microsoft Corporation 18.12.2009 2,05MB 1.3.0 Radio_Bar_1 Toolbar 28.02.2010 REALTEK DTV USB DEVICE Realtek 13.12.2009 1.00.0000 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14.08.2009 6.0.1.5898 RegClean Pro Systweak Inc 22.02.2012 12,9MB 6.21 SAMSUNG Intelli-studio 13.03.2011 Star Defender 4 Oberon Media 09.10.2011 System Checkup 3.2 iolo technologies, LLC 28.03.2012 3.2.0.35 Systweak PhotoStudio 2.1 Systweak Inc. 25.09.2011 2.1.2954.85 Welcome Center Acer Incorporated 10.10.2007 1.00.3005 Winamp Nullsoft, Inc 09.10.2011 5.601 Winamp Erkennungs-Plug-in Nullsoft, Inc 28.01.2011 63,0KB 1.0.0.1 Windows Live Essentials Microsoft Corporation 19.06.2011 15.4.3508.1109 Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 19.06.2011 5,57MB 15.4.5722.2 Windows Live Sync Microsoft Corporation 03.12.2009 2,79MB 14.0.8089.726 Windows Mobile-Gerätecenter Microsoft Corporation 13.06.2010 27,4MB 6.1.6965.0 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 01.07.2012 08/22/2008 7.0.0.0 OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2012 15:59:24 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jürgen\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,27% Memory free 8,00 Gb Paging File | 5,69 Gb Available in Paging File | 71,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,87 Gb Total Space | 392,90 Gb Free Space | 85,62% Space Free | Partition Type: NTFS Drive D: | 458,87 Gb Total Space | 320,27 Gb Free Space | 69,79% Space Free | Partition Type: NTFS Computer Name: JÜRGEN1941 | User Name: Jürgen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.31 02:53:39 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.31 03:55:48 | 000,394,392 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe PRC - [2012.03.18 15:41:05 | 000,366,024 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe PRC - [2012.03.18 15:41:04 | 000,263,624 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 21:46:12 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe ========== Modules (No Company Name) ========== MOD - [2012.03.18 15:41:06 | 000,071,112 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll MOD - [2012.03.18 15:41:05 | 000,267,720 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll MOD - [2012.03.18 15:41:05 | 000,132,552 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll MOD - [2012.03.18 15:41:05 | 000,079,304 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll MOD - [2012.03.18 15:41:05 | 000,032,136 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll MOD - [2012.03.11 19:18:54 | 000,107,896 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\pmc.dll MOD - [2011.07.01 19:44:07 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007.05.29 19:48:10 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) SRV - [2012.08.23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.15 17:41:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.31 03:55:48 | 000,394,392 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc) SRV - [2010.11.04 16:41:46 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.05.29 19:48:10 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.10.26 03:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2009.10.26 03:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.21 09:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 08:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.25 22:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.13 16:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.06 18:36:34 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.07.06 18:36:33 | 000,114,080 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s IE - HKLM\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431232 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com?a=6OxWnouNoD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{0BD51F79-37CA-4F01-897F-E419E715E593}: "URL" = hxxp://go.gmx.net/br/ie8_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&tmpl=8&qkw={searchTerms}&tbid=60368 IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms} IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{5BB6BFC0-C8F1-49EC-AA65-F2061842CB12}: "URL" = hxxp://go.gmx.net/suchbox/amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms} IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms} IE - HKCU\..\SearchScopes\{A9F7BCAB-9715-460E-B4D5-38E1B0B2EC27}: "URL" = hxxp://go.gmx.net/suchbox/ie_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{BBEFD6CD-FF6B-4958-BDBA-A6F996510324}: "URL" = hxxp://go.gmx.net/br/ie8_search_ebay/?q={searchTerms} IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80814&lng=de IE - HKCU\..\SearchScopes\{C2EE10D8-5432-48F6-BEB2-4B6B5FC848CE}: "URL" = hxxp://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=6OxWnouNoD IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms} IE - HKCU\..\SearchScopes\{E711466C-EF1E-4DCF-B8C7-000387715B4C}: "URL" = hxxp://wa.ui-portal.de/gmx/gmx/s?produkte.browser.link.ebaysuche&s_brand=gmx&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707- IE - HKCU\..\SearchScopes\{F5091E79-DF8C-4D67-947D-708F89658BF2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F4398E38-82CD-4FC6-9315-2FA360780F68&apn_sauid=56EE5416-49FD-40BB-B587-730BC581F7E1& IE - HKCU\..\SearchScopes\{FAE99F87-D6F6-4C36-B78D-D6B24C705A04}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.order.1: "GMX Suche" FF - prefs.js..browser.search.order.2: "WEB.DE Suche" FF - prefs.js..browser.search.order.3: "1und1 Suche" FF - prefs.js..browser.search.order.4: "amazon.de" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com" FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.7.2 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1.1 FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.29 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.02 20:26:17 | 000,000,000 | ---D | M] [2010.03.29 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Extensions [2012.06.04 13:19:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions [2011.05.23 12:06:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.05.23 12:06:35 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2011.05.23 12:06:35 | 000,000,000 | ---D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\allglassv2@ambroos.neowin.net [2012.06.04 13:19:43 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\inboxcomtoolbar@inbox.com [2010.03.29 11:43:39 | 000,005,591 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\1und1-suche.xml [2010.03.29 11:43:39 | 000,001,371 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\amazonde.xml [2010.03.29 11:43:39 | 000,010,605 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\gmx-suche.xml [2010.10.27 10:49:55 | 000,002,149 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\MyStart Search.xml [2010.08.16 20:52:26 | 000,001,418 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\preisvergleich.xml [2010.03.29 11:43:39 | 000,005,588 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\webde-suche.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120702160049.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.) O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120702160049.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0974848A-B5BC-49F2-9778-307742B4A55D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 1 Toolbar) - {0FC85F5D-6207-4515-A490-45A549D285C0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (PCRx.com, LLC) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = File not found O4 - Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0A5032-3D3C-4592-8D93-C5B7CF2B18B0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\inbox - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9e562f0b-9edf-11df-ab15-001f16fd8349}\Shell - "" = AutoRun O33 - MountPoints2\{9e562f0b-9edf-11df-ab15-001f16fd8349}\Shell\AutoRun\command - "" = I:\iStudio.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 15:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.08.31 15:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.31 15:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.08.31 15:28:49 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.31 02:52:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.08.30 21:39:39 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Malwarebytes [2012.08.30 21:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.30 21:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 21:38:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.30 21:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.30 21:38:04 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\Documents\Downloads [2012.08.15 22:56:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 22:56:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 22:56:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 22:56:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 22:56:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 22:56:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 22:56:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 22:56:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 22:56:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 22:56:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 22:56:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 