| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.04.2011, 13:43
| #1 |
| |  Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt Hallo, Gestern mitten beim gemütliche Surfen hat es angefangen: Musik im Hintergrund (Becks-Werbung, danach irgendein Gebrabbel), HDD meldet über ein ominöses Windows-Fake-Tool Fehler, Avira schlägt Alarm, Desktop sowie Dateien unter Windows (vista) sind versteckt... Habe das ganze dann mit Malwarebytes sowie Unhide und CCleaner erstmal soweit in den Griff gekriegt, um meine Daten zu sichern zu können, Die Fehlermeldungen sind weg, der großteil der Malware wohl auch... Nur die Hintergrundsounds sind immer noch da... Ab und an meldet sich ein abgestürztes Windows internet-explorer Script per popup, dass auf irgendwelche "gossipcenter.com"-Seite ein skripfehler aufgetreten ist und ob ich das script weiter ausführen will, aber der Rest ist erstmal in Ordnung... Wie krieg ich jetzt noch die restlichen Spuren von dem Zeugs runter vom System (Wird eh plattgemacht, aber stört doch sehr die Datensicherung, etc. und ich will auf nummer sicher gehen, dass da nichts mit "rüberwandert") OTL-Logs sind angefügt, die Malwarebytes-Logs auch... Schon mal vielen Dank für eventuelle Hilfe! OTL-Logs (zusätzlich noch als Anhang, Fragt mich bitte nicht, wieso da Run 3 steht, das sind die einzigsten Logs die ich gemacht habe gerade eben): Code:
ATTFilter OTL logfile created on: 23.04.2011 14:23:53 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\abakus\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220,27 Gb Total Space | 4,26 Gb Free Space | 1,94% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 0,27 Gb Free Space | 2,66% Space Free | Partition Type: NTFS Computer Name: LAPTOPDELL | User Name: abakus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\abakus\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Windows\OEM04Mon.exe (Creative Technology Ltd.) PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc) PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ========== Modules (SafeList) ========== MOD - C:\Users\abakus\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) ========== Driver Services (SafeList) ========== DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (OEM04Vid) -- C:\Windows\System32\drivers\OEM04Vid.sys (Creative Technology Ltd.) DRV - (OEM04Vfx) -- C:\Windows\System32\drivers\OEM04Vfx.sys (EyePower Games Pte. Ltd.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (CH341SER) -- C:\Windows\System32\drivers\CH341SER.SYS (www.winchiphead.com) DRV - (TfBulk) -- C:\Windows\System32\drivers\TfBulk.SYS (Topfield (visit www.topfield.co.kr)) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI) DRV - (slabbus) CP210x USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI) DRV - (CYGF32X) -- C:\Windows\System32\drivers\CygF32x.sys (Cygnal Integrated Products) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=6080226 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.crc-oberkirch.de/\r" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.8 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "192.168.0.1" FF - prefs.js..network.proxy.gopher: "192.168.0.1" FF - prefs.js..network.proxy.http: "192.168.0.1" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.0.1" FF - prefs.js..network.proxy.ssl: "192.168.0.1" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\components [2011.04.13 19:19:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\plugins [2011.03.23 22:16:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.02.21 12:26:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.02.21 12:26:48 | 000,000,000 | ---D | M] [2010.08.31 19:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abakus\AppData\Roaming\mozilla\Extensions [2010.08.31 19:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abakus\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.22 22:17:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\abakus\AppData\Roaming\mozilla\Firefox\Profiles\k40y2snm.default\extensions [2010.05.03 20:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\abakus\AppData\Roaming\mozilla\Firefox\Profiles\k40y2snm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.23 20:41:40 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\abakus\AppData\Roaming\mozilla\Firefox\Profiles\k40y2snm.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} [2011.04.06 23:14:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\abakus\AppData\Roaming\mozilla\Firefox\Profiles\k40y2snm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.30 15:14:21 | 000,009,837 | ---- | M] () -- C:\Users\abakus\AppData\Roaming\Mozilla\Firefox\Profiles\k40y2snm.default\searchplugins\ddl-search-v2.xml [2011.04.21 21:23:06 | 000,000,944 | ---- | M] () -- C:\Users\abakus\AppData\Roaming\Mozilla\Firefox\Profiles\k40y2snm.default\searchplugins\icqplugin.xml [2009.10.10 00:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.11.03 13:06:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} O1 HOSTS File: ([2010.11.16 00:55:56 | 000,000,035 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 212.117.163.43 search.yahoo.com O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AKInstallerReboot_737957895F8E4FFAA14D70ED252AE1A9] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [cleanmgr] File not found O4 - HKLM..