| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Habe den Trojaner newsecureapp70700 und werde ihn nicht los!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.01.2011, 19:01
| #1 |
 |  Habe den Trojaner newsecureapp70700 und werde ihn nicht los! Habe schon etliche Tools (Prevx, Malwarebytes Anti-Malware [Logdatei s.u.]) probiert, werde das Ding aber nicht los! Auch das manuelle Löschen aus der Registry war nicht hilfreich, er taucht immer wieder auf. Wer kann mir helfen? Logdatei Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5541 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 20.01.2011 18:39:25 mbam-log-2011-01-20 (18-39-25).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 176652 Laufzeit: 9 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Trojan.FakeAlert) -> Value: newsecureapp70700.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von StefHei (20.01.2011 um 19:09 Uhr) |
|
20.01.2011, 19:25
| #2 |
| /// Malware-holic   | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! Systemscan mit OTL
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
20.01.2011, 20:07
| #3 |
| | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! Erst einmal danke, dass Du Dich meines Problems annimmst ;-)
__________________Hier die Reports. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.01.2011 19:31:42 - Run 1 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Stefan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,60 Gb Total Space | 207,42 Gb Free Space | 46,55% Space Free | Partition Type: NTFS Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32 Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Stefan\AppData\Local\Temp\is-GTO5U.tmp\is-7J435.tmp () PRC - C:\Users\Stefan\Desktop\registryfix.exe (Registry Fix ) PRC - C:\Program Files\Prevx\prevx.exe (Prevx) PRC - C:\Users\Stefan\Desktop\HiJackThis204.exe (Trend Micro Inc.) PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) PRC - C:\Program Files\RegistryFix8\RegFix8.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe (Google) PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools) MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) ========== Win32 Services (SafeList) ========== SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx) SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (pxscan) -- C:\Windows\System32\drivers\pxscan.sys (Prevx) DRV - (pxkbf) -- C:\Windows\System32\drivers\pxkbf.sys (Prevx) DRV - (pxrts) -- C:\Windows\System32\drivers\pxrts.sys (Prevx) DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools) DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools) DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010.12.21 23:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14729 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\Windows\System32\PxSecure.dll (Prevx) O3 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [newsecureapp70700.exe] File not found O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [Pnptree] File not found O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [wcrasxemno.exe] File not found O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\RunOnce: [Shockwave Updater] File not found O4 - Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1 O7 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\Shell\AutoRun\command - "" = K:\PhotoViewerAP_V207.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.VSPX - C:\Windows\System32\vspxvfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.20 19:27:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2011.01.20 19:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryFix8 [2011.01.20 19:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryFix8 [2011.01.20 19:23:14 | 001,227,704 | ---- | C] (Registry Fix ) -- C:\Users\Stefan\Desktop\registryfix.exe [2011.01.20 18:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prevx 3.0 [2011.01.20 18:04:13 | 000,071,880 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll [2011.01.20 18:04:13 | 000,032,008 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys [2011.01.20 18:04:08 | 000,026,096 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys [2011.01.20 18:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx [2011.01.20 18:03:16 | 000,076,696 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys [2011.01.20 18:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI [2011.01.20 18:01:56 | 000,945,272 | ---- | C] (Prevx) -- C:\Users\Stefan\Desktop\prevxcsifree.exe [2011.01.20 10:44:56 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\backups [2011.01.20 10:40:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Stefan\Desktop\HiJackThis204.exe [2011.01.18 00:47:04 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2011.01.18 00:47:03 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2011.01.18 00:46:48 | 000,249,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2011.01.18 00:46:46 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2011.01.18 00:46:24 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2011.01.18 00:46:22 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2011.01.18 00:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security [2011.01.18 00:41:58 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2011.01.18 00:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2011.01.18 00:30:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\PC Tools [2011.01.18 00:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security [2011.01.18 00:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.01.17 20:55:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Simply Super Software [2011.01.17 20:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011.01.17 20:55:08 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011.01.17 20:54:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Simply Super Software [2011.01.17 20:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011.01.17 20:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011.01.17 20:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6 [2011.01.17 20:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6 [2011.01.17 19:44:40 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2011.01.17 