| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer von FBI Ransomware befallenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.11.2012, 21:56
| #1 |
| |  Computer von FBI Ransomware befallen Habe mir heute eine Ransomware eingefangen, eine vom FBI, die per Moneypak 200 Dollar fordert. Avira hat ihn erkannt und in Quarantäne gesteckt. Allerdings ist bei 1 von 3 Benutzern aufgepoppt, dieser ist jetzt gesperrt, die andern 2 funktionieren aber noch ohne Einschränkung. Möchte die Ransomware natürlich so schnell wie möglich loswerden und habe mich im Internet umgeschaut, habe allerdings nichts Hilfreiches dazu gefunden. Viele Programme scheinen mir sehr dubios und unsicher. Aus diesem Grund hätte ich gerne Euren Rat zu diesem Thema, möchte da nichts falsch machen. Habe natürlich OTL durchlaufen lassen (siehe unten). Würde mich über Hilfe sehr freuen.  OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/14/2012 9:22:13 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Verena\Documents Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.10% Memory free 4.21 Gb Paging File | 2.84 Gb Available in Paging File | 67.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.00 Gb Total Space | 53.60 Gb Free Space | 45.05% Space Free | Partition Type: NTFS Drive D: | 30.04 Gb Total Space | 20.61 Gb Free Space | 68.60% Space Free | Partition Type: FAT32 Computer Name: ****** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Verena\Documents\OTL.exe (OldTimer Tools) PRC - C:\Users\Verena\AppData\Local\Programs\Opera\opera.exe (Opera Software) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Users\Verena\Documents\phonostar-Player\phonostarTimer.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.) PRC - C:\Programme\MSN Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation) PRC - C:\Programme\Launch Manager\LaunchAp.exe () PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Users\Verena\Documents\phonostar-Player\phonostarTimer.exe () MOD - C:\Users\Verena\Documents\phonostar-Player\QtCore4.dll () MOD - C:\Users\Verena\Documents\phonostar-Player\plugins\sqldrivers\qsqlite4.dll () MOD - C:\Users\Verena\Documents\phonostar-Player\QtSql4.dll () MOD - C:\Users\Verena\Documents\phonostar-Player\QtGui4.dll () MOD - C:\Programme\ArcSoft\PhotoImpression 5\Share\PIHook.dll () MOD - C:\Windows\System32\igfxTMM.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll () MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll () MOD - C:\Programme\Launch Manager\WButton.exe () MOD - C:\Programme\Launch Manager\LaunchAp.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (Extensions Updates Service) -- C:\Programme\Extensions for Windows\Extensions\Updater\ExtensionsUpdatesService.exe (Extensoft) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (usnjsvc) -- C:\Programme\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mailKmd) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Generic) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\..\URLSearchHook: {192a6019-26d2-4611-aead-07cd7733b146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/414 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: {192a6019-26d2-4611-aead-07cd7733b146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - SOFTWARE\Classes\CLSID\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\InprocServer32 File not found IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\URLSearchHook: {ff19b72a-36ed-4066-8865-a580ae938cce} - No CLSID value found IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{5AE06BBB-38EA-460B-A226-733EBD56D6E9}: "URL" = https://www.xing.com/app/search/?op=universal&ref=os&universal={searchTerms} IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://www.searchqu.com//web?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.stardoll.com/ IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\SearchScopes,DefaultScope = {B0616C55-6A9F-4945-932A-6190BB21A21F} IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\SearchScopes\{B0616C55-6A9F-4945-932A-6190BB21A21F}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7MEDA_de IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 129.241.88.65:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/414" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 FF - prefs.js..extensions.enabledItems: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.3.1.00 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/25 20:13:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/12 13:44:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.2\extensions\\Components: C:\Program Files\Flock\components [2009/09/03 15:41:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2012/09/24 20:45:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/31 16:04:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/24 20:45:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/12 13:44:06 | 000,000,000 | ---D | M] [2011/09/01 15:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Extensions [2010/02/01 13:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011/11/24 19:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions [2011/01/05 15:03:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/09/01 15:17:25 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2010/07/05 14:52:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/03/08 18:53:05 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\Firefox\Profiles\qxrfus66.default\extensions\gutscheinmieze@synatix-gmbh.de [2011/07/16 20:30:58 | 000,000,961 | ---- | M] () -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\firefox\profiles\qxrfus66.default\searchplugins\icqplugin.xml [2011/09/01 15:16:52 | 000,002,503 | ---- | M] () -- C:\Users\Ursula Gnas\AppData\Roaming\mozilla\firefox\profiles\qxrfus66.default\searchplugins\SearchResults.xml [2012/02/03 18:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/03/23 17:49:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010/11/05 16:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2012/02/03 18:55:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2008/10/20 18:40:32 | 000,000,000 | ---D | M] (Mozilla Firefox distributed by RealNetworks) -- C:\Programme\Mozilla Firefox\extensions\realplayer@partners.mozilla.com [2009/01/17 12:21:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2010/11/05 16:37:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/09/01 15:17:54 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012/01/25 20:13:43 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/01/25 11:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010/01/20 21:00:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/01/20 21:00:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/03/08 18:53:06 | 000,000,140 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Google.src [2010/01/20 21:00:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/09/01 15:16:52 | 000,002,503 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2010/01/20 21:00:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/01/20 21:00:55 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Stardoll Toolbar) - {192a6019-26d2-4611-aead-07cd7733b146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeoh.dll File not found O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Stardoll Toolbar) - {192a6019-26d2-4611-aead-07cd7733b146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files\Veoh_Web_Player\prxtbVeoh.dll File not found O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\Toolbar\WebBrowser: (Stardoll Toolbar) - {192A6019-26D2-4611-AEAD-07CD7733B146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeoh.dll File not found O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - Gutscheinmieze\toolbar.dll File not found O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\Toolbar\WebBrowser: (Stardoll Toolbar) - {192A6019-26D2-4611-AEAD-07CD7733B146} - C:\Programme\Stardoll\prxtbStar.