22:56:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 22:56:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 10:09:10 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 10:09:06 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 10:09:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 10:09:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 10:09:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:09:03 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:09:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:08:58 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2009.08.14 20:40:45 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.08.31 15:53:39 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.31 15:49:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 15:49:48 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 15:49:46 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.08.31 15:48:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.31 15:44:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.31 15:42:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 15:42:16 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 15:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.31 03:30:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.31 03:30:07 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.31 03:30:07 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.31 03:30:07 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.31 03:30:07 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.31 03:01:58 | 000,511,265 | ---- | M] () -- C:\Users\Jürgen\Desktop\adwcleaner.exe [2012.08.31 02:53:39 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.08.30 21:39:05 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 18:29:20 | 000,000,761 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 TDCi DPF Titanium Glasdach AHK etc. als Van-Kleinbus in Oberasbach.url [2012.08.18 21:13:52 | 462,028,506 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.08.17 12:52:36 | 000,000,259 | ---- | M] () -- C:\Users\Jürgen\Desktop\DEUTZ AG Aktie - Aktienkurs - Kurs - Realtimekurs - 630500 - DE0006305006 - OnVista.url [2012.08.16 19:25:59 | 000,000,205 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2 TDCi DPF Durashift-6-tronic Titanium, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.16 19:11:59 | 000,000,792 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max 616 Wunderschöner 2.2TDCi DPF Titanium Die als Kombi in Augsburg.url [2012.08.16 19:07:40 | 000,000,786 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max Titanium 2,2 TDCI Durashift-6-Tronik als Van-Kleinbus in Nürnberg.url [2012.08.16 10:33:08 | 000,368,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 17:41:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 17:41:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.09 16:20:54 | 000,000,205 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2TDCi Durashift Titanium Navi WSS-Heiz., Diesel, € 25.990,- AutoScout24 Detailansicht.url [2012.08.08 14:04:40 | 000,000,201 | ---- | M] () -- C:\Users\Jürgen\Desktop\Apfelgelee - Marions Kochbuch.url [2012.08.08 13:36:06 | 000,000,201 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen BMW, 330, d Touring Aut.Navi Leder Xenon Bluetooth PDC, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.08 11:43:45 | 000,025,003 | ---- | M] () -- C:\Users\Jürgen\Documents\Schreiben an TUI Deutschland v. 08.08.2012.odt [2012.08.07 17:57:14 | 000,950,937 | ---- | M] () -- C:\Users\Jürgen\Documents\Je_aelter_ich_werde.ppsm [2012.08.07 17:51:09 | 000,000,022 | ---- | M] () -- C:\Users\Jürgen\Documents\1.Sommerfest in der Wahlitzer Heidebreite,2.Version.zip [2012.08.07 17:50:58 | 000,007,702 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat [2012.08.07 11:18:32 | 000,010,752 | ---- | M] () -- C:\Users\Jürgen\Documents\Kündigung von TV Movie am 07.08.2012.wps [2012.08.07 11:01:26 | 000,000,250 | ---- | M] () -- C:\Users\Jürgen\Desktop\Robert Palmer- Addicted To Love - Video Dailymotion.url [2012.08.07 10:57:25 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin ========== Files Created - No Company Name ========== [2012.08.31 15:53:39 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.31 03:01:58 | 000,511,265 | ---- | C] () -- C:\Users\Jürgen\Desktop\adwcleaner.exe [2012.08.30 21:39:05 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 18:29:20 | 000,000,761 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 TDCi DPF Titanium Glasdach AHK etc. als Van-Kleinbus in Oberasbach.url [2012.08.16 19:25:59 | 000,000,205 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2 TDCi DPF Durashift-6-tronic Titanium, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.16 19:11:59 | 000,000,792 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max 616 Wunderschöner 2.2TDCi DPF Titanium Die als Kombi in Augsburg.url [2012.08.16 19:07:40 | 000,000,786 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max Titanium 2,2 TDCI Durashift-6-Tronik als Van-Kleinbus in Nürnberg.url [2012.08.09 16:20:54 | 000,000,205 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2TDCi Durashift Titanium Navi WSS-Heiz., Diesel, € 25.990,- AutoScout24 Detailansicht.url [2012.08.08 14:04:40 | 000,000,201 | ---- | C] () -- C:\Users\Jürgen\Desktop\Apfelgelee - Marions Kochbuch.url [2012.08.08 13:36:06 | 000,000,201 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen BMW, 330, d Touring Aut.Navi Leder Xenon Bluetooth PDC, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.08 13:17:30 | 000,000,267 | ---- | C] () -- C:\Users\Jürgen\Documents\AG Frankfurt Forderung der IContent GmbH besteht nicht - Rechtsanwalt Thomas Meier.url [2012.08.08 11:36:01 | 000,025,003 | ---- | C] () -- C:\Users\Jürgen\Documents\Schreiben an TUI Deutschland v. 08.08.2012.odt [2012.08.07 17:57:13 | 000,950,937 | ---- | C] () -- C:\Users\Jürgen\Documents\Je_aelter_ich_werde.ppsm [2012.08.07 11:18:32 | 000,010,752 | ---- | C] () -- C:\Users\Jürgen\Documents\Kündigung von TV Movie am 07.08.2012.wps [2012.07.09 20:53:11 | 000,120,898 | ---- | C] () -- C:\Users\Jürgen\ESt2011_Griffel_Hans-Jürgen_und_Griffel_Hannelore v.09.07.2012.elfo [2012.06.14 23:02:55 | 000,083,984 | ---- | C] () -- C:\Users\Jürgen\ESt2011_Griffel_Hans-Jürgen_und_Griffel_Hannelore.elfo [2012.02.15 12:23:17 | 000,000,039 | ---- | C] () -- C:\Windows\ImageViewer.INI [2011.12.14 19:18:32 | 000,000,000 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\{0D95320E-5C11-49E1-9E5D-AB5FE55B496C} [2011.03.27 13:58:42 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{7CD10299-04E2-4C15-880A-BC245346FA3D}.dat [2011.03.20 14:34:53 | 003,406,336 | ---- | C] () -- C:\Windows\SysWow64\GMX-DLLUpdate1.exe [2011.02.12 14:13:17 | 000,000,085 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\DAXACHRT.INI [2011.01.18 19:23:54 | 000,110,100 | ---- | C] () -- C:\Users\Jürgen\ESt2010_Griffel_Hans-Jürgen_und_Griffel_Hannelore.elfo [2010.06.23 15:09:47 | 000,000,017 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\resmon.resmoncfg [2010.04.18 19:37:37 | 000,023,552 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.02 20:53:18 | 000,007,702 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2011.06.11 13:03:29 | 000,000,000 | -HSD | M] -- C:\Users\Jürgen\AppData\Roaming\.# [2011.05.23 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\1&1 Mail & Media GmbH [2012.08.05 18:47:08 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Elhiqy [2012.06.13 13:26:27 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\elsterformular [2009.10.31 18:30:55 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\GameConsole [2012.07.01 15:21:59 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Nokia [2011.07.01 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\OpenOffice.org [2009.11.06 17:22:52 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\OPHI [2012.05.27 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Oqteas [2012.07.01 15:21:57 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\PC Suite [2011.05.23 12:06:35 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\PowerCinema [2011.05.23 12:06:35 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\SoftDMA [2012.02.22 12:38:02 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Systweak [2009.11.12 13:07:43 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Template [2012.08.05 18:49:36 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Zureuv [2012.08.08 19:48:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.08.29 15:53:33 | 000,000,737 | ---- | M] ()(C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP? 47.360,- als Van-Kleinbus in Neumünster.url) -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP€ 47.360,- als Van-Kleinbus in Neumünster.url [2012.08.29 15:53:33 | 000,000,737 | ---- | C] ()(C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP? 47.360,- als Van-Kleinbus in Neumünster.url) -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP€ 47.360,- als Van-Kleinbus in Neumünster.url < End of report > |
|
01.09.2012, 01:17
| #4 | ||
| /// Helfer-Team | Ransom Trojaner Systemreinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Deinstalliere unter Systemsteuerung-> Software/Programme : Code:
ATTFilter Conduit Eng
Inbox Toolbar Inbox.com, Inc.