19:44:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.17 19:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.17 19:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.17 19:44:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.17 19:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.01.15 17:08:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Codecd3d [2011.01.12 23:36:33 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.01.12 21:50:43 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.12 21:50:34 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.01.10 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Nero-Tools [2011.01.10 21:17:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\MS Office [2011.01.10 21:16:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\DESIGN222 [2011.01.10 21:15:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Antivir, Backup & Co [2011.01.10 21:07:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Spiele [2011.01.10 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Musik & Tools [2011.01.10 21:07:01 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Video & Tools [2011.01.10 21:06:21 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\Bilder, Fotos & Tools [2011.01.10 21:03:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Corel User Files [2011.01.10 21:03:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Corel [2011.01.10 20:58:23 | 000,000,000 | ---D | C] -- C:\Windows\Corel [2011.01.10 20:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 11 [2011.01.10 20:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel [2011.01.10 20:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Corel [2011.01.10 20:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\CorelDRAW Graphics Suite 11 [2010.12.24 10:56:04 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TECUNIONLINE [2010.12.24 10:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TECUNIONLINE [2010.12.24 10:56:02 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_wininet.dll [2010.12.24 10:56:01 | 001,392,671 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_msvbvm60.dll [2010.12.24 10:56:01 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_oleaut32.dll [2010.12.24 10:56:01 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_riched20.dll [2010.12.24 10:56:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_MSCTF.dll [2010.12.24 10:56:01 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_odbcint.dll [2010.12.24 10:56:01 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_olepro32.dll [2010.12.24 10:56:01 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_lpk.dll [2010.12.24 10:56:01 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_stdole2.tlb [2010.12.24 10:56:00 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_comres.dll [2010.12.24 10:56:00 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_clbcatq.dll [2010.12.24 10:56:00 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_asycfilt.dll [2010.12.24 10:56:00 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XY_COMCAT.DLL [2010.12.24 10:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\TECUNIONLINE [2010.12.24 10:55:29 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSHFLXGD.OCX [2010.12.24 10:55:29 | 000,260,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDATGRD.OCX [2010.12.24 10:55:29 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx [2010.12.24 10:55:29 | 000,244,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX [2010.12.24 10:55:29 | 000,232,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDATLST.OCX [2010.12.24 10:55:29 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX [2010.12.24 10:55:29 | 000,151,552 | ---- | C] (c&d) -- C:\Windows\System32\vistacmd.ocx [2010.12.24 10:55:29 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6CHS.DLL [2010.12.24 10:55:29 | 000,049,152 | ---- | C] (c&d) -- C:\Windows\System32\XpProgBar.ocx [2010.12.24 10:55:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTCHS.DLL [2010.12.24 10:55:28 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2010.12.24 10:55:28 | 000,500,736 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2010.12.24 10:55:28 | 000,344,064 | ---- | C] ( os) -- C:\Windows\System32\dhCairo.dll [2010.12.24 10:55:28 | 000,200,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBLIST32.OCX [2010.12.24 10:55:28 | 000,147,456 | ---- | C] (随想软件工作室 Capricciososoft) -- C:\Windows\System32\Command.ocx [2010.12.24 10:55:28 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCCHS.DLL [2010.12.24 10:55:28 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMM32.OCX [2010.12.24 10:55:28 | 000,086,016 | ---- | C] (科特软件 CurtSoft) -- C:\Windows\System32\curtmenu.ocx [2010.12.24 10:55:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msado25.tlb [2010.12.24 10:55:28 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSBIND.DLL [2010.12.24 10:55:28 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBADAPT.DLL [2010.12.24 10:55:28 | 000,033,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FM20CHS.DLL [2010.12.24 10:55:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CMDLGCHS.DLL [2010.12.24 10:55:28 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DATGDCHS.DLL [1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.20 19:33:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4ED02BB-6474-4E24-A026-945E4269827B}.job [2011.01.20 19:29:36 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1A6F84B1-0012-4753-9273-FBF0FB673E98}.job [2011.01.20 19:27:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2011.01.20 19:24:12 | 000,000,729 | ---- | M] () -- C:\Users\Stefan\Desktop\RegistryFix8.lnk [2011.01.20 19:23:25 | 001,227,704 | ---- | M] (Registry Fix ) -- C:\Users\Stefan\Desktop\registryfix.exe [2011.01.20 19:21:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.20 18:50:28 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.20 18:50:28 | 000,603,536 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.20 18:50:28 | 000,104,912 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.20 18:50:27 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.20 18:44:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.20 18:43:53 