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Program Files\Veoh_Web_Player\prxtbVeoh.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003..\Run: [Naugzue] "C:\Users\Ursula Gnas\AppData\Roaming\Anad\xati.exe" File not found O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" File not found O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe" File not found O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\Run: [phonostarTimer] C:\Users\Verena\Documents\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6.6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C)" -"hxxp://www.neopets.com/games/dgs/play_shockwave.phtml?va=&game_id=356&nc_referer=&age=1&hiscore=208&sp=0&questionSet=&r=3298294&&width=480&height=460&quality=high" File not found O4 - Startup: C:\Users\Bernhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) O4 - Startup: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O4 - Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Programme\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation) O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Ursula Gnas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} hxxp://ferrets4you.viewnetcam.com/JpegInst.cab (pmjpegaudio Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1222615440 (Image Uploader Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCD213F1-878A-492A-B886-CEF093D5CD23}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/03 23:11:06 | 000,000,000 | ---D | C] -- C:\Users\Ursula Gnas\Documents\RL Magazin [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/14 21:27:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/14 21:17:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/14 21:17:42 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Ursula Gnas.job [2012/11/14 21:03:07 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/14 20:34:58 | 000,638,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/11/14 20:34:58 | 000,130,918 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/11/14 20:34:58 | 000,108,010 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/14 20:34:58 | 000,004,892 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/14 20:30:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/14 20:30:27 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/14 20:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/14 20:30:09 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys [2012/11/14 12:52:05 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Ursula Gnas.job [2012/11/10 13:28:38 | 000,197,375 | ---- | M] () -- C:\Windows\hpwins27.dat [2012/11/08 15:45:59 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Ursula Gnas.job [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/16 14:44:03 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Ursula Gnas.job [2012/10/16 14:44:02 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Ursula Gnas.job [2012/10/16 14:44:01 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Ursula Gnas.job [2012/07/07 22:34:01 | 002,043,854 | ---- | C] () -- C:\Users\Ursula Gnas\ALMASED_Planfigur_Fasten.pdf [2012/06/08 11:06:24 | 000,820,340 | ---- | C] () -- C:\Users\Ursula Gnas\Prinzessinenbenimmabzeichen.pdf [2012/06/08 11:00:53 | 003,343,241 | ---- | C] () -- C:\Users\Ursula Gnas\Prinzessinen Akademie.pdf [2012/05/12 13:24:02 | 000,197,375 | ---- | C] () -- C:\Windows\hpwins27.dat [2012/04/29 19:47:19 | 000,364,403 | ---- | C] () -- C:\Users\Ursula Gnas\Karte Lauterbach.mht [2012/04/29 19:45:01 | 000,603,285 | ---- | C] () -- C:\Users\Ursula Gnas\Extratour_Lauterbach.pdf [2012/04/17 20:24:06 | 000,031,325 | ---- | C] () -- C:\Users\Ursula Gnas\Anmeldung_Auftrag DP11645686 - Kunde_Gnas, UrsulaBerlin.eml [2011/08/04 20:13:25 | 000,073,163 | ---- | C] () -- C:\Users\Ursula Gnas\Haushaltsplan.pdf [2011/05/24 06:57:46 | 000,087,074 | ---- | C] () -- C:\Users\Ursula Gnas\Marburg - Stadtplan Sehenswr.._1.pdf [2011/05/06 20:07:43 | 000,279,986 | ---- | C] () -- C:\Users\Ursula Gnas\991136764.pdf [2011/04/29 19:51:17 | 000,499,697 | ---- | C] () -- C:\Users\Ursula Gnas\Prospekt_Wanderweg.pdf [2011/04/29 12:37:48 | 001,643,688 | ---- | C] () -- C:\Users\Ursula Gnas\1188300022_wandern.pdf [2011/03/04 22:01:32 | 001,521,450 | ---- | C] () -- C:\Users\Ursula Gnas\Traumeel.mht [2010/11/25 10:53:35 | 000,044,285 | ---- | C] () -- C:\Users\Ursula Gnas\TKS-9c Kontaktdaten.pdf [2010/10/16 18:51:22 | 000,342,925 | ---- | C] () -- C:\Users\Ursula Gnas\Biologika bei pA.pdf [2010/07/31 21:32:14 | 000,439,940 | ---- | C] () -- C:\Users\Ursula Gnas\BewegungArthritis.pdf [2010/03/11 12:29:02 | 000,255,448 | ---- | C] () -- C:\Users\Ursula Gnas\Praxisverlegung pt Journal.pdf [2010/03/11 12:16:19 | 000,032,724 | ---- | C] () -- C:\Users\Ursula Gnas\Verlegung des Vertragsarztsitz.pdf [2010/01/24 17:49:19 | 000,001,182 | ---- | C] () -- C:\Users\Ursula Gnas\aristoteles.htm [2010/01/24 17:49:05 | 000,013,521 | ---- | C] () -- C:\Users\Ursula Gnas\abel2.jpeg [2010/01/07 20:26:47 | 000,861,282 | ---- | C] () -- C:\Users\Ursula Gnas\Nachbesetzung Psychologe von Arzt.pdf [2009/12/29 20:10:27 | 000,039,123 | ---- | C] () -- C:\Users\Ursula Gnas\Aktuell EI.jpg [2009/12/25 10:10:50 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini [2009/12/06 20:41:35 | 000,118,023 | ---- | C] () -- C:\Users\Ursula Gnas\Ausschneiden.jpg [2009/09/10 20:29:33 | 000,093,978 | ---- | C] () -- C:\Users\Ursula Gnas\04-109 PA und EI.rtf [2009/09/03 19:58:11 | 000,165,949 | ---- | C] () -- C:\Users\Ursula Gnas\Burnout.pdf [2009/09/02 10:49:27 | 001,091,825 | ---- | C] () -- C:\Users\Ursula Gnas\Sucht-am-Arbeitsplatz.pdf [2009/09/02 10:24:45 | 000,034,425 | ---- | C] () -- C:\Users\Ursula Gnas\Sucht Rost.mht [2009/09/02 08:53:25 | 000,188,064 | ---- | C] () -- C:\Users\Ursula Gnas\Lohmer_Kap.9.pdf [2009/09/02 08:48:44 | 000,660,532 | ---- | C] () -- C:\Users\Ursula Gnas\organisationsberatung Lernen im Team.pdf [2009/09/02 08:47:46 | 000,185,960 | ---- | C] () -- C:\Users\Ursula Gnas\Das ubw in Organisationen.pdf [2009/09/02 08:33:55 | 000,100,884 | ---- | C] () -- C:\Users\Ursula Gnas\Lehrgang_LCO_WPAk__2010_11.pdf [2009/09/02 08:12:45 | 000,129,339 | ---- | C] () -- C:\Users\Ursula Gnas\Flyer-Leitungscoaching-2009.pdf [2009/09/02 07:25:56 | 000,051,526 | ---- | C] () -- C:\Users\Ursula Gnas\stress_vermeiden[1].pdf [2009/09/02 07:24:46 | 000,300,123 | ---- | C] () -- C:\Users\Ursula Gnas\3_89749_372_1_i[1] Stressm Inh..pdf [2009/09/02 07:17:29 | 000,229,267 | ---- | C] () -- C:\Users\Ursula Gnas\3_89749_354_3_i[1] Zeit Inhv..pdf [2009/09/02 07:15:11 | 000,070,305 | ---- | C] () -- C:\Users\Ursula Gnas\978_3_89749_647_7_k[1] Selbstman.pdf [2009/09/02 07:08:55 | 000,126,055 | ---- | C] () -- C:\Users\Ursula Gnas\3_89749_354_3_k[1] Zeitm.pdf [2009/07/05 14:30:57 | 000,004,904 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr [2007/11/03 18:23:04 | 000,020,992 | ---- | C] () -- C:\Users\Ursula