\Run: [Copy Handler] File not found O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DellSupportCenter] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Bilder\Auto-Bilder\Focus ST\Belichtungsreihe\ST - Hintergrund Lappi.jpg O24 - Desktop BackupWallPaper: C:\Bilder\Auto-Bilder\Focus ST\Belichtungsreihe\ST - Hintergrund Lappi.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\Shell - "" = AutoRun O33 - MountPoints2\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\Shell\AutoRun\command - "" = F:\sources\sperr32.exe x64 O33 - MountPoints2\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\Shell - "" = AutoRun O33 - MountPoints2\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: cmdkwwiz - (C:\Windows\system32\ieUnfmon.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.23 02:43:30 | 000,000,000 | ---D | C] -- C:\Users\abakus\AppData\Roaming\Malwarebytes [2011.04.23 02:43:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.23 02:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.23 02:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.23 02:43:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.23 02:30:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\abakus\Desktop\OTL.exe [2011.04.23 01:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.23 01:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.04.18 03:22:17 | 000,000,000 | ---D | C] -- C:\Resize [2011.04.14 21:50:07 | 000,000,000 | ---D | C] -- C:\Win7 [2011.04.13 17:14:04 | 000,000,000 | ---D | C] -- C:\Users\abakus\Desktop\Sortieren [2011.04.13 03:18:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.13 01:21:34 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 01:21:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 01:21:28 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 01:21:27 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 01:21:19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 01:21:06 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 01:21:06 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 01:21:05 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 01:21:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 01:21:05 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.13 01:21:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.13 01:21:00 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 01:20:56 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 01:20:56 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.02 22:56:44 | 000,000,000 | ---D | C] -- C:\Panorama [2011.04.01 15:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Castle Link [2010.06.23 16:28:20 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcpp19.dll [2010.06.23 16:28:20 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe [2008.08.30 19:12:02 | 011,773,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll [2008.08.30 19:12:01 | 000,492,504 | ---- | C] (sqlite.org) -- C:\Program Files\sqlite3.dll [2008.08.30 19:11:58 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll [2008.08.30 19:11:58 | 000,089,048 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll [2008.08.30 19:11:57 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcrt19.dll [2008.08.30 19:11:55 | 000,107,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe [2008.03.11 19:23:26 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll [2008.03.11 19:23:26 | 000,343,000 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll [2008.03.11 19:23:26 | 000,245,208 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe [2008.03.11 19:23:26 | 000,203,736 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll [2008.03.11 19:23:26 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll [2008.03.11 19:23:26 | 000,142,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll [2008.03.11 19:23:26 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll [2008.03.11 19:23:26 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll [2008.03.11 19:23:26 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll [2008.03.11 19:23:26 | 000,018,904 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll [2008.03.11 19:23:25 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll [2008.03.11 19:23:24 | 000,912,344 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe [2008.03.11 19:23:24 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll ========== Files - Modified Within 30 Days ========== [2011.04.23 14:27:59 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.23 14:27:59 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.23 14:27:59 | 000,131,194 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.23 14:27:59 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.23 14:22:42 | 000,002,445 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2011.04.23 14:22:36 | 000,253,438 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.23 14:22:27 | 000,253,438 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.23 14:21:45 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 14:21:42 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.23 14:21:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.23 14:21:16 | 3756,044,288 | -HS- | M] () -- C:\hiberfil.sys [2011.04.23 14:20:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.23 02:43:26 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 02:39:54 | 000,504,657 | ---- | M] () -- C:\Users\abakus\Desktop\unhide.exe [2011.04.23 02:28:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\abakus\Desktop\OTL.exe [2011.04.23 01:24:42 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.22 22:32:04 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D0DE1368-97FE-4ED4-8B8E-B1693F7AF537}.job [2011.04.18 03:25:00 | 000,000,600 | ---- | M] () -- C:\Users\abakus\AppData\Roaming\winscp.rnd [2011.04.18 03:17:39 | 000,161,792 | ---- | M] () -- C:\Users\abakus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 00:50:22 | 000,001,000 | ---- | M] () -- C:\Users\abakus\Desktop\CastleLink V3.29.0.lnk [2011.04.13 04:10:46 | 001,809,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.01 15:47:14 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\CastleLink V3.29.0.lnk ========== Files Created - No Company Name ========== [2011.04.23 14:08:57 | 3756,044,288 | -HS- | C] () -- C:\hiberfil.sys [2011.04.23 02:51:35 | 000,504,657 | ---- | C] () -- C:\Users\abakus\Desktop\unhide.exe [2011.04.23 02:43:26 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.23 01:24:42 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.17 00:50:22 | 000,001,000 | ---- | C] () -- C:\Users\abakus\Desktop\CastleLink V3.29.0.lnk [2011.04.01 15:48:58 | 000,000,323 | ---- | C] () -- C:\Users\abakus\AppData\Local\CastleLinkProps.dat [2011.04.01 15:47:14 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\CastleLink V3.29.0.lnk [2011.03.23 22:16:43 | 000,011,666 | ---- | C] () -- C:\Program Files\updates.xml [2011.03.23 22:16:43 | 000,000,057 | ---- | C] () -- C:\Program Files\active-update.xml [2010.08.08 15:54:08 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2010.08.04 17:03:40 | 000,000,110 | ---- | C] () -- C:\Program Files\fjhdyfhsn.bat [2010.08.04 17:03:19 | 000,000,020 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\bawuho.dat [2010.07.22 00:45:01 | 000,000,115 | ---- | C] () -- C:\Program Files\dependentlibs.list [2010.01.26 20:56:48 | 000,172,600 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2010.01.25 21:55:05 | 000,000,073 | ---- | C] () -- C:\Windows\Altair.INI [2010.01.14 21:38:03 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.12.11 16:11:00 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2009.12.11 16:11:00 | 000,000,858 | ---- | C] () -- C:\Windows\unins000.dat [2009.11.10 02:53:24 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.11.09 20:42:29 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.11.03 12:43:00 | 000,000,478 | ---- | C] () -- C:\Program Files\nssdbm3.chk [2009.10.10 00:29:08 | 000,005,493 | ---- | C] () -- C:\Windows\cdplayer.ini [2009.10.08 10:25:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.08 10:25:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.30 23:22:49 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.30 23:22:48 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.07.24 00:38:32 | 000,253,438 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.24 00:38:32 | 000,253,438 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.07.22 12:26:46 | 000,000,003 | ---- | C] () -- C:\Program Files\update.locale [2009.06.22 21:57:33 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini [2009.06.22 21:56:12 | 000,000,099 | ---- | C] () -- C:\Windows\Realflight.INI [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.04.26 19:14:39 | 000,000,728 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\DriveCalculator Preferences [2008.11.06 00:07:37 | 000,000,600 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\winscp.rnd [2008.08.30 19:11:58 | 000,016,246 | ---- | C] () -- C:\Program Files\removed-files [2008.08.30 19:11:58 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini [2008.08.30 19:11:55 | 000,004,296 | ---- | C] () -- C:\Program Files\crashreporter.ini [2008.08.30 19:11:55 | 000,000,705 | ---- | C] () -- C:\Program Files\crashreporter-override.ini [2008.08.30 19:11:51 | 000,004,496 | ---- | C] () -- C:\Program Files\blocklist.xml [2008.08.30 19:11:51 | 000,002,129 | ---- | C] () -- C:\Program Files\application.ini [2008.08.16 19:32:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.05 20:53:35 | 000,000,552 | ---- | C] () -- C:\Users\abakus\AppData\Local\d3d8caps.dat [2008.03.24 13:25:17 | 000,000,300 | ---- | C] () -- C:\Windows\game.ini [2008.03.15 18:13:22 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.03.15 18:13:21 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.03.15 18:13:14 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.03.11 23:03:50 | 000,001,202 | ---- | C] () -- C:\Windows\mozver.dat [2008.03.11 19:24:06 | 000,000,000 | ---- | C] () -- C:\Program Files\.autoreg [2008.03.11 19:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.03.11 19:23:29 | 000,000,701 | ---- | C] () -- C:\Program Files\updater.ini [2008.03.11 19:23:29 | 000,000,220 | ---- | C] () -- C:\Program Files\browserconfig.properties [2008.03.11 19:23:26 | 001,018,328 | ---- | C] () -- C:\Program Files\js3250.dll [2008.03.11 19:23:26 | 000,031,393 | ---- | C] () -- C:\Program Files\LICENSE [2008.03.11 19:23:26 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk [2008.03.11 19:23:25 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk [2008.03.06 23:28:48 | 000,175,014 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\nvModes.001 [2008.03.06 23:28:44 | 000,175,014 | ---- | C] () -- C:\Users