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.20 18:43:53 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.20 18:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.20 18:40:58 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.20 18:20:17 | 000,025,038 | ---- | M] () -- C:\Users\Stefan\Desktop\AKD-7369707233.pdf [2011.01.20 18:04:13 | 000,071,880 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll [2011.01.20 18:04:13 | 000,032,008 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys [2011.01.20 18:04:08 | 000,026,096 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys [2011.01.20 18:03:54 | 000,000,051 | ---- | M] () -- C:\Windows\wininit.ini [2011.01.20 18:03:16 | 000,076,696 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys [2011.01.20 18:02:00 | 000,945,272 | ---- | M] (Prevx) -- C:\Users\Stefan\Desktop\prevxcsifree.exe [2011.01.20 17:48:57 | 000,000,724 | ---- | M] () -- C:\Users\Stefan\Desktop\regedt32.exe - Verknüpfung.lnk [2011.01.20 10:40:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Stefan\Desktop\HiJackThis204.exe [2011.01.18 00:48:10 | 002,260,412 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.01.18 00:45:58 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.01.18 00:15:25 | 000,513,032 | ---- | M] () -- C:\Users\Stefan\Desktop\sdasetup[1].exe [2011.01.17 23:26:51 | 000,564,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.01.17 20:55:29 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.01.17 20:44:31 | 000,000,772 | ---- | M] () -- C:\Users\Stefan\Desktop\Trojancheck.lnk [2011.01.17 19:44:25 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.16 12:43:24 | 000,000,040 | ---- | M] () -- C:\Windows\System32\bad_packet [2011.01.16 01:26:52 | 000,064,000 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.13 22:52:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Packard Bell Data Secure for Stefan.job [2011.01.10 21:02:41 | 000,002,579 | ---- | M] () -- C:\Users\Stefan\Desktop\CorelDRAW 11.lnk [2011.01.06 22:41:29 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.06 22:21:34 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.02 19:00:35 | 000,000,299 | ---- | M] () -- C:\Windows\System32\query.raw [2010.12.28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2010.12.24 10:56:04 | 000,000,801 | ---- | M] () -- C:\Users\Stefan\Desktop\TECUNIONLINE Fernbedienung programmieren.lnk [2010.12.21 23:26:09 | 000,427,674 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.20 19:24:12 | 000,000,729 | ---- | C] () -- C:\Users\Stefan\Desktop\RegistryFix8.lnk [2011.01.20 18:20:16 | 000,025,038 | ---- | C] () -- C:\Users\Stefan\Desktop\AKD-7369707233.pdf [2011.01.20 18:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini [2011.01.20 17:48:57 | 000,000,724 | ---- | C] () -- C:\Users\Stefan\Desktop\regedt32.exe - Verknüpfung.lnk [2011.01.18 00:47:34 | 002,260,412 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.01.18 00:45:58 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk [2011.01.18 00:15:40 | 000,513,032 | ---- | C] () -- C:\Users\Stefan\Desktop\sdasetup[1].exe [2011.01.17 20:55:29 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011.01.17 20:55:10 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011.01.17 20:55:09 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011.01.17 20:55:08 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011.01.17 20:55:08 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011.01.17 20:44:31 | 000,000,772 | ---- | C] () -- C:\Users\Stefan\Desktop\Trojancheck.lnk [2011.01.17 19:44:25 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.10 21:02:11 | 000,002,579 | ---- | C] () -- C:\Users\Stefan\Desktop\CorelDRAW 11.lnk [2010.12.24 10:56:04 | 000,000,801 | ---- | C] () -- C:\Users\Stefan\Desktop\TECUNIONLINE Fernbedienung programmieren.lnk [2010.12.24 10:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2010.12.24 10:55:29 | 000,068,608 | ---- | C] () -- C:\Windows\System32\MSDATLST.oca [2010.12.24 10:55:29 | 000,064,512 | ---- | C] () -- C:\Windows\System32\MSDATGRD.oca [2010.12.24 10:55:29 | 000,002,516 | ---- | C] () -- C:\Windows\System32\MSDATGRD.DEP [2010.12.24 10:55:29 | 000,002,496 | ---- | C] () -- C:\Windows\System32\MSDATLST.DEP [2010.12.24 10:55:29 | 000,000,111 | ---- | C] () -- C:\Windows\System32\MSDATGRD.SRG [2010.12.24 10:55:28 | 000,068,096 | ---- | C] () -- C:\Windows\System32\DBLIST32.oca [2010.12.24 10:55:28 | 000,028,160 | ---- | C] () -- C:\Windows\System32\command.oca [2010.12.24 10:55:28 | 000,002,496 | ---- | C] () -- C:\Windows\System32\DBLIST32.DEP [2010.11.26 20:58:42 | 000,000,065 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\AcroIEHelpe.txt [2010.09.29 22:29:14 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat [2010.09.27 20:44:34 | 000,006,138 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin [2010.08.22 15:45:41 | 000,139,152 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PnkBstrK.sys [2010.08.22 15:45:41 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.11.09 21:26:45 | 000,038,425 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2009.07.01 14:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.02.22 14:54:02 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.24 19:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.12.13 01:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Default.PLS [2008.07.12 17:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat [2008.05.27 18:12:09 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini [2008.04.02 15:00:56 | 000,000,557 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\TheLastRipper.xml [2008.03.19 17:41:12 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll [2008.03.15 19:55:36 | 000,064,000 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.02 23:05:12 | 000,000,480 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.02.22 20:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.22 13:44:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat [2008.01.16 14:05:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.01.16 14:05:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.01.14 13:02:18 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI [2008.01.14 10:59:00 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2007.12.12 