Gnas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/09/08 12:52:31 | 000,000,680 | RHS- | C] () -- C:\Users\Ursula Gnas\ntuser.pol [2007/09/06 18:42:17 | 000,005,224 | ---- | C] () -- C:\Users\Ursula Gnas\AppData\Roaming\wklnhst.dat [2007/09/05 16:11:28 | 000,000,099 | ---- | C] () -- C:\Users\Ursula Gnas\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2007/11/04 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\.pknowledge [2012/11/14 20:51:42 | 000,000,000 | -HSD | M] -- C:\Users\Bernhard\AppData\Roaming\159485 [2007/09/15 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\BullGuard [2011/10/09 16:42:54 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Canon [2007/11/04 15:41:38 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\DataDesign [2012/11/14 20:50:46 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Eniz [2009/03/09 18:59:26 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\ICQ [2011/04/17 09:26:28 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\InterVideo [2008/08/25 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\NewSoft [2012/11/14 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Ogemqa [2012/03/08 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\OpenOffice.org [2011/05/12 19:48:06 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Opera [2012/11/14 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Owuf [2008/06/24 16:48:57 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Sonavis [2007/11/04 15:58:13 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Template [2007/09/08 12:57:04 | 000,000,000 | ---D | M] -- C:\Users\Bernhard\AppData\Roaming\Ulead Systems [2012/06/27 16:10:20 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\.minecraft [2007/12/16 17:59:49 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\.pknowledge [2012/09/26 10:48:05 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Anad [2010/01/08 13:50:33 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Artisteer [2011/08/24 12:36:18 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Canon [2009/05/15 18:30:45 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\CoSoSys [2011/09/01 15:28:12 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\DVDVideoSoft [2011/04/20 15:38:09 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\DVDVideoSoftIEHelpers [2011/09/01 15:17:11 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\FreeVideoConverter [2012/09/22 21:33:42 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Fuis [2011/03/08 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Gutscheinmieze [2012/09/22 21:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Hany [2009/03/23 17:54:59 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\ICQ [2010/01/26 17:26:01 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\IN-MEDIAKG [2012/11/14 20:56:59 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\LimeWire [2007/09/10 13:41:05 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\MAGIX [2009/05/22 19:46:08 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\NewSoft [2010/11/05 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\OpenOffice.org [2011/05/20 20:10:47 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Opera [2008/08/25 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\ScanSoft [2011/03/11 15:17:43 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\ShinyTales [2008/10/22 18:40:33 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Sonavis [2011/01/28 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\SumatraPDF [2007/09/06 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Template [2007/09/05 16:11:52 | 000,000,000 | ---D | M] -- C:\Users\Ursula Gnas\AppData\Roaming\Ulead Systems [2012/08/09 14:26:28 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\.minecraft [2007/11/28 16:51:04 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\.pknowledge [2010/09/03 17:25:49 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ASCON Installer [2007/09/13 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\BullGuard [2008/11/30 11:50:09 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Canon [2009/07/22 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\com.boomerang.virtualpet.VirtualPuppy.9FF3ACFC898E08433FEA147D91B7D0C65CBC0149.1 [2012/10/09 17:09:33 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\CoSoSys [2011/03/26 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\de.closeup.fotowerkstatt.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2009/09/16 15:31:59 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Desktopicon [2012/11/14 21:19:09 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Dropbox [2011/09/01 16:17:13 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\DVDVideoSoft [2009/09/03 16:08:51 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Flock [2012/06/08 13:50:23 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\FreeVideoConverter [2010/08/29 13:59:33 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\gtk-2.0 [2008/10/17 09:29:27 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\ICQ [2008/05/02 14:49:44 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\InterVideo [2011/09/30 13:25:14 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\OpenOffice.org [2011/04/07 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Opera [2010/02/12 12:17:16 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\phonostar GmbH [2007/11/07 15:36:48 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Sonavis [2007/09/24 17:09:44 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Template [2007/09/08 12:58:28 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Ulead Systems [2010/02/21 15:38:37 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\VMedia [2008/11/29 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 949 bytes -> C:\Users\Ursula Gnas\Anmeldung_Auftrag DP11645686 - Kunde_Gnas, UrsulaBerlin.eml:OECustomProperty @Alternate Data Stream - 936 bytes -> C:\Users\Ursula Gnas\Documents\Re_ Überweisung und Vorschlag bzgl_ weiterem Vorgehen.eml:OECustomProperty @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6FD3C973 < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11/14/2012 9:22:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Verena\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.99 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 35.10% Memory free
4.21 Gb Paging File | 2.84 Gb Available in Paging File | 67.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.00 Gb Total Space | 53.60 Gb Free Space | 45.05% Space Free | Partition Type: NTFS
Drive D: | 30.04 Gb Total Space | 20.61 Gb Free Space | 68.60% Space Free | Partition Type: FAT32
Computer Name: URSULAGNAS-PC | User Name: Ursula Gnas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Users\Verena\AppData\Local\Programs\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B404A06-B587-441B-8508-574197EE5664}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B5140AF-9441-44D4-9BB7-17A2834E8641}" = lport=445 | protocol=6 | dir=in | app=system |
"{43EF6138-AD6E-44B4-80A0-06A8B56A1E94}" = rport=137 | protocol=17 | dir=out | app=system |
"{48445252-CEFB-44DD-A8F3-1B309830FAD6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4E6BF190-640D-4BF4-9626-0504AD6F60B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FBB3CF8-7B9D-499E-8E15-7CDE0DF18B8B}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{71A20DCA-BF23-4822-86E7-0C54D914A04F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DA37AA9-C677-403D-8F69-0686704FE5EE}" = rport=445 | protocol=6 | dir=out | app=system |