IncrediMail MediaBar
PHPNukeEN Toolbar
Radio_Bar_1 Toolbar
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Brauchst Du nicht wirklich?!: Code:
ATTFilter Firefox 3.6 GMX Edition GMX 09.10.2011
GMX Internet Explorer Addon 1&1 Mail & Media GmbH 19.04.2011 1.0.0.9
GMX Softwareaktualisierung 1&1 Mail & Media GmbH 24.06.2011 2.0.1.5
GMX Toolbar für Internet Explorer 1&1 Mail & Media GmbH 15.07.2011 1.6.5.3
3. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_x3812&r=17361009ln07973780ll5lh781jl1s
IE - HKLM\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431232
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com?a=6OxWnouNoD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = http://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0BD51F79-37CA-4F01-897F-E419E715E593}: "URL" = http://go.gmx.net/br/ie8_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&tmpl=8&qkw={searchTerms}&tbid=60368
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = http://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = http://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5BB6BFC0-C8F1-49EC-AA65-F2061842CB12}: "URL" = http://go.gmx.net/suchbox/amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = http://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=search_box
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = http://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{A9F7BCAB-9715-460E-B4D5-38E1B0B2EC27}: "URL" = http://go.gmx.net/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{BBEFD6CD-FF6B-4958-BDBA-A6F996510324}: "URL" = http://go.gmx.net/br/ie8_search_ebay/?q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80814&lng=de
IE - HKCU\..\SearchScopes\{C2EE10D8-5432-48F6-BEB2-4B6B5FC848CE}: "URL" = http://go.gmx.net/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=6OxWnouNoD
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\..\SearchScopes\{E711466C-EF1E-4DCF-B8C7-000387715B4C}: "URL" = hxxp://wa.ui-portal.de/gmx/gmx/s?produkte.browser.link.ebaysuche&s_brand=gmx&t_link=ebaysuche&ns_type=clickin&ns_url=hxxp://rover.ebay.com/rover/1/707-
IE - HKCU\..\SearchScopes\{F5091E79-DF8C-4D67-947D-708F89658BF2}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=F4398E38-82CD-4FC6-9315-2FA360780F68&apn_sauid=56EE5416-49FD-40BB-B587-730BC581F7E1&
IE - HKCU\..\SearchScopes\{FAE99F87-D6F6-4C36-B78D-D6B24C705A04}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2012.06.04 13:19:43 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\inboxcomtoolbar@inbox.com
[2010.03.29 11:43:39 | 000,005,591 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\1und1-suche.xml
[2010.03.29 11:43:39 | 000,001,371 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\amazonde.xml
[2010.03.29 11:43:39 | 000,010,605 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\gmx-suche.xml
[2010.10.27 10:49:55 | 000,002,149 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\MyStart Search.xml
[2010.08.16 20:52:26 | 000,001,418 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\preisvergleich.xml
[2010.03.29 11:43:39 | 000,005,588 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\Mozilla\Firefox\Profiles\4zvwto7k.default\searchplugins\webde-suche.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Radio Bar 1 Toolbar) - {0fc85f5d-6207-4515-a490-45a549d285c0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files (x86)\PHPNukeEN\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0974848A-B5BC-49F2-9778-307742B4A55D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 1 Toolbar) - {0FC85F5D-6207-4515-A490-45A549D285C0} - C:\Program Files (x86)\Radio_Bar_1\tbRad0.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9e562f0b-9edf-11df-ab15-001f16fd8349}\Shell - "" = AutoRun
O33 - MountPoints2\{9e562f0b-9edf-11df-ab15-001f16fd8349}\Shell\AutoRun\command - "" = I:\iStudio.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\iStudio.exe
[2012.08.31 15:48:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.31 15:44:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
4. Aktualisieren: Code:
ATTFilter OpenOffice.org
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 6. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
7. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
8. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
01.09.2012, 13:49
| #5 |
| | Ransom Trojaner Tolle die schnelle Reaktion ESET Scanner Code:
ATTFilter
C:\Users\Jürgen\Downloads\SoftonicDownloader_para_soulseek.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
D:\JÜRGEN1941\Backup Set 2012-04-22 190002\Backup Files 2012-04-22 190002\Backup files 2.zip a variant of Win32/SoftonicDownloader.A application deleted - quarantined
D:\JÜRGEN1941\Backup Set 2012-04-22 190002\Backup Files 2012-06-03 224326\Backup files 2.zip a variant of Win32/SoftonicDownloader.A application deleted - quarantined
D:\JÜRGEN1941\Backup Set 2012-06-10 213920\Backup Files 2012-06-10 213920\Backup files 2.zip a variant of Win32/SoftonicDownloader.A application deleted - quarantined
OLT Scan OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.09.2012 14:39:04 - Run 3 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jürgen\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,11% Memory free 8,00 Gb Paging File | 5,64 Gb Available in Paging File | 70,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,87 Gb Total Space | 393,54 Gb Free Space | 85,76% Space Free | Partition Type: NTFS Drive D: | 458,87 Gb Total Space | 321,69 Gb Free Space | 70,10% Space Free | Partition Type: NTFS Computer Name: JÜRGEN1941 | User Name: Jürgen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.31 02:53:39 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.31 03:55:48 | 000,394,392 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe PRC - [2012.05.31 03:55:38 | 000,041,624 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Hook.exe PRC - [2012.05.31 03:55:36 | 001,375,896 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Help.exe PRC - [2011.08.05 13:05:54 | 007,740,800 | ---- | M] (Systweak Inc) -- C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 21:46:12 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe ========== Modules (No Company Name) ========== MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007.05.29 19:48:10 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) SRV - [2012.08.23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.15 17:41:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.31 03:55:48 | 000,394,392 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc) SRV - [2010.11.04 16:41:46 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.05.29 19:48:10 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.10.26 03:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2009.10.26 03:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.21 09:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 08:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.25 22:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.13 16:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.06 18:36:34 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.07.06 18:36:33 | 000,114,080 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKCU\..\SearchScopes,DefaultScope = {577FB1F0-35C7-422C-B111-DEBCB98053FA} IE - HKCU\..\SearchScopes\{577FB1F0-35C7-422C-B111-DEBCB98053FA}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.order.3: "" FF - prefs.js..browser.search.order.4: "" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com" FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.7.2 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1.1 FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=" FF - prefs.js..browser.search.selectedEngine: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.29 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.02 20:26:17 | 000,000,000 | ---D | M] [2010.03.29 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Extensions [2012.09.01 11:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions [2011.05.23 12:06:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.05.23 12:06:35 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2011.05.23 12:06:35 | 000,000,000 | ---D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\allglassv2@ambroos.neowin.net O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120702160049.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (no name) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120702160049.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (PCRx.com, LLC) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0A5032-3D3C-4592-8D93-C5B7CF2B18B0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.01 12:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.01 12:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.08.31 19:52:23 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.31 19:52:16 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.31 19:52:16 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.31 19:52:16 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.31 18:52:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.08.31 18:52:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.08.31 15:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.08.31 15:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.31 15:28:49 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.31 02:52:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.08.30 21:39:39 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Malwarebytes [2012.08.30 21:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.30 21:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 21:38:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.30 21:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.30 21:38:04 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\Documents\Downloads [2012.08.15 22:56:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 22:56:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 22:56:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 22:56:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 22:56:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 22:56:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 22:56:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 22:56:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 22:56:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 22:56:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 22:56:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 22:56:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 22:56:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 10:09:10 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 10:09:06 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 10:09:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 10:09:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 