16:49:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.04.24 12:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.10.20 23:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll [2005.09.01 15:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll [2003.04.24 22:15:32 | 000,772,608 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2003.04.24 22:15:32 | 000,287,232 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2003.04.24 22:15:32 | 000,079,872 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2003.04.24 21:29:24 | 000,147,456 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll ========== LOP Check ========== [2008.09.07 16:42:50 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Canon [2008.09.03 20:33:59 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\fotobuch.de AG [2010.11.21 11:45:37 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Juniper Networks [2009.05.03 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Amazon [2008.07.06 10:31:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer [2010.09.27 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Buhl Data Service GmbH [2008.04.13 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canon [2010.11.26 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cock [2011.01.20 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Codecd3d [2008.02.25 22:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CoSoSys [2009.01.13 13:23:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crystal Player [2008.09.03 16:51:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fotobuch.de AG [2009.04.25 09:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Monitor for Google [2010.11.21 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Juniper Networks [2010.01.09 22:16:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LimeWire [2008.04.16 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NewSoft [2010.03.15 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Pegasys Inc [2008.04.13 19:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ScanSoft [2011.01.17 20:54:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Simply Super Software [2008.12.31 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skinux [2010.10.03 21:33:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SMSout [2008.08.06 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sonavis [2010.07.31 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer [2008.07.12 17:18:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template [2008.09.17 20:13:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TVcentral-Core [2010.11.26 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\UAs [2010.11.26 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\xmldm [2011.01.13 22:52:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\Packard Bell Data Secure for Stefan.job [2011.01.20 18:41:57 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.20 19:29:36 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1A6F84B1-0012-4753-9273-FBF0FB673E98}.job [2011.01.20 19:33:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E4ED02BB-6474-4E24-A026-945E4269827B}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.27 20:31:36 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe [2009.05.03 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Amazon [2009.01.01 19:56:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ArcSoft [2008.07.06 10:31:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer [2010.09.27 20:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Buhl Data Service GmbH [2008.04.13 19:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canon [2010.11.26 20:58:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cock [2011.01.20 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Codecd3d [2011.01.10 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Corel [2008.02.25 22:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CoSoSys [2009.01.13 13:23:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crystal Player [2008.12.13 01:15:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CyberLink [2008.09.03 16:51:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fotobuch.de AG [2009.04.25 09:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Monitor for Google [2008.04.04 22:51:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Google [2008.02.29 22:25:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Help [2008.02.22 13:43:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities [2009.01.05 18:26:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\InstallShield [2010.11.21 17:58:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Juniper Networks [2010.01.09 22:16:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LimeWire [2008.02.29 22:19:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia [2011.01.17 19:44:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs [2010.09.27 21:19:40 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft [2008.02.22 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nero [2008.04.16 14:02:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NewSoft [2011.01.18 00:30:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PC Tools [2010.03.15 20:02:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Pegasys Inc [2008.03.01 00:35:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Real [2008.04.13 19:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ScanSoft [2011.01.17 20:54:46 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Simply Super Software [2008.12.31 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skinux [2010.10.03 21:33:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SMSout [2008.08.06 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sonavis [2010.07.31 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer [2008.07.12 17:18:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template [2008.09.17 20:13:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TVcentral-Core [2010.11.26 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\UAs [2010.11.26 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\xmldm < %APPDATA%\*.exe /s > [2007.05.10 09:29:40 | 000,057,344 | ---- | M] (SBS) -- C:\Users\Stefan\AppData\Roaming\ASCON Installer\ASUNINST.EXE [2010.10.28 03:21:50 | 000,247,928 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\64bitProxy.exe [2010.06.08 08:32:32 | 000,300,400 | ---- | M] (Juniper Networks") -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe [2010.06.08 08:32:34 | 000,234,864 | ---- | M] (Juniper Networks) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe [2010.06.08 08:32:34 | 000,157,040 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe [2010.06.08 08:32:44 | 000,056,072 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe [2010.06.03 00:46:12 | 000,132,464 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe [2010.06.03 00:46:12 | 000,497,008 | ---- | M] (Juniper Networks) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe [2010.06.03 00:45:36 | 000,330,088 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe [2010.06.03 00:44:10 | 000,218,232 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe [2010.06.03 00:46:18 | 000,050,840 | ---- | M] (Juniper Networks) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe [2010.02.15 17:46:36 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe [2008.02.08 11:10:10 | 000,004,608 | ---- | M] (Curio Laboratories) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\SendTo\RemoveOnReboot.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.09.10 12:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.02.22 20:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.22 20:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.22 20:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.22 20:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.12.03 14:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.12.03 14:58:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.14 22:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.11.14 22:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.01.20 18:04:08 | 000,026,096 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\Windows\System32\drivers\pxkbf.sys [2011.01.20 18:03:16 | 000,076,696 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\Windows\System32\drivers\pxrts.sys [2011.01.20 18:04:13 | 000,032,008 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\Windows\System32\drivers\pxscan.sys < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.04.11 07:28:21 | 000,179,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msnetobj.dll [2008.01.19 08:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.01.2011 19:31:42 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 207,42 Gb Free Space | 46,55% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0201F59C-2A42-4168-B6B3-0742E5C310B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F6033E4-9018-4FFD-9DE0-AB3C2B32C051}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F7A2B43-39B1-4595-9BD3-E9DF6500598B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{22E5DAEB-6EF8-4768-9FE9-02A3C9CF0BD0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3093077A-A4DA-446A-B8A6-56926CE9987D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{327B40F8-3A96-41DD-98EF-975A84E152E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32DA4576-3502-4566-A3F7-20C9D8BE930C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5A22D451-B80E-444F-BD57-CF3659A1AD5E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{64DD3AA3-6C78-468F-8C19-062A97787F6D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6C7ABAEA-94EC-4F40-A78E-F2E7FF53D3EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6D4368A2-515B-4932-B719-1184C7752B63}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6F30EEAC-6DBD-40E4-9596-39696C3F6C39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{715CA0D4-A98F-401B-AC78-89ECBDB349D3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{74DA62FC-0629-4CA1-8A0F-3292C621547D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76021415-672B-4BCA-B811-AC4BD3D956FB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D9972D8-4A7D-4060-9BCD-BAB3A90EAEE9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7F51410D-E049-4FCF-99EE-85CF9E5E2E70}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8446FBC6-5150-4991-93EC-2EC0AD81ED96}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{87E96F97-35F1-41E9-B390-7949D1AADBEA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8A2810D4-2EE8-4E4C-8BD0-FE761B7D7D28}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{90119939-426B-49D7-97BC-0DAC63F39D81}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BAAAAAD3-4046-4A38-8385-980E90373444}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{BB9E1E4F-7151-4AD5-96D3-CE7D7A61C19B}" = lport=8371 | protocol=17 | dir=in | name=gnab udp port |
"{D6AFC82A-5CD7-45D8-84CF-0931CA258CD3}" = lport=8371 | protocol=6 | dir=in | name=gnab tcp port |
"{DD8C93B5-C428-4F8F-927B-D47E4C143769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE171572-4743-471A-8A63-D11154E857C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FDF91233-0723-477B-BD79-CBF101054E7E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D254ED-9826-4CF1-ACD8-D1732D481C7A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08488E07-A207-42AB-8C3C-6234D4396596}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{11320A4E-C369-4050-9037-652326A3953B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15AD1714-57F8-45D4-BB36-38FB0005CA13}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{180BC910-87AD-4BE4-9CF0-4CD1A942FE0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1C37DE41-E3BF-427A-9BE5-6ECA3FAE25FB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1D5A908B-8BFA-4831-A11F-3D1430B9C6D7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2825FD05-8E9E-4F6B-991E-5CFEEA5F841E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E46EB3C-480D-4D0E-AF80-572C3B12DE95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EC05C3B-AF24-4E33-BFFE-7081C60BF964}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2FFBBAFD-24F9-491A-9C9B-5C53047559C5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{36AB7289-69E8-4406-9ACB-D849CBC89157}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{395C9D7B-C4AC-454E-A9C9-A27ED810A8B6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CDFB4C1-B800-4D04-B0AE-36EFC87CB051}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D8EA1C3-8B1D-4F13-B5E2-ED0336057A24}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F95A07C-1F03-4610-A52B-9F5856D9DFC8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4130BA16-172C-4907-9EAD-6444ECE778FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41CB5248-31AC-40D4-B543-E959845B6369}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4223D670-0C76-493C-97FC-48EDAD66CD39}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{436C73AB-F50A-42DC-909C-357E7BACD274}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A6A6F1F-946A-475C-92C2-04682888C7A9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B126F9E-065A-470F-9C57-52CB0D311214}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4BE09AE3-8CEA-4D5A-83F6-9B259977B5A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4C920248-1C27-42F6-A992-8940750818D0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4EDAAC79-8CE8-4EDC-89B4-5A453A79A54C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5296BD95-B0C9-41C8-892E-4EBDD6228956}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55769CE4-6FD5-4D49-AA8A-2F6497F362AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C5052BE-0641-45BA-8A07-DE3C09806241}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5FE68731-57D6-4BBE-A189-4CDD3DEB8EA4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{637E056F-BB80-44AA-83D0-18D13BC5D005}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67A8F066-FB41-46FD-8223-8ED9F00514F4}" = protocol=6 | dir=in | app=c:\program files\medion\medionbox\program\gcs.exe |
"{6A7CB09F-4801-48DC-BAFA-6BD594F30F17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6F3ECAFA-4177-48A7-94A8-6B6DAE4F9A2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7011A1BC-C5F3-4374-81B3-81493CD9B1C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{705A9499-0508-4DB6-A0DA-B07CB757CB71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{712F08D0-B161-4F7E-B97A-01B05C400584}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7329836A-FF09-48A1-85E6-9FCE61342786}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74DC73B1-AEAB-46BE-AF7B-9676ADA91C79}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{79B7172D-5A63-4FD2-A06D-789F731AABD2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7BE8CB32-F8AF-44F9-9EB4-CA3F3D28B706}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C352E82-A9AE-4161-A086-6A7FDB17CB58}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8A7CBBDB-F778-4169-9CF9-06BE3DB69BB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8AAAE017-0EEE-4EFE-BEE9-AD38B6809B3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F8628ED-03FB-459A-9828-7FAF30B5029F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8FEA870F-A015-41D5-B12C-B48681121F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90CFDA12-EC19-4C9C-93BD-4D5F0DF0B93C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{91279B02-AC12-4F1E-9045-79C9BDED63A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9170DEBD-144B-42BF-92FB-5492B0B97876}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{92DAADF2-E286-41EA-AD09-4CE91022D5AF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{977C7884-AED8-430E-9144-1338B53EBDAC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9B0936E0-523C-4AB4-982B-4BB8AC559731}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B620083-EE58-436A-8FF6-F57F8CAA5722}" = protocol=17 | dir=in | app=c:\program files\medion\medionbox\program\gcs.exe |
"{9CC6AE99-3770-4BD5-ABE1-8B0C4E4DCB8A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A1CC2240-AEF8-4204-B042-CD1095CC280D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A25973C6-12CF-4C19-AF17-86BDFB75B5B8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A76CDABD-2FB8-43DE-80E2-B8BD9FC372FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8109008-5F0E-46FF-9DAC-D1CBCEFC9376}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC3A0640-F4C2-4B7E-B8B4-413A71852736}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B1747447-BF0E-422B-B6B7-E4A8E68AF401}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2853FF3-0A8E-43D7-8CC4-3219CF3221C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B40D92F6-73DA-4845-BCCB-426269BC6EEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B628B371-F445-49D8-B181-97125F42E99E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BAB63DAB-B2DE-4371-AE2E-135634F56F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C2E53F8F-64CD-49C6-8D66-3CDF0F739606}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C3A4033A-3F0F-419C-ACE5-BEC637D3D1DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C58D1DCD-EE4E-4840-8553-81311D85DC70}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C663D907-5F36-46D4-891B-2F9126AD1BE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C6D3DF86-C56D-4A0D-A9B7-451108644B9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCA07642-C99D-461B-990F-A2E81292271F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CDE31234-C3CC-45AB-BAF1-08B2356C4393}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D089D7B7-95C5-4821-8AB4-9D5021A0F7C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D361333C-2A74-4DD1-924D-F5536FA7EEC5}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D3EF62A3-F4B2-4A3C-AC80-B64A40991BF1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D565D3CA-4C44-4462-98CD-C71E9E5292B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8286C37-31A3-456B-96E7-51C01B820700}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D9B3EA17-0C0D-45BD-8AF6-4EA77EA2F314}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC69D7D6-C91D-4829-87D1-360A048FD903}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF221089-7BD5-46C6-A634-E80D1DF92CE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E635663D-12F6-4FC4-8DC2-12AA1BBF5A15}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8B6F1F3-99E0-471C-8124-940E991DDC39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{F1CE6CA0-8BDB-4DFA-BBA9-872AA517DDC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F315DCD3-0B59-4F42-9BE3-B66552AAA5F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F66CB2D4-D35C-45CD-8E6F-E2EC92917714}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