"{93DA0FC7-B2D8-4C99-9AF1-49B07E1618EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0CD124C-0DFD-4CC3-80FC-361392C8AB96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AF1172AF-59AA-4611-B521-2B8E5219113D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B7BF7815-6F48-4A6A-9166-27B772895CD4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8381C8A-70FD-4A7D-B069-52DD3514A87E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C0DC0D92-42A1-4E07-A635-6BCA8F03913D}" = rport=139 | protocol=6 | dir=out | app=system |
"{C6633CDE-3669-4250-AF1D-23730B025600}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{DFFC37CF-DC71-4304-B698-2ADE24891997}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E00D995A-EE1F-4ED5-BB02-0B4D974F1E1E}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0C85710-603A-4908-A983-1B9039837A2E}" = lport=137 | protocol=17 | dir=in | app=system |
"{F96A3BF6-B297-40BC-9F32-8965FEA1E8C8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03082FF1-2E27-4CF6-8ABA-837F151757C1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{051E6A70-6126-4C9A-9816-703F0F700716}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{05A11FC7-5CA4-4E6C-9C87-1BAD3B4E6291}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{0C88D5C7-D0F2-4DA2-9138-F23B3903FD85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E22AD1C-9DFD-4D05-A1B7-1A13D0B09F6C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{1238CD5D-D507-4072-AF12-D16EA22EC589}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{16A82BA1-9A49-48C1-AE21-EBAD7E336A94}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{173049DD-BB4A-4461-96F6-86543770D65F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{1747FACC-F786-4B86-90B8-DD68DF47A8E0}" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe |
"{189CC824-B11A-4014-936D-1D3A602BE0A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{19F9BCD8-248B-4B8C-A64B-5ED45C1D64D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{1C06827B-0B4E-4521-8809-77C8259009AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{1F09F116-AC2C-4ECD-9777-79763B72BB06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{25D9EF95-DC57-4532-B904-6CE7D6DBFAD5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2657836C-2472-4F51-8CE9-E1427AA79788}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{36B76DA6-35AA-479A-9C88-4392F01313B7}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{36B8CDC8-A74E-4030-ACEB-A1983E252845}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{3AE2FBD3-AF37-464B-918C-F437F2C8EC07}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{41718033-6D52-4893-9F2C-1005DDF9F60B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{42A9789A-32DD-49D8-AB58-56F97299CECE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4368AA7B-D442-4036-B45D-CD59BE3AA5F1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{44CE3DAE-D928-41D1-8DEF-957B3B0B6B4D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A5DAA8B-4681-4594-9E74-B7D6586DD783}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5B30D2B9-3AA6-4091-8B69-DDD2FAA1C800}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5DDBF92A-8B37-4D44-B8E2-571CEAE2D345}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5F5AF7D2-487F-4AE4-A106-A504DAE00320}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{67C8B715-C451-458D-8F93-77CFEFFD4F6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{6B04FD92-7DAB-4CFD-B43A-1E49168A3922}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{7600E43F-6320-41B0-98E5-8303D3D2C48E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{82585F82-ADD5-4EB5-B33A-2D3E6B7277FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{83131CC3-1563-4E39-BA8C-86501DA3AE21}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{86810B14-6669-41A0-87CA-EC259EE41EC8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A353834D-A986-43EF-BE4D-277A1C5E31B9}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{A9318A6B-978F-4CF6-A252-754336B52578}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{B252BC31-9605-41E4-A9DE-B74CFF671C9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B4C4F9DB-2428-42C7-BE74-E993489B51AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{B5082DCF-FB59-457F-97A2-D63F8AE8DFAF}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{B88BF8F2-6463-43A7-AD75-F5ACF81CFD60}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{BCAC798E-9B72-4F51-BD45-A73B9DA1EFE8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCC5B7FE-0747-462E-9E14-5C1868E83E89}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{BD625F33-9D4B-49A6-85F9-752E706BC27A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{BDDD5A65-8E58-43B2-84DB-42AE14E218FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{BF771245-A1AC-47A8-B1A1-079645A2E58F}" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe |
"{C36E771D-8C7C-45CE-9EEF-39E354E2FF45}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D4C216C5-CA96-458D-945E-9FE738555719}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{D60339EE-01B1-45F2-9EBD-3F656CDA0D93}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{D8C62779-D560-4F92-83F8-0DF5A8B88DBD}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{E6BC0548-4175-44AF-8B9C-93379DFD465A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E86029FF-386B-42F6-B0C2-BEBEE0D1C97A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EBA3DB16-4CD8-4F78-BCA0-C3CACE637356}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EFBD8F08-A315-45ED-863D-1D0EFC2A23A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F74998ED-9FF9-4D8C-BC13-BD666FE67CB3}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{FB62E809-13ED-4E21-AC1A-065F1378B861}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FC6720A9-BDCD-4A5D-B868-DC237B5075E0}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{FC6BEDC5-A23E-40C8-8750-D8515AD9A2E8}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{09D732FC-B93A-4707-BA01-151E14A64F0A}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{0D33D9F8-370D-4FAF-AEB3-54C94A3428A3}C:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"TCP Query User{505364F9-A1D4-475A-B787-11E57C6C0E53}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5F2A51C2-E8B7-4F9C-B2E2-238E7E55A6A2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{62894636-093A-448F-9D99-A3939B8D6788}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{641B56D9-9348-403B-84DF-AD6124F98988}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{91DB75D5-DAED-4DE8-82F6-1CF9F8391E0F}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{954938C9-02F2-40A6-9FC0-86EC6A2260EC}C:\users\verena\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\local\programs\opera\opera.exe |
"TCP Query User{9F17D443-D8D9-431A-B10B-9BFECD8B8DAD}C:\users\verena\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\local\programs\opera\opera.exe |
"TCP Query User{A09D9804-34EA-4E3D-939A-A224114D404A}C:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=6 | dir=in | app=c:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"TCP Query User{A7066F63-68D3-47EC-A5EE-15F6F8D0559D}C:\program files\freeciv-2.0.9-gtk2\civclient.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civclient.exe |