10:09:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:09:03 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:09:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:08:58 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2009.08.14 20:40:45 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.09.01 14:41:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.01 12:02:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.01 12:02:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.01 12:00:19 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.09.01 11:55:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.01 11:55:05 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 19:52:10 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.31 19:52:07 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.31 19:52:07 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.31 19:52:07 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.31 19:52:06 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.08.31 15:53:39 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.31 03:30:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.31 03:30:07 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.31 03:30:07 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.31 03:30:07 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.31 03:30:07 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.31 03:01:58 | 000,511,265 | ---- | M] () -- C:\Users\Jürgen\Desktop\adwcleaner.exe [2012.08.31 02:53:39 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.08.30 21:39:05 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 18:29:20 | 000,000,761 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 TDCi DPF Titanium Glasdach AHK etc. als Van-Kleinbus in Oberasbach.url [2012.08.17 12:52:36 | 000,000,259 | ---- | M] () -- C:\Users\Jürgen\Desktop\DEUTZ AG Aktie - Aktienkurs - Kurs - Realtimekurs - 630500 - DE0006305006 - OnVista.url [2012.08.16 19:25:59 | 000,000,205 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2 TDCi DPF Durashift-6-tronic Titanium, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.16 19:11:59 | 000,000,792 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max 616 Wunderschöner 2.2TDCi DPF Titanium Die als Kombi in Augsburg.url [2012.08.16 19:07:40 | 000,000,786 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max Titanium 2,2 TDCI Durashift-6-Tronik als Van-Kleinbus in Nürnberg.url [2012.08.16 10:33:08 | 000,368,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 17:41:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 17:41:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.09 16:20:54 | 000,000,205 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2TDCi Durashift Titanium Navi WSS-Heiz., Diesel, € 25.990,- AutoScout24 Detailansicht.url [2012.08.08 14:04:40 | 000,000,201 | ---- | M] () -- C:\Users\Jürgen\Desktop\Apfelgelee - Marions Kochbuch.url [2012.08.08 13:36:06 | 000,000,201 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen BMW, 330, d Touring Aut.Navi Leder Xenon Bluetooth PDC, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.08 11:43:45 | 000,025,003 | ---- | M] () -- C:\Users\Jürgen\Documents\Schreiben an TUI Deutschland v. 08.08.2012.odt [2012.08.07 17:57:14 | 000,950,937 | ---- | M] () -- C:\Users\Jürgen\Documents\Je_aelter_ich_werde.ppsm [2012.08.07 17:51:09 | 000,000,022 | ---- | M] () -- C:\Users\Jürgen\Documents\1.Sommerfest in der Wahlitzer Heidebreite,2.Version.zip [2012.08.07 17:50:58 | 000,007,702 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat [2012.08.07 11:18:32 | 000,010,752 | ---- | M] () -- C:\Users\Jürgen\Documents\Kündigung von TV Movie am 07.08.2012.wps [2012.08.07 11:01:26 | 000,000,250 | ---- | M] () -- C:\Users\Jürgen\Desktop\Robert Palmer- Addicted To Love - Video Dailymotion.url [2012.08.07 10:57:25 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin ========== Files Created - No Company Name ========== [2012.08.31 15:53:39 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.31 03:01:58 | 000,511,265 | ---- | C] () -- C:\Users\Jürgen\Desktop\adwcleaner.exe [2012.08.30 21:39:05 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 18:29:20 | 000,000,761 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 TDCi DPF Titanium Glasdach AHK etc. als Van-Kleinbus in Oberasbach.url [2012.08.16 19:25:59 | 000,000,205 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2 TDCi DPF Durashift-6-tronic Titanium, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.16 19:11:59 | 000,000,792 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max 616 Wunderschöner 2.2TDCi DPF Titanium Die als Kombi in Augsburg.url [2012.08.16 19:07:40 | 000,000,786 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max Titanium 2,2 TDCI Durashift-6-Tronik als Van-Kleinbus in Nürnberg.url [2012.08.09 16:20:54 | 000,000,205 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2TDCi Durashift Titanium Navi WSS-Heiz., Diesel, € 25.990,- AutoScout24 Detailansicht.url [2012.08.08 14:04:40 | 000,000,201 | ---- | C] () -- C:\Users\Jürgen\Desktop\Apfelgelee - Marions Kochbuch.url [2012.08.08 13:36:06 | 000,000,201 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen BMW, 330, d Touring Aut.Navi Leder Xenon Bluetooth PDC, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.08 13:17:30 | 000,000,267 | ---- | C] () -- C:\Users\Jürgen\Documents\AG Frankfurt Forderung der IContent GmbH besteht nicht - Rechtsanwalt Thomas Meier.url [2012.08.08 11:36:01 | 000,025,003 | ---- | C] () -- C:\Users\Jürgen\Documents\Schreiben an TUI Deutschland v. 08.08.2012.odt [2012.08.07 17:57:13 | 000,950,937 | ---- | C] () -- C:\Users\Jürgen\Documents\Je_aelter_ich_werde.ppsm [2012.08.07 11:18:32 | 000,010,752 | ---- | C] () -- C:\Users\Jürgen\Documents\Kündigung von TV Movie am 07.08.2012.wps [2012.07.09 20:53:11 | 000,120,898 | ---- | C] () -- C:\Users\Jürgen\ESt2011_Griffel_Hans-Jürgen_und_Griffel_Hannelore v.09.07.2012.elfo [2012.06.14 23:02:55 | 000,083,984 | ---- | C] () -- C:\Users\Jürgen\ESt2011_Griffel_Hans-Jürgen_und_Griffel_Hannelore.elfo [2012.02.15 12:23:17 | 000,000,039 | ---- | C] () -- C:\Windows\ImageViewer.INI [2011.12.14 19:18:32 | 000,000,000 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\{0D95320E-5C11-49E1-9E5D-AB5FE55B496C} [2011.03.27 13:58:42 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{7CD10299-04E2-4C15-880A-BC245346FA3D}.dat [2011.03.20 14:34:53 | 003,406,336 | ---- | C] () -- C:\Windows\SysWow64\GMX-DLLUpdate1.exe [2011.02.12 14:13:17 | 000,000,085 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\DAXACHRT.INI [2011.01.18 19:23:54 | 000,110,100 | ---- | C] () -- C:\Users\Jürgen\ESt2010_Griffel_Hans-Jürgen_und_Griffel_Hannelore.elfo [2010.06.23 15:09:47 | 000,000,017 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\resmon.resmoncfg [2010.04.18 19:37:37 | 000,023,552 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.02 20:53:18 | 000,007,702 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2011.06.11 13:03:29 | 000,000,000 | -HSD | M] -- C:\Users\Jürgen\AppData\Roaming\.# [2011.05.23 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\1&1 Mail & Media GmbH [2012.08.05 18:47:08 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Elhiqy [2012.06.13 13:26:27 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\elsterformular [2009.10.31 18:30:55 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\GameConsole [2012.07.01 15:21:59 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Nokia [2011.07.01 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\OpenOffice.org [2009.11.06 17:22:52 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\OPHI [2012.05.27 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Oqteas [2012.07.01 15:21:57 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\PC Suite [2011.05.23 12:06:35 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\PowerCinema [2011.05.23 12:06:35 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\SoftDMA [2012.02.22 12:38:02 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Systweak [2009.11.12 13:07:43 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Template [2012.08.05 18:49:36 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Zureuv [2012.08.08 19:48:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.08.29 15:53:33 | 000,000,737 | ---- | M] ()(C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP? 47.360,- als Van-Kleinbus in Neumünster.url) -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP€ 47.360,- als Van-Kleinbus in Neumünster.url [2012.08.29 15:53:33 | 000,000,737 | ---- | C] ()(C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP? 47.360,- als Van-Kleinbus in Neumünster.url) -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP€ 47.360,- als Van-Kleinbus in Neumünster.url < End of report > |
|
02.09.2012, 08:54
| #6 | |
| /// Helfer-Team | Ransom Trojaner 1. Zitat:
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes,DefaultScope = {577FB1F0-35C7-422C-B111-DEBCB98053FA}
IE - HKCU\..\SearchScopes\{577FB1F0-35C7-422C-B111-DEBCB98053FA}: "URL" = http://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.startup.homepage: "http://mystart.incredimail.com"
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search="
O2:64bit: - BHO: (no name) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. kann ich nicht zuordnen, um was handelt es sich dabei ?: Code:
ATTFilter [2012.08.05 18:47:08 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Elhiqy
[2012.05.27 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Oqteas
[2012.08.05 18:49:36 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Zureuv
__________________ --> Ransom Trojaner |
|
02.09.2012, 17:26
| #7 |
| | Ransom Trojaner Zu den Roaming Dateien kann ich nichts sagen die finde ich so auch gar nicht auf dem PC (alle Ordner sind frei sichtbar auch Systemordner) Kann das was mit nem Netzmanager Software der Telekom zu tun haben? Der läuft hier mit war sicher bei so einem Router dabei??? Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{577FB1F0-35C7-422C-B111-DEBCB98053FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{577FB1F0-35C7-422C-B111-DEBCB98053FA}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://mystart.incredimail.com" removed from browser.startup.homepage
Prefs.js: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5 removed from extensions.enabledItems
Prefs.js: "hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Jürgen\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jürgen
->Temp folder emptied: 790067 bytes
->Temporary Internet Files folder emptied: 12378279 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 846 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3962 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49286 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 13,00 mb
OTL by OldTimer - Version 3.2.59.1 log created on 09022012_181934
Files\Folders moved on Reboot...