F96A2944-D4AF-453E-A674-38E75BBA035C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FAE6C358-C4A9-4B18-92D4-4665779AE73D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{10ECA3A8-B5F2-4F81-8B66-DBF220F8976F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{412001A3-3FF8-428D-8B53-A4274F1BA699}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A831A8BD-D8DE-4DD9-A349-C1881FFFBDA9}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{B67DBBF1-ACE6-4D5E-BE22-3BBEB8B1037D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C2BAB6E9-C1BE-4419-9D3E-A3FEFB3E14F9}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{CF8E1166-9340-4BA5-BBD1-3DDDAA12375C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{D01091A6-C9CC-4242-BC86-3899BCA700A7}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{D33545E8-764C-4394-AFED-5AC272B6F744}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EB6A1FF4-4C10-49E9-ACF9-B57380E9C389}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{0683E01C-8237-41D2-A849-0EE87465F524}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{11730B34-FDDE-4A85-AFA0-DEC333F78C5B}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{3CAB603B-C142-47B7-B07A-17AC38774F05}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{4FF3F819-CF78-4F6C-B58F-7924EBFEE8DA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{5001422C-26EE-4188-8334-0DC78F453230}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{724EED51-F6B8-4BA0-A49D-F1675AB8C270}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{9413BFE9-D482-410B-8EC8-A14285C63BF3}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{ACB5D069-CABB-4EE0-9D5E-A779AE7D1443}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{AEF77A85-1C1D-4899-A3D6-8FE8D0556E34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241E9E85-7173-4AEC-9EE4-82A205EE6075}" = Application Suite
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59DC43FF-8F26-40B2-A566-C69C9457BF7D}" = Moorhuhn Soccer
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Insel 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A05BD6BC-4710-402C-8BF3-B72A09119AE5}" = Doodle Outlook Plugin
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-12-16
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4BA029E-0303-48D2-B9F9-2763D468DC64}" = MainConcept DTV Decoder Standard
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF481D3E-FF15-4EE7-B36B-53C9E4021E8B}" = TMPGEnc 4.0 XPress Testversion
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.22
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCon" = AudioCon
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Catan - Das Kartenspiel MMP" = Catan - Das Kartenspiel MMP
"Catan Online Welt" = Catan Online Welt
"Codec pack Base (DivX, Xvid, 3ivx)" = Codec pack Base (DivX, Xvid, 3ivx)
"CodeWallet Pro 2006 Desktop Companion" = CodeWallet Pro 2006 Desktop Companion
"CodeWallet Pro 2006 for Windows Mobile" = CodeWallet Pro 2006 for Windows Mobile
"Designer 2.0_is1" = Designer 2.0
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"DVBViewer_is1" = DVBViewer Technisat Edition
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Monitor for Google_is1" = Free Monitor for Google 2.4
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx
"Photo Viewer 4.2.2_is1" = Photo Viewer 4.2.2
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Registry Fix_is1" = RegistryFix v8.0
"ResInfo" = WR-Tools ResInfo
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"Sachabenteuer_is1" = Toggolino - Sachabenteuer
"Sea3D" = Sea3D
"Spyware Doctor" = Spyware Doctor mit Antivirus 8.0
"SuperMailer" = SuperMailer 5.00
"TECUNIONLINE" = TECUNIONLINE
"TextMaker Viewer" = TextMaker Viewer
"Three thrixx Games v25" = Three thrixx Games v25
"TmNationsForever_is1" = TmNationsForever
"Trojan Remover_is1" = Trojan Remover 6.8.2
"Trojancheck_is1" = Trojancheck 6
"Uninstall_is1" = Uninstall 1.0.0.1
"Vistumbler" = Vistumbler
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"Wissensabenteuer_is1" = Toggolino - Wissensabenteuer
"X10Hardware" = X10 Hardware(TM)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player
"WM 2010 Spielplan" = WM 2010 Spielplan
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.05.2010 13:29:58 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.05.2010 13:29:58 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.05.2010 14:48:04 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.05.2010 14:48:04 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 11.05.2010 14:50:35 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00039747, Prozess-ID 0x15bc, Anwendungsstartzeit
01caf13acd8705d3.
Error - 11.05.2010 14:59:04 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00039748, Prozess-ID 0x1190, Anwendungsstartzeit
01caf13bf9ab43f3.
Error - 11.05.2010 15:20:45 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x0004a4d2, Prozess-ID 0x13c8, Anwendungsstartzeit
01caf13c755d3853.
Error - 12.05.2010 08:41:42 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.05.2010 08:41:42 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.05.2010 10:33:35 | Computer Name = Stefan-PC | Source = EventSystem | ID = 4621
Description =
[ OSession Events ]
Error - 13.11.2009 15:57:09 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
seconds with 120 seconds of active time. This session ended with a crash.
Error - 10.08.2010 17:24:37 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.10.2010 13:03:25 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 380
seconds with 120 seconds of active time. This session ended with a crash.
Error - 05.01.2011 17:29:30 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 142
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.01.2011 18:37:07 | Computer Name = Stefan-PC | Source = DCOM | ID = 10005
Description =
Error - 12.01.2011 18:37:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.01.2011 18:37:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 12.01.2011 18:37:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.01.2011 18:37:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.01.2011 14:12:37 | Computer Name = Stefan-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.01.2011 um 14:47:08 unerwartet heruntergefahren.