"TCP Query User{B1012B3A-C2DC-4256-873C-04EFDED6C452}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{EC4FF5EB-BE8D-489C-AB05-B540DA434F76}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F0DA33E7-CB31-40FC-A942-6D5158B99FA4}C:\program files\freeciv-2.0.9-gtk2\civserver.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civserver.exe |
"TCP Query User{F2B290C7-80C1-40D4-B3CB-19A452287FCB}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{FF796FC5-13CE-4C39-A9DD-EF81925620D5}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{13848698-1968-41D7-A81A-6716496CE547}C:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"UDP Query User{39515BBE-FECD-4C63-92A4-B5A3616A0674}C:\users\verena\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\local\programs\opera\opera.exe |
"UDP Query User{3C4BBF75-4BA1-448B-87FC-1FD9D5EF99B7}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{50EA9608-D576-4684-9A11-BC5452056684}C:\program files\freeciv-2.0.9-gtk2\civserver.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civserver.exe |
"UDP Query User{5C9D1028-91BC-4E1F-B1E5-BAFAAA264798}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{6B7EC544-765F-4087-92BA-F037AE1AED81}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{727E6E51-2F5C-46DA-BF9A-0AD21F91F40A}C:\users\verena\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\local\programs\opera\opera.exe |
"UDP Query User{824434B5-35D8-4B8E-9600-C3F15BAA1B2E}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{9254165B-0921-4B32-8767-20E0BE0D4936}C:\program files\freeciv-2.0.9-gtk2\civclient.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civclient.exe |
"UDP Query User{94E153D8-7FD2-4065-93D8-AF8DE2080856}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{98CC1495-5B1D-4D8A-A3DD-968D2D826005}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{A452D340-D29F-4DBD-AF23-BCEC7CC32C55}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{A6A3DA05-DC5E-4CB2-87A6-F557AAA2E02D}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{C53B193B-0D7E-40E6-A950-61E8D58B9539}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{DE608265-B36C-47A4-9FC8-DCF7D0222E31}C:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe" = protocol=17 | dir=in | app=c:\users\ursula gnas\appdata\local\temp\cprogram filesopera\operaupgrader.exe |
"UDP Query User{EF0A1420-EC62-4E87-9667-3B2F900D7CE7}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{0E5C4DE6-101B-11D6-986D-00500443CF9F}" = Sven Bømwøllen DL
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series" = Canon MX300 series
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}" = Scrapbook Flair
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{36C3A0DA-07E0-4173-A406-D9308C1CBDAB}" = ArcSoft VideoImpression 2
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D24A762-F5A2-41C1-9F0A-300B4D8D5A2B}" = Mathe Klasse 8-10
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3E8C2BA2-F4CA-4A1D-A690-6B9A411DAF8B}" = ArcSoft PhotoImpression 5
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{552C83B7-0013-42EA-B285-1997D129DD53}" = SA31xx Device Manager & Media Converter
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{5BDD4025-01EB-4698-9238-9F783C26CFAE}" = ORGA 900 (CD 05.2009)
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F69001-4D35-4BEA-A074-26DA04EA0CDA}" = MegaCam
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9845F2F-455C-4E76-9599-159AE471DB59}_is1" = Subvein Mutant Factions v0.71
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C07AC662-A823-B19B-72A4-606096DCE07A}" = CloseUp-Fotowerkstatt
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE470016-1C64-11D5-982A-0050DA602C65}" = Löwenzahn 5
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord 3.4.0.466 (D)
"ALDI Foto Service Nord D" = ALDI Foto Service Nord 1.10.0.61 (D)
"ALDI Fotobuch Druck Service_is1" = ALDI Fotobuch Druck Service
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"Artisteer 2" = Artisteer 2
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"Canon MX300 series Benutzerregistrierung" = Canon MX300 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"de.closeup.fotowerkstatt.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = CloseUp-Fotowerkstatt
"Debut" = Debut Video Capture Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Epikur 3" = Epikur 3
"Extensions for Windows" = Extensions for Windows
"eyrie_screensaver" = eyrie_screensaver
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Flock (2.5.2)" = Flock (2.5.2)
"FotoWorks XL_is1" = FotoWorks XL
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.0.602
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Realms Installer" = Free Realms Installer
"Free Video Converter_is1" = Free Video Converter V 3.0
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.21.602
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.815
"Free YouTube Download_is1" = Free YouTube Download version 3.0.14.908
"Freeciv-2.0.9-gtk2" = Freeciv 2.0.9 (GTK+ client)
"GM(S) - Toolbar" = GM(S) - Toolbar
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"HyperCam 2" = HyperCam 2
"iLivid" = iLivid
"ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"LetsTrade" = LetsTrade Komponenten
"LimeWire" = LimeWire 5.4.6
"LoeweLex" = Löwenzahn Lexikon
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Neopets - Blossom" = Neopets - Blossom Screen Saver
"Neopets - Gnomes raid the Pant Devil" = Neopets - Gnomes raid the Pant Devil Screen Saver
"NSSSetup.{D16D8A48-65A4-4B19-8A02-DC9A40FB80C4}" = Norton Security Scan (Symantec Corporation)
"OpenAL" = OpenAL
"Opera 11.60.1185" = Opera 11.60
"Opera 12.10.1652" = Opera 12.10
"Picasa 3" = Picasa 3
"Plants vs. Zombies" = Plants vs. Zombies
"Prism" = Prism Video Converter
"PsychoDat Einzelversion Demo" = PsychoDat Einzelversion Demo
"Psycom" = Psycom
"RealPlayer 12.0" = RealPlayer
"Searchqu 0 MediaBar" = Windows Searchqu Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"Skype_is1" = eBay.de - Skype 3.0
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Stardoll Toolbar" = Stardoll Toolbar
"SumatraPDF" = SumatraPDF
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.6
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"HappyCloud" = Happy Cloud Client
"LOTROde" = Der Herr der Ringe Online
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Opera 12.10.1652" = Opera 12.10
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.3
"PhotoStage" = PhotoStage Slideshow Producer
"Prism" = Prism Video File Converter
"Sweet Home 3D" = Sweet Home 3D
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/9/2012 3:42:48 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 11/9/2012 3:42:48 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 11/9/2012 3:42:48 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 11/9/2012 3:42:48 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 11/9/2012 3:42:50 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 11/9/2012 3:42:50 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 11/9/2012 3:42:50 PM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 11/10/2012 8:24:36 AM | Computer Name = UrsulaGnas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqgpc01.exe, Version 130.0.14.16, Zeitstempel
0x49dd90d9, fehlerhaftes Modul hpqgpc01.exe, Version 130.0.14.16, Zeitstempel 0x49dd90d9,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a267, Prozess-ID 0x1688, Anwendungsstartzeit
01cdbf3e04c150e0.