C:\Users\Jürgen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SL6HS8Q7\ads[5].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SL6HS8Q7\ads[6].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SL6HS8Q7\ads[7].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D4VSDFAA\123129-ransom-trojaner[1].htm moved successfully.
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LYX9WDP\iframe[1].htm moved successfully.
File\Folder C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LYX9WDP\si[2].htm not found!
C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LYX9WDP\si[3].htm moved successfully.
File\Folder C:\Users\Jürgen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5LYX9WDP\si[4].htm not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Zwei Ordner sind leer Der Ordner Oqteas beinhaltet die Datei seoww.cea mit einem abgeschlossenem Vorhängeschloss davor Größe 406kb |
|
03.09.2012, 13:45
| #8 | |
| /// Helfer-Team | Ransom TrojanerZitat:
erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.09.2012, 23:15
| #9 |
| | Ransom Trojaner System ist beim ersten Scan abgestürzt Danach keine Probleme OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.09.2012 00:10:59 - Run 6 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jürgen\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 64,48% Memory free 8,00 Gb Paging File | 6,05 Gb Available in Paging File | 75,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 458,87 Gb Total Space | 391,55 Gb Free Space | 85,33% Space Free | Partition Type: NTFS Drive D: | 458,87 Gb Total Space | 311,15 Gb Free Space | 67,81% Space Free | Partition Type: NTFS Computer Name: JÜRGEN1941 | User Name: Jürgen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.31 02:53:39 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.31 03:55:48 | 000,394,392 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe PRC - [2012.05.31 03:55:38 | 000,041,624 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Hook.exe PRC - [2012.05.31 03:55:36 | 001,375,896 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Help.exe PRC - [2010.12.09 12:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe PRC - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.08.12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.08.06 19:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe PRC - [2009.08.04 21:46:12 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe PRC - [2009.08.04 07:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe PRC - [2009.07.31 17:29:12 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe ========== Modules (No Company Name) ========== MOD - [2009.08.18 09:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll MOD - [2009.08.18 09:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe MOD - [2009.02.03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007.05.29 19:48:10 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) SRV - [2012.08.23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.15 17:41:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.31 03:55:48 | 000,394,392 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc) SRV - [2010.11.04 16:41:46 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.08.06 19:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.04 15:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.03.04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.05.29 19:48:10 | 000,020,480 | ---- | M] (Oki Data Corporation) [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\OPHILDCS.EXE -- (OKI OPHI DCS Loader) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.10.26 03:43:18 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2009.10.26 03:43:16 | 000,117,152 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.21 09:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 08:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.06.04 23:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.25 22:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.13 16:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.06 18:36:34 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.07.06 18:36:33 | 000,114,080 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.order.2: "" FF - prefs.js..browser.search.order.3: "" FF - prefs.js..browser.search.order.4: "" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4 FF - prefs.js..extensions.enabledItems: FF - prefs.js..extensions.enabledItems: {C473DC2B-895F-4E11-B8BF-FF28DFD62829}:1.7.2 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1.1 FF - prefs.js..browser.search.selectedEngine: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.03.29 08:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.07.02 20:26:17 | 000,000,000 | ---D | M] [2010.03.29 11:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Extensions [2012.09.01 11:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions [2011.05.23 12:06:35 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66} [2011.05.23 12:06:35 | 000,000,000 | ---D | M] (GMX Firefox Addon) -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\{C473DC2B-895F-4E11-B8BF-FF28DFD62829} [2011.05.23 12:06:35 | 000,000,000 | ---D | M] ("All-Glass Firefox mod, based on Glasser") -- C:\Users\Jürgen\AppData\Roaming\mozilla\Firefox\Profiles\4zvwto7k.default\extensions\allglassv2@ambroos.neowin.net O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120702160049.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120702160049.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (PCRx.com, LLC) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - Startup: C:\Users\Jürgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD0A5032-3D3C-4592-8D93-C5B7CF2B18B0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.04 00:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.09.01 16:35:10 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.09.01 16:33:59 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2012.09.01 12:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.08.31 19:52:23 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.31 19:52:16 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.31 19:52:16 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.31 19:52:16 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.31 18:52:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012.08.31 18:52:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012.08.31 15:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.08.31 15:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.08.31 15:28:49 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.31 02:52:21 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.08.30 21:39:39 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\AppData\Roaming\Malwarebytes [2012.08.30 21:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.30 21:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.30 21:38:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.30 21:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.30 21:38:04 | 000,000,000 | ---D | C] -- C:\Users\Jürgen\Documents\Downloads [2012.08.15 22:56:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.15 22:56:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.15 22:56:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.15 22:56:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.15 22:56:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.15 22:56:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.15 22:56:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.15 22:56:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.15 22:56:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.15 22:56:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.15 22:56:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.15 22:56:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 22:56:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.15 10:09:10 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 10:09:06 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 10:09:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 10:09:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 10:09:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 10:09:03 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 10:09:02 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 10:08:58 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2009.08.14 20:40:45 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.09.04 00:01:35 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.09.04 00:01:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 00:01:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 23:53:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.03 23:53:40 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys [2012.09.03 23:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.02 18:04:26 | 000,371,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.01 16:35:11 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.08.31 19:52:10 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.08.31 19:52:07 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.08.31 19:52:07 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.08.31 19:52:07 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.08.31 19:52:06 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.08.31 15:53:39 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.31 03:30:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.31 03:30:07 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.31 03:30:07 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.31 03:30:07 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.31 03:30:07 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.31 03:01:58 | 000,511,265 | ---- | M] () -- C:\Users\Jürgen\Desktop\adwcleaner.exe [2012.08.31 02:53:39 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Jürgen\Desktop\OTL.exe [2012.08.30 21:39:05 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 18:29:20 | 000,000,761 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 TDCi DPF Titanium Glasdach AHK etc. als Van-Kleinbus in Oberasbach.url [2012.08.17 12:52:36 | 000,000,259 | ---- | M] () -- C:\Users\Jürgen\Desktop\DEUTZ AG Aktie - Aktienkurs - Kurs - Realtimekurs - 630500 - DE0006305006 - OnVista.url [2012.08.16 19:25:59 | 000,000,205 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2 TDCi DPF Durashift-6-tronic Titanium, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.16 19:11:59 | 000,000,792 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max 616 Wunderschöner 2.2TDCi DPF Titanium Die als Kombi in Augsburg.url [2012.08.16 19:07:40 | 000,000,786 | ---- | M] () -- C:\Users\Jürgen\Desktop\Ford S-Max Titanium 2,2 TDCI Durashift-6-Tronik als Van-Kleinbus in Nürnberg.url [2012.08.15 17:41:21 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 17:41:21 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.09 16:20:54 | 000,000,205 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2TDCi Durashift Titanium Navi WSS-Heiz., Diesel, € 25.990,- AutoScout24 Detailansicht.url [2012.08.08 14:04:40 | 000,000,201 | ---- | M] () -- C:\Users\Jürgen\Desktop\Apfelgelee - Marions Kochbuch.url [2012.08.08 13:36:06 | 000,000,201 | ---- | M] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen BMW, 330, d Touring Aut.Navi Leder Xenon Bluetooth PDC, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.08 11:43:45 | 000,025,003 | ---- | M] () -- C:\Users\Jürgen\Documents\Schreiben an TUI Deutschland v. 08.08.2012.odt [2012.08.07 17:57:14 | 000,950,937 | ---- | M] () -- C:\Users\Jürgen\Documents\Je_aelter_ich_werde.ppsm [2012.08.07 17:51:09 | 000,000,022 | ---- | M] () -- C:\Users\Jürgen\Documents\1.Sommerfest in der Wahlitzer Heidebreite,2.Version.zip [2012.08.07 17:50:58 | 000,007,702 | ---- | M] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat [2012.08.07 11:18:32 | 000,010,752 | ---- | M] () -- C:\Users\Jürgen\Documents\Kündigung von TV Movie am 07.08.2012.wps [2012.08.07 11:01:26 | 000,000,250 | ---- | M] () -- C:\Users\Jürgen\Desktop\Robert Palmer- Addicted To Love - Video Dailymotion.url [2012.08.07 10:57:25 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin ========== Files Created - No Company Name ========== [2012.09.01 16:35:11 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.08.31 15:53:39 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.31 03:01:58 | 000,511,265 | ---- | C] () -- C:\Users\Jürgen\Desktop\adwcleaner.exe [2012.08.30 21:39:05 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.29 18:29:20 | 000,000,761 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 TDCi DPF Titanium Glasdach AHK etc. als Van-Kleinbus in Oberasbach.url [2012.08.16 19:25:59 | 000,000,205 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2 TDCi DPF Durashift-6-tronic Titanium, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.16 19:11:59 | 000,000,792 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max 616 Wunderschöner 2.2TDCi DPF Titanium Die als Kombi in Augsburg.url [2012.08.16 19:07:40 | 000,000,786 | ---- | C] () -- C:\Users\Jürgen\Desktop\Ford S-Max Titanium 2,2 TDCI Durashift-6-Tronik als Van-Kleinbus in Nürnberg.url [2012.08.09 16:20:54 | 000,000,205 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen Ford, S-Max, 2.2TDCi Durashift Titanium Navi WSS-Heiz., Diesel, € 25.990,- AutoScout24 Detailansicht.url [2012.08.08 14:04:40 | 000,000,201 | ---- | C] () -- C:\Users\Jürgen\Desktop\Apfelgelee - Marions Kochbuch.url [2012.08.08 13:36:06 | 000,000,201 | ---- | C] () -- C:\Users\Jürgen\Desktop\Gebrauchtwagen BMW, 330, d Touring Aut.Navi Leder Xenon Bluetooth PDC, Diesel, € 30.990,- AutoScout24 Detailansicht.url [2012.08.08 13:17:30 | 000,000,267 | ---- | C] () -- C:\Users\Jürgen\Documents\AG Frankfurt Forderung der IContent GmbH besteht nicht - Rechtsanwalt Thomas Meier.url [2012.08.08 11:36:01 | 000,025,003 | ---- | C] () -- C:\Users\Jürgen\Documents\Schreiben an TUI Deutschland v. 08.08.2012.odt [2012.08.07 17:57:13 | 000,950,937 | ---- | C] () -- C:\Users\Jürgen\Documents\Je_aelter_ich_werde.ppsm [2012.08.07 11:18:32 | 000,010,752 | ---- | C] () -- C:\Users\Jürgen\Documents\Kündigung von TV Movie am 07.08.2012.wps [2012.07.09 20:53:11 | 000,120,898 | ---- | C] () -- C:\Users\Jürgen\ESt2011_Griffel_Hans-Jürgen_und_Griffel_Hannelore v.09.07.2012.elfo [2012.06.14 23:02:55 | 000,083,984 | ---- | C] () -- C:\Users\Jürgen\ESt2011_Griffel_Hans-Jürgen_und_Griffel_Hannelore.elfo [2012.02.15 12:23:17 | 000,000,039 | ---- | C] () -- C:\Windows\ImageViewer.INI [2011.12.14 19:18:32 | 000,000,000 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\{0D95320E-5C11-49E1-9E5D-AB5FE55B496C} [2011.03.27 13:58:42 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{7CD10299-04E2-4C15-880A-BC245346FA3D}.dat [2011.03.20 14:34:53 | 003,406,336 | ---- | C] () -- C:\Windows\SysWow64\GMX-DLLUpdate1.exe [2011.02.12 14:13:17 | 000,000,085 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\DAXACHRT.INI [2011.01.18 19:23:54 | 000,110,100 | ---- | C] () -- C:\Users\Jürgen\ESt2010_Griffel_Hans-Jürgen_und_Griffel_Hannelore.elfo [2010.06.23 15:09:47 | 000,000,017 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\resmon.resmoncfg [2010.04.18 19:37:37 | 000,023,552 | ---- | C] () -- C:\Users\Jürgen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.02 20:53:18 | 000,007,702 | ---- | C] () -- C:\Users\Jürgen\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2011.06.11 13:03:29 | 000,000,000 | -HSD | M] -- C:\Users\Jürgen\AppData\Roaming\.# [2011.05.23 12:06:34 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\1&1 Mail & Media GmbH [2012.06.13 13:26:27 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\elsterformular [2009.10.31 18:30:55 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\GameConsole [2012.07.01 15:21:59 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Nokia [2011.07.01 19:45:31 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\OpenOffice.org [2009.11.06 17:22:52 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\OPHI [2012.05.27 18:35:42 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Oqteas [2012.07.01 15:21:57 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\PC Suite [2011.05.23 12:06:35 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\PowerCinema [2011.05.23 12:06:35 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\SoftDMA [2012.02.22 12:38:02 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Systweak [2009.11.12 13:07:43 | 000,000,000 | ---D | M] -- C:\Users\Jürgen\AppData\Roaming\Template [2012.08.08 19:48:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.08.29 15:53:33 | 000,000,737 | ---- | M] ()(C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP? 47.360,- als Van-Kleinbus in Neumünster.url) -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP€ 47.360,- als Van-Kleinbus in Neumünster.url [2012.08.29 15:53:33 | 000,000,737 | ---- | C] ()(C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP? 47.360,- als Van-Kleinbus in Neumünster.url) -- C:\Users\Jürgen\Desktop\Ford S-Max 2.2 Titanium S, NP€ 47.360,- als Van-Kleinbus in Neumünster.url < End of report > und die Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2012 02:58:24 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Jürgen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,24% Memory free
8,00 Gb Paging File | 5,52 Gb Available in Paging File | 69,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,87 Gb Total Space | 389,59 Gb Free Space | 84,90% Space Free | Partition Type: NTFS
Drive D: | 458,87 Gb Total Space | 320,27 Gb Free Space | 69,79% Space Free | Partition Type: NTFS
Drive E: | 259,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: JÜRGEN1941 | User Name: Jürgen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CF39AC1-E5C6-4CBE-973D-8B2225500B54}" = lport=7000 | protocol=17 | dir=in | name=udp-port für windows-easytransfer |
"{1049F5BB-8751-4E9E-92E1-5CFA2AD7C42F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22084628-0352-403E-AA13-E2012A5F2C08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A3A933F-DAF5-411F-8655-A73B545D2C9F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4125DFC7-F7FE-41E6-AD6A-CD048C992D13}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43D7118E-6969-42D5-84B7-D1C1A1FACB38}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{548EE3B5-0901-4B4B-A214-F924AA08A3A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61DFFFCA-9EBE-40B2-85FA-4308175C77E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B079713-F7FF-44AD-99A5-CC764DF8B63A}" = lport=7000 | protocol=6 | dir=in | name=tcp-port für windows-easytransfer |
"{6E8963CF-3ABA-416E-B184-F42279C15E67}" = rport=138 | protocol=17 | dir=out | app=system |
"{71EB432C-89B5-4C8A-B0B2-692961724DAD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D7F4295-1A94-4309-B2C9-F674EA1E1F61}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8309C6AB-83C7-45D3-8A65-F79AD31E3EA6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{89E24286-F4A4-447D-82CA-7C2B849ACEF1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E2C44AB-30F7-43C8-9D41-83DB1B670E54}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8F758A0E-5CCF-409F-987A-AAC3F59AD878}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8FEA2F8C-E420-45ED-937D-F188EA950898}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9673D7DB-2526-471F-8787-D9B25234E5AF}" = lport=139 | protocol=6 | dir=in | app=system |
"{A06980E6-9A7A-4869-B196-2591ECEF7F23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A14E2E8B-6A05-42DB-A091-9DD85209F110}" = lport=137 | protocol=17 | dir=in | app=system |
"{A80B250D-E9B2-46C9-979C-7C65E785B6CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{B027B523-6B6F-4D07-8C5A-DBC251E51F73}" = rport=139 | protocol=6 | dir=out | app=system |
"{B085D8D7-16EC-4828-A08E-095B6F46D68C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA152B34-3319-4B2E-9FFC-9BAEF728D57B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF7FA855-6A0A-4BFA-A9D6-20BB8A025432}" = lport=138 | protocol=17 | dir=in | app=system |
"{D4F261B2-A045-4201-93B3-99CC9625C05B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ED826ABE-324B-446E-B32F-76D380349D59}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE85FF8D-1EFB-4D16-AA11-9831741BEE1A}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF02A59C-C5BB-413C-844B-8F7FBC67D6CC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C40635-EDCD-4868-88E6-61CA54E857E3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0BBC3AAA-36ED-41DC-B232-5E11F91E5245}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{128BCF33-877E-435B-9B9A-FBFC4A4352C4}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1686FB25-CA54-4D18-90AB-6A68F4547CD7}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{298A5AD7-C02D-4138-AED8-B3A66241F9E3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{2ABDAECF-10EF-407E-8B38-E02AD23E766C}" = protocol=6 | dir=out | app=system |
"{341D782C-7F59-4718-A980-7D0504F246B8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4679C200-ADC6-41E0-88BA-BB291E64043C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52C11027-4CFD-41BA-AA41-77DFA1294464}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5DC1DDCB-AA34-4EA7-8442-38F9A8E937CA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5EC9E39B-648A-4CD1-A098-A78D431047FF}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{6E9B6EE6-4067-4600-A51D-18146177113A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F12F7C5-95FF-4096-A05B-D370DD2EC7A9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{700A6643-7885-4E74-88D5-88B5C1240DDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7788297A-D578-4C8D-8F22-74143983F5F3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{77BCB343-1FF5-4407-B10F-8950206B3E2F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7802A45A-35BA-4EFD-A197-B89E83DA6726}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C3E8E7F-462D-4676-9BD8-CC3CF19E173E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{843CAF4D-E620-4D72-949B-5BC1127079C0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{87C66863-EAFA-4181-AC15-0D0E870300D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A5F5785-69E8-4707-945D-11352305F967}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{92EF1FF0-ED60-4320-98BC-AD09A097F28F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9EA2BA65-ED3B-4960-A6F0-3CF42E349BB1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{A9008680-B229-4A0D-98F2-5E89D9ADCF18}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AC8593C5-DC13-451A-9F4F-8A92FD56340A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B062E487-588A-420B-8026-238B81464EF3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B95C0997-445C-46A1-A012-2407391F292A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C065B9A3-1629-4E0D-BDCA-C3F63B17686E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C2E3BC6A-3ED4-4952-8125-D5170DA2B026}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{C9E97D36-B62A-437D-916C-A7F8E643DB30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D7F505B0-8638-40AA-8EA7-1345F4AAB35C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCEC8B02-7318-4652-81D3-42CB99D5A083}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E0B6ADF2-0946-47D5-A12C-E69C7B6A5182}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E167777B-6F16-479D-94DC-E3C3E80C9FCB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{F26082EE-2D5C-4AE0-B1A4-8F8ECDF1E7EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FBD50911-D8D8-445A-A50E-0B36875BC21C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE48EC41-FF2E-4E09-AD0A-9A7EB45B4BF9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE786579-42EE-4035-92DF-195FDF0D55C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{93E5AE91-A5BE-4D4B-B155-75CD09077A2C}C:\users\jürgen\appdata\roaming\zureuv\iflig.exe" = protocol=6 | dir=in | app=c:\users\jürgen\appdata\roaming\zureuv\iflig.exe |
"UDP Query User{512CDA58-7EC5-4536-A816-014ADC718F38}C:\users\jürgen\appdata\roaming\zureuv\iflig.exe" = protocol=17 | dir=in | app=c:\users\jürgen\appdata\roaming\zureuv\iflig.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}" = ATI Catalyst Install Manager
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{47FBE83E-4AE6-4E4C-A9AA-F5838E1FF925}" = GMX Toolbar MSVC100 CRT x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EBAE9144-AF3E-4AF5-B45F-64896D651E27}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03E830A5-822B-D6FB-3257-E1E6A188CF22}" = Catalyst Control Center Graphics Full Existing
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B30D22F-AB4F-9379-CDE1-3019D68D72B7}" = CCC Help Chinese Traditional
"{0E4AD541-61D5-0DF8-44C9-797C3EEBDE2C}" = CCC Help English
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17B5E42B-670F-BE6A-7CBE-B9DFF74D81DC}" = CCC Help Norwegian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D359627-1E53-8D9B-46A6-242B1D7A8B9D}" = CCC Help Turkish
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21C205CD-3770-9454-ECC1-88BB0E2AD807}" = Catalyst Control Center Localization All
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{244C6FE3-82BC-D9F0-91F9-D9909E926FCE}" = CCC Help Greek
"{25ebaadd-1c2a-4eb0-b203-1736e94d948f}" = Nero 9 Essentials
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E941CF-3D09-C540-07FF-81FDB66E8BC9}" = CCC Help Swedish
"{2BB67A89-56A3-4CEA-9D5B-B68F5C4D8682}" = Internet Explorer 8 GMX Edition
"{2C4A0A98-66EA-427A-46B4-FED4A141E4CE}" = Catalyst Control Center Graphics Full New
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{32F898BE-7D45-EBC2-29F3-B0B704CC8FBB}" = ccc-core-static
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{41ACCBEB-F6BD-B9DF-8CCE-32A70F14432B}" = Catalyst Control Center Graphics Previews Vista
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A5FF1B1-7C05-19F4-17D7-B1809CDFA0CD}" = CCC Help Polish
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.2
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D6873BC-73C0-487D-A4B4-BA78D9EF465C}" = Catalyst Control Center - Branding
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5AF27589-0FA3-4BB0-8609-8F0135B1D9F6}" = Firefox 3.6 GMX Edition
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{708FC368-197E-1AAB-8018-49AC1BA28B34}" = CCC Help Hungarian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75AE8014-1184-4BC0-B279-C879540719EE}" = PhotoMail Maker