Error - 15.01.2011 14:52:08 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 15.01.2011 14:52:12 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 17.01.2011 14:57:30 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 20.01.2011 13:40:54 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7031
Description =
< End of report >
|
|
20.01.2011, 20:26
| #4 |
| /// Malware-holic | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! 1. deinstaliere spybot, es kann die reinigung stören. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\Stefan\Desktop\registryfix.exe (Registry Fix ) O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [newsecureapp70700.exe] File not found O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [Pnptree] File not found O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [wcrasxemno.exe] File not found O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\RunOnce: [Shockwave Updater] File not found :Files C:\Users\Stefan\Desktop\registryfix.exe C:\Users\Stefan\AppData\Local\Temp\is-GTO5U.tmp C:\Program Files\RegistryFix8 :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne mein computer,, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.01.2011, 20:51
| #5 |
| | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! OK, habe alles durchgeführt und die Datei hochgeladen. Was nun? All processes killed ========== OTL ========== No active process named registryfix.exe was found! Registry value HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Windows\CurrentVersion\Run\\newsecureapp70700.exe deleted successfully. Registry value HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Pnptree deleted successfully. Registry value HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Windows\CurrentVersion\Run\\wcrasxemno.exe deleted successfully. Registry value HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully. ========== FILES ========== C:\Users\Stefan\Desktop\registryfix.exe moved successfully. File\Folder C:\Users\Stefan\AppData\Local\Temp\is-GTO5U.tmp not found. C:\Program Files\RegistryFix8\RegistryFix8Backup folder moved successfully. C:\Program Files\RegistryFix8\logs folder moved successfully. C:\Program Files\RegistryFix8 folder moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: Alexandra ->Flash cache emptied: 13969 bytes User: All Users User: Default User: Default User User: Marek ->Flash cache emptied: 30938 bytes User: Mika ->Flash cache emptied: 4777 bytes User: Public User: Stefan ->Flash cache emptied: 183188 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Alexandra ->Temp folder emptied: 24494097 bytes ->Temporary Internet Files folder emptied: 47385913 bytes ->Java cache emptied: 1506932 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Marek ->Temp folder emptied: 28497301 bytes ->Temporary Internet Files folder emptied: 17192287 bytes ->Flash cache emptied: 0 bytes User: Mika ->Temp folder emptied: 925756 bytes ->Temporary Internet Files folder emptied: 49052259 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Stefan ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 94433979 bytes ->Java cache emptied: 19120628 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 420334 bytes Total Files Cleaned = 270,00 mb OTL by OldTimer - Version 3.2.20.3 log created on 01202011_203854 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\JETBF19.tmp not found! Registry entries deleted on Reboot... |
|
20.01.2011, 21:20
| #6 |
| /// Malware-holic | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! jetzt Malwarebytes updaten, komplett scan, log posten, vorher den pc neustarten.
__________________ --> Habe den Trojaner newsecureapp70700 und werde ihn nicht los! |
|
21.01.2011, 06:51
| #7 |
| | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! Jetzt findet er noch etwas in den "moved Files". Das sollte ja nicht schlimm sein, da dies ja von OTL so produziert wurde, oder? Kann ich die Datei löschen? Ist mein PC dann sauber? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5561 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18999 21.01.2011 06:49:32 mbam-log-2011-01-21 (06-49-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 399695 Laufzeit: 3 Stunde(n), 42 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\_OTL\movedfiles\01202011_203854\C_Users\Stefan\Desktop\registryfix.exe (Rogue.Installer) -> No action taken. |
|
21.01.2011, 13:41
| #8 |
| /// Malware-holic | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! immer mit der ruhe. lade den CCleaner slim: Piriform - Builds falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2011, 14:55
| #9 |
| | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! Keine Angst, bin ruhig. Bin ja jetzt in guten Händen ;-) Da ich heute unterwegs bin, geht es leider erst heute Nacht/morgen Früh weiter... |
|
21.01.2011, 15:07
| #10 |
| /// Malware-holic | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! ja also morgen mittag, bin kein früh aufsteher :d aber das sind ja nur "kosmetische" sachen, updates, aufräumen etc.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
22.01.2011, 10:18
| #11 |
| | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! Das hört sich doch gut an (nur noch Aufräumarbeiten etc.)! Hier die Liste aus CCLEAN. PS: Es ist am Ende auf jeden Fall eine Spende meinerseits fällig! |
|
22.01.2011, 11:44
| #12 |
| /// Malware-holic | Habe den Trojaner newsecureapp70700 und werde ihn nicht los! erst mal, danke und kein problem! Adobe Reader 8 ersetzen: Adobe - Adobe Reader herunterladen - Alle Versionen bitte den mcafee security scan nicht mit instalieren. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere. Apple Software Update ArcSoft alle. Codec pack verzichte drauf und nimm lieber nen vernünftigen player vlc spielt alles. VideoLAN - VLC media player for Windows deinstaliere: Google Desktop Google SketchUp Java(TM) 6 Update 4 Letstrade beide MEDION Fotos auf CD MEDIONbox Photo Viewer PhotoNow RegistryFix Sea3D Spelling Dictionaries Support For Adobe Reader TextMaker TMPGEnc 4.0 XPress Testversion Trojan Remover Trojancheck Unity Web Player WM 2010 Spielplan bereinige dan dateien + registry mit dem ccleaner.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Habe den Trojaner newsecureapp70700 und werde ihn nicht los! |
| anti-malware, etliche, gemeldet, hilfreich, immer wieder, löschen, malwarebytes, malwarebytes anti-malware, probiert, registry, taucht, tools, troja, trojaner |
Linear-Darstellung