Error - 11/10/2012 8:32:52 AM | Computer Name = UrsulaGnas-PC | Source = Windows Search Service | ID = 3024
Description =
Error - 11/13/2012 12:26:09 PM | Computer Name = UrsulaGnas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hpqgpc01.exe, Version 130.0.14.16, Zeitstempel
0x49dd90d9, fehlerhaftes Modul hpqgpc01.exe, Version 130.0.14.16, Zeitstempel 0x49dd90d9,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000a267, Prozess-ID 0x1660, Anwendungsstartzeit
01cdc1bb37230720.
[ OSession Events ]
Error - 12/22/2007 1:16:06 PM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 224
seconds with 180 seconds of active time. This session ended with a crash.
Error - 9/29/2010 3:32:52 PM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8268
seconds with 4620 seconds of active time. This session ended with a crash.
Error - 2/10/2011 11:56:34 AM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115
seconds with 0 seconds of active time. This session ended with a crash.
Error - 1/12/2012 5:05:13 AM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1549
seconds with 1440 seconds of active time. This session ended with a crash.
Error - 4/15/2012 4:27:29 AM | Computer Name = UrsulaGnas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 11/13/2012 12:21:56 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/13/2012 2:45:43 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 6:50:24 AM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 12:59:26 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 1:16:39 PM | Computer Name = UrsulaGnas-PC | Source = DCOM | ID = 10010
Description =
Error - 11/14/2012 1:20:33 PM | Computer Name = UrsulaGnas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.11.2012 um 18:18:50 unerwartet heruntergefahren.
Error - 11/14/2012 1:22:03 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 2:26:34 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 3:30:57 PM | Computer Name = UrsulaGnas-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11/14/2012 3:50:02 PM | Computer Name = UrsulaGnas-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
15.11.2012, 00:30
| #2 |
| /// Helfer-Team  | Computer von FBI Ransomware befallen Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 129.241.88.65:80
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2422886476-3853793481-2147584669-1003..\Run: [Naugzue] "C:\Users\Ursula Gnas\AppData\Roaming\Anad\xati.exe" File not found
@Alternate Data Stream - 949 bytes -> C:\Users\Ursula Gnas\Anmeldung_Auftrag DP11645686 - Kunde_Gnas, UrsulaBerlin.eml:OECustomProperty
@Alternate Data Stream - 936 bytes -> C:\Users\Ursula Gnas\Documents\Re_ Überweisung und Vorschlag bzgl_ weiterem Vorgehen.eml:OECustomProperty
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:6FD3C973
[2012/11/14 20:51:42 | 000,000,000 | -HSD | M] -- C:\Users\Bernhard\AppData\Roaming\159485
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\*****\*.tmp
C:\Users\*****\AppData\Local\{*}
C:\Users\*****\AppData\Local\Temp\*.exe
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
|
15.11.2012, 21:04
| #3 |
| | Computer von FBI Ransomware befallen Vielen Dank, für die schnelle Hilfe.
__________________ Habe alle Schritte durchgeführt, hat ohne Probleme geklappt. Soweit ich das erkennen kann scheint der Trojaner entfernt zu sein. Der betroffene Benutzer lässt sich wieder ohne Einschränkungen verwenden. Hier noch die Logfiles der einzelnen Schritte.Aus Schritt 1: Logfile von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-2422886476-3853793481-2147584669-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2422886476-3853793481-2147584669-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Naugzue deleted successfully.
Unable to delete ADS C:\Users\Ursula Gnas\Anmeldung_Auftrag DP11645686 - Kunde_Gnas, UrsulaBerlin.eml:OECustomProperty .
ADS C:\Users\Ursula Gnas\Documents\Re_ Überweisung und Vorschlag bzgl_ weiterem Vorgehen.eml:OECustomProperty deleted successfully.
ADS C:\ProgramData\Temp:6FD3C973 deleted successfully.
C:\Users\Bernhard\AppData\Roaming\159485 folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\TEMP folder moved successfully.
File\Folder C:\Users\Bernhard\*.tmp not found.
C:\Users\Bernhard\AppData\Local\{ACC50D5B-03AF-4784-B1C4-A29605A796A7} moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\00012a88.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\000992ec.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\000efc67.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\000f2d75.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\000f5502.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\000f7500.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\0012b7ca.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\00130618.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\tmp1f9fb75d.exe moved successfully.
C:\Users\Bernhard\AppData\Local\Temp\tmpf856c024.exe moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Bernhard\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Ursula Gnas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Verena\Desktop\cmd.bat deleted successfully.