"{764182F2-8B5E-5B6B-A439-02D06550F663}" = CCC Help Dutch
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87CE7117-D736-8108-AD6A-4F0D117E94B6}" = CCC Help Spanish
"{888934B4-09FC-4CB3-2AA4-87C2F5030C79}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C617D96-CDAA-9025-AAEA-659B477B4B7C}" = CCC Help Czech
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92E5F54C-888C-51E5-A388-7B360B174311}" = CCC Help Russian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{952D22C8-CA9F-65ED-B7C3-7CEDC08121E7}" = Catalyst Control Center Core Implementation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A018A4CE-0D6F-BEB5-EDC2-D9386B2BF1B3}" = Catalyst Control Center Graphics Light
"{A04C1E78-8EC0-7A07-FDA7-843920FE9D36}" = CCC Help Japanese
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A39878-C21D-D6D5-0F34-A01FF3E79B7F}" = CCC Help Korean
"{A7CD6CCE-C2BC-3B61-F0CC-A842F02FB6C0}" = CCC Help Italian
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3576D1B-5763-4E8C-43CE-1B6908D0B22D}" = CCC Help German
"{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B951569A-7EC8-CF90-74AF-53610BC15097}" = CCC Help Chinese Standard
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C68F1F36-9B04-2CC8-15A4-DC9606E760EB}" = CCC Help Danish
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E647D018-2209-C4B6-493F-ECB57E6620D1}" = CCC Help French
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EF2E00AB-F454-C823-0408-8F2098F2CDCB}" = CCC Help Portuguese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9EB0701-776E-BF9F-5B57-760A16422520}" = CCC Help Thai
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"conduitEngine" = Conduit Engine
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"Firefox 3.6 GMX Edition" = Firefox 3.6 GMX Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"IncrediMail" = IncrediMail 2.0
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"Intelli-studio" = SAMSUNG Intelli-studio
"Internet Explorer 8 GMX Edition" = Internet Explorer 8 GMX Edition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MSC" = McAfee AntiVirus Plus
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Netzmanager" = Netzmanager
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Systweak PhotoStudio 2.1
"PHPNukeEN Toolbar" = PHPNukeEN Toolbar
"Radio_Bar_1 Toolbar" = Radio_Bar_1 Toolbar
"RegClean Pro_is1" = RegClean Pro
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.07.2011 07:41:00 | Computer Name = Jürgen1941 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 08.07.2011 08:58:35 | Computer Name = Jürgen1941 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 09.07.2011 04:27:24 | Computer Name = Jürgen1941 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.07.2011 05:15:01 | Computer Name = Jürgen1941 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 14.07.2011 05:58:24 | Computer Name = Jürgen1941 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 15.07.2011 06:45:33 | Computer Name = Jürgen1941 | Source = Application Hang | ID = 1002
Description = Programm cdsupdclient.exe, Version 2.0.0.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 117c Startzeit:
01cc42dc3574f054 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe
Berichts-ID:
86e53f44-aecf-11e0-b094-001f16fd8349
Error - 15.07.2011 07:29:35 | Computer Name = Jürgen1941 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 16.07.2011 06:23:05 | Computer Name = Jürgen1941 | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 16.07.2011 18:10:54 | Computer Name = Jürgen1941 | Source = Application Hang | ID = 1002
Description = Programm IncMail.exe, Version 6.2.9.5006 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13d4 Startzeit:
01cc438dc32d728c Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
Berichts-ID:
71d0991e-aff8-11e0-8635-001f16fd8349
Error - 18.07.2011 06:57:24 | Computer Name = Jürgen1941 | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1268 Startzeit: 01cc44a92256e1c9 Endzeit: 117 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Berichts-ID:
[ Media Center Events ]
Error - 27.12.2010 08:25:34 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 13:25:34 - ClientUpdate konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 25.03.2011 08:01:13 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 13:01:13 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 25.03.2011 08:25:34 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 13:25:07 - Fehler beim Herstellen der Internetverbindung. 13:25:07
- Serververbindung konnte nicht hergestellt werden..
Error - 03.04.2011 05:06:59 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 11:06:52 - EpgListings konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 23.01.2012 15:30:51 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 20:30:45 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 06.02.2012 08:13:58 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 13:13:41 - Broadband konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 01.07.2012 06:09:10 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 12:09:10 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 01.07.2012 06:09:19 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 12:09:18 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
Error - 29.08.2012 08:12:14 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 14:12:14 - Fehler beim Herstellen der Internetverbindung. 14:12:14
- Serververbindung konnte nicht hergestellt werden..
Error - 29.08.2012 08:13:04 | Computer Name = Jürgen1941 | Source = MCUpdate | ID = 0
Description = 14:12:43 - Fehler beim Herstellen der Internetverbindung. 14:12:43
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 30.08.2012 15:20:42 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
Error - 30.08.2012 15:20:42 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 43038
Description = EDID contain an error in the RangeLimit field
Error - 30.08.2012 15:20:43 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 30.08.2012 15:20:43 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.08.2012 15:30:54 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.08.2012 15:31:08 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.08.2012 15:33:46 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 30.08.2012 15:33:46 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 30.08.2012 20:46:40 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 30.08.2012 20:46:40 | Computer Name = Jürgen1941 | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
|
|
04.09.2012, 07:10
| #10 |
| /// Helfer-Team | Ransom Trojaner ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
04.09.2012, 11:35
| #11 |
| | Ransom Trojaner Open Office 3.4.1 lies sich nicht sauber installieren. Nach Installation stützte Open Office immer ab. Nach deinstall und danach CCleaner. Neustart und Neuinstall klappt es auch mit Open Office. System scheint stabil. Denke wir haben es geschaft?!? Vielen Dank  |
|
05.09.2012, 06:53
| #12 | ||
| /// Helfer-Team | Ransom Trojaner ** Lass dein System in der nächste Zeit noch unter Beobachtung! wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes: 1. Im Firefox-> Erweiterungen kann gelöscht werden: GMX Firefox Addon 2. aus dem Autostart rausnehmen (Häckhen weg) starten nur bei Bedarf!: IncrediMail "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein -> OK -> Systemstart-> Häckhen weg bei... 3. Desktop aufräumen!: Dokumente, Log und Musikdateien etc: lagere bitte nie auf dein Desktop! Du hast Möglichkeit unter eigene Dateien (div. Ordner, wie Download, Musik, Bilder, Dokumente usw.) schön sortieren. Code:
ATTFilter auf Desktop sollten nur Verknüpfungen für häufig verwendete Programme liegen, um sie schneller starten zu können, das erspart den Programmaufruf
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
5. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
6. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
7. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 8. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
05.09.2012, 07:32
| #13 |
| | Ransom Trojaner Danke noch mal Hoffe das System ist nun clean. Werde die Ratschläge befolgen! Ihr seid SUPER! Gruß von der Nordsee |
|
| Themen zu Ransom Trojaner |
| administrator, anti-malware, appdata, appdatalow, autostart, bytes, conduit, dateien, erfolgreich, explorer, fehler, firefox addon, gelöscht, guten, internet browser, kaspersky, langs, locker, malware, malware bytes, microsoft, minute, mywinlocker, normaler modus, quarantäne, ransom trojaner, ransom.gen, regclean, regclean pro, registrierung, registrierungsdatenbank, rescue, rescue cd, roaming, service, speicher, startup, systweak, thomas, trojaner, version |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