C:\Users\Verena\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bernhard
->Temp folder emptied: 37656458 bytes
->Temporary Internet Files folder emptied: 76793202 bytes
->FireFox cache emptied: 51959666 bytes
->Opera cache emptied: 5675887 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Ursula Gnas
->Temp folder emptied: 222716801 bytes
->Temporary Internet Files folder emptied: 201155689 bytes
->Java cache emptied: 6511356 bytes
->FireFox cache emptied: 34729585 bytes
->Opera cache emptied: 99728217 bytes
->Flash cache emptied: 70810 bytes
User: Verena
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 73222949 bytes
->Java cache emptied: 2020740 bytes
->FireFox cache emptied: 63810093 bytes
->Opera cache emptied: 54673026 bytes
->Flash cache emptied: 2896848 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 307522574 bytes
RecycleBin emptied: 1059537976 bytes
Total Files Cleaned = 2,194.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11152012_164430
Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.15.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Ursula Gnas :: URSULAGNAS-PC [Administrator] 15.11.2012 17:16:49 mbam-log-2012-11-15 (17-16-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 449718 Laufzeit: 2 Stunde(n), 38 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 19 C:\Program Files\VDownloader\VDownloader.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\HappyCloud\Application\hcwebwindow.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bernhard\Local Settings\Temp\msasviik.scr (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bernhard\Local Settings\Temp\msayua.exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bernhard\Local Settings\Temp\msbamyl.com (Backdoor.Agent.RS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Bernhard\Local Settings\Temp\mswksa.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Verena\AppData\Local\Programs\Opera\SoftonicDownloader_fuer_osmos.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Verena\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\11152012_164430\C_Users\Bernhard\AppData\Local\Temp\00012a88.exe (Backdoor.Agent.RS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\11152012_164430\C_Users\Bernhard\AppData\Local\Temp\000992ec.exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\11152012_164430\C_Users\Bernhard\AppData\Local\Temp\000efc67.exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\11152012_164430\C_Users\Bernhard\AppData\Local\Temp\000f2d75.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\11152012_164430\C_Users\Bernhard\AppData\Local\Temp\000f5502.exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\11152012_164430\C_Users\Bernhard\AppData\Local\Temp\00130618.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\11152012_164430\C_Users\Bernhard\AppData\Local\Temp\tmp1f9fb75d.exe (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\11152012_164430\C_Users\Bernhard\AppData\Roaming\159485\159485.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Verena\AppData\Roaming\avdrn.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\sysReserve.ini (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Logfile von AdwCleaner[R1]: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 15/11/2012 um 20:07:31 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Ursula Gnas - URSULAGNAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Verena\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gefunden : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\searchplugins\SearchResults.xml
Datei Gefunden : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\6xk6z9op.default\searchplugins\icqplugin.xml
Ordner Gefunden : C:\Program Files\Common Files\Plasmoo
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Ilivid
Ordner Gefunden : C:\Program Files\Stardoll
Ordner Gefunden : C:\Program Files\Windows Searchqu Toolbar
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Ordner Gefunden : C:\ProgramData\Trymedia
Ordner Gefunden : C:\Users\Bernhard\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Bernhard\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Bernhard\AppData\LocalLow\searchquband
Ordner Gefunden : C:\Users\Bernhard\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Bernhard\AppData\LocalLow\Stardoll
Ordner Gefunden : C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\paniajst.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gefunden : C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\paniajst.default\Searchqutoolbar
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\LocalLow\searchquband
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\LocalLow\Stardoll
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\LocalLow\Veoh_Web_Player
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gefunden : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\Searchqutoolbar
Ordner Gefunden : C:\Users\Verena\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Verena\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Verena\AppData\LocalLow\searchquband
Ordner Gefunden : C:\Users\Verena\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Verena\AppData\LocalLow\Stardoll
Ordner Gefunden : C:\Users\Verena\AppData\LocalLow\Veoh_Web_Player
Ordner Gefunden : C:\Users\Verena\AppData\Roaming\Desktopicon
Ordner Gefunden : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\6xk6z9op.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gefunden : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\6xk6z9op.default\Searchqutoolbar
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Stardoll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{192A6019-26D2-4611-AEAD-07CD7733B146}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192A6019-26D2-4611-AEAD-07CD7733B146}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63267E32-A9AA-475C-9308-E65E044CA142}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{192A6019-26D2-4611-AEAD-07CD7733B146}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{63267E32-A9AA-475C-9308-E65E044CA142}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2474641
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2836015
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\ilivid
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054E2ACE-D6FB-4C88-9A77-AD31177CF04B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20AFC78E-BCC6-412E-BCF6-23ADF5CA32B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C26DD60-EF6B-43B5-8FEF-5D7ED4B53111}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AAAB438-371B-430B-BAAF-DD67D9F5A4A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192A6019-26D2-4611-AEAD-07CD7733B146}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63267E32-A9AA-475C-9308-E65E044CA142}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 0 MediaBar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardoll Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\Software\Stardoll
Schlüssel Gefunden : HKLM\Software\Veoh_Web_Player
Schlüssel Gefunden : HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gefunden : HKU\S-1-5-21-2422886476-3853793481-2147584669-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{192A6019-26D2-4611-AEAD-07CD7733B146}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{192A6019-26D2-4611-AEAD-07CD7733B146}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{192A6019-26D2-4611-AEAD-07CD7733B146}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{192A6019-26D2-4611-AEAD-07CD7733B146}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/414
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v3.5.7 (de)
Profilname : default
Datei : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\prefs.js
Gefunden : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/414");
Gefunden : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
Profilname : default
Datei : C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\paniajst.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\6xk6z9op.default\prefs.js
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
-\\ Opera v12.10.1652.0
Datei : C:\Users\Ursula Gnas\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Bernhard\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Verena\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [12516 octets] - [15/11/2012 20:07:31]
########## EOF - C:\AdwCleaner[R1].txt - [12577 octets] ##########
Logfile von AdwCleaner[S1]: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 15/11/2012 um 20:11:34 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Ursula Gnas - URSULAGNAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Verena\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\6xk6z9op.default\searchplugins\icqplugin.xml
Gelöscht mit Neustart : C:\Program Files\Windows Searchqu Toolbar
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Ilivid
Ordner Gelöscht : C:\Program Files\Stardoll
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Bernhard\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Bernhard\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Bernhard\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Bernhard\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Bernhard\AppData\LocalLow\Stardoll
Ordner Gelöscht : C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\paniajst.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gelöscht : C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\paniajst.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\LocalLow\Stardoll
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\LocalLow\Veoh_Web_Player
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gelöscht : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Verena\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Verena\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Verena\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Verena\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Verena\AppData\LocalLow\Stardoll
Ordner Gelöscht : C:\Users\Verena\AppData\LocalLow\Veoh_Web_Player
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\Desktopicon
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\6xk6z9op.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Ordner Gelöscht : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\6xk6z9op.default\Searchqutoolbar
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Stardoll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{192A6019-26D2-4611-AEAD-07CD7733B146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192A6019-26D2-4611-AEAD-07CD7733B146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{63267E32-A9AA-475C-9308-E65E044CA142}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{192A6019-26D2-4611-AEAD-07CD7733B146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{63267E32-A9AA-475C-9308-E65E044CA142}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2474641
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2836015
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054E2ACE-D6FB-4C88-9A77-AD31177CF04B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20AFC78E-BCC6-412E-BCF6-23ADF5CA32B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C26DD60-EF6B-43B5-8FEF-5D7ED4B53111}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AAAB438-371B-430B-BAAF-DD67D9F5A4A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{192A6019-26D2-4611-AEAD-07CD7733B146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63267E32-A9AA-475C-9308-E65E044CA142}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 0 MediaBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Stardoll Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\Stardoll
Schlüssel Gelöscht : HKLM\Software\Veoh_Web_Player
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{192A6019-26D2-4611-AEAD-07CD7733B146}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{192A6019-26D2-4611-AEAD-07CD7733B146}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{192A6019-26D2-4611-AEAD-07CD7733B146}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{192A6019-26D2-4611-AEAD-07CD7733B146}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/414 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v3.5.7 (de)
Profilname : default
Datei : C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\prefs.js
C:\Users\Ursula Gnas\AppData\Roaming\Mozilla\Firefox\Profiles\qxrfus66.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/414");
Gelöscht : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
Profilname : default
Datei : C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\paniajst.default\prefs.js
C:\Users\Bernhard\AppData\Roaming\Mozilla\Firefox\Profiles\paniajst.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\6xk6z9op.default\prefs.js
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
-\\ Opera v12.10.1652.0
Datei : C:\Users\Ursula Gnas\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Bernhard\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Verena\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [12647 octets] - [15/11/2012 20:07:31]
AdwCleaner[S1].txt - [12378 octets] - [15/11/2012 20:11:34]
########## EOF - C:\AdwCleaner[S1].txt - [12439 octets] ##########
|
|
15.11.2012, 21:31
| #4 |
| /// Helfer-Team | Computer von FBI Ransomware befallen Scan mit Malwarebytes' Anti-Rootkit Download: Download - Malwarebytes Anti-Rootkit BETA Anleitung: http://www.trojaner-board.de/126981-...tml#post956070 |
|
16.11.2012, 17:13
| #5 |
| | Computer von FBI Ransomware befallen Habe den Scan durchgeführt. Code:
ATTFilter Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org
Database version: v2012.11.16.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ursula Gnas :: URSULAGNAS-PC [administrator]
16.11.2012 16:45:10
mbar-log-2012-11-16 (16-45-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 28758
Time elapsed: 40 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
C:\$RECYCLE.BIN\S-1-5-21-2422886476-3853793481-2147584669-1004\$ffa0c07045ca02c8fa878ebd0f79cb8c\U (Trojan.Siredef.C) -> Delete on reboot. [8e63585f8cd147efc8dc05fbb64aba46]
C:\$RECYCLE.BIN\S-1-5-21-2422886476-3853793481-2147584669-1004\$ffa0c07045ca02c8fa878ebd0f79cb8c\L (Trojan.Siredef.C) -> Delete on reboot. [17da34832f2e06305b4bca36ff0134cc]
C:\$RECYCLE.BIN\S-1-5-21-2422886476-3853793481-2147584669-1004\$ffa0c07045ca02c8fa878ebd0f79cb8c (Trojan.Siredef.C) -> Delete on reboot. [4ea39d1a421b3df93a6d31cf837da858]
Files Detected: 1
C:\$RECYCLE.BIN\S-1-5-21-2422886476-3853793481-2147584669-1004\$ffa0c07045ca02c8fa878ebd0f79cb8c\@ (Trojan.Siredef.C) -> Delete on reboot. [d8199126a3ba3402eeb331cfe51bf40c]
(end)
|
|
16.11.2012, 20:31
| #6 |
| /// Helfer-Team | Computer von FBI Ransomware befallen Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________ --> Computer von FBI Ransomware befallen |
|
17.11.2012, 12:33
| #7 |
| | Computer von FBI Ransomware befallen Combofix funktioniert leider nicht. Habe alles genau nach Anweisunf gemacht, aber nach dem Suchlauf kommt in der blaue Eingabeaufforderung die Meldung: "Failed to get data for "EnableLUA". Versuche, einen neuen Systemwiederherstellungspunkt zu erstellen." Obwohl ich alle Antiviren- und Antispy-Programme nach der Anweisung ausgeschaltet habe. Auch habe ich den Computer dann mal Neu gestartet, danach kam aber genau das gleiche. Woran kann das liegen? |
|
17.11.2012, 16:41
| #8 |
| /// Helfer-Team | Computer von FBI Ransomware befallen Windows Repair Tool (AIO)
dann nochmal versuchen |
|
19.11.2012, 14:53
| #9 |
| | Computer von FBI Ransomware befallen Habe es gemacht. Immmer noch das gleiche Problem.  |
|
19.11.2012, 16:00
| #10 |
| /// Helfer-Team | Computer von FBI Ransomware befallen Rechner neustarten, Combofix loeschen und neu runterladen. |
|
23.11.2012, 17:02
| #11 |
| | Computer von FBI Ransomware befallen Weiß nicht mehr weiter. Habe das jetzt schon X-Mal gmeacht. Es funktioniert aber einfach nicht wird immer das gleiche angezeigt. =/ |
|
24.11.2012, 06:53
| #12 |
| /// Helfer-Team | Computer von FBI Ransomware befallen Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
|
|
19.01.2013, 16:37
| #13 |
| /// Helfer-Team | Computer von FBI Ransomware befallen Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Computer von FBI Ransomware befallen |
| 32 bit, adware.adon, antivir, auftrag, backdoor.agent.rs, bandoo, bonjour, canon, desktop, dubios, ebay.de, hotkey.sys, install.exe, internet, kunde, launch, limewire, lösegeld-trojaner, malware.trace, moneypak, office 2007, officejet, plug-in, pup.loadtubes, pup.offerbundler.st, ransomware, realtek, rootkit.0access, security, sketchup, software, spyware.zeus, super, svchost.exe, symantec, trojan.downloader, trojan.fakealert, trojan.ransom, trojan.siredef.c, vista, wrapper |
Linear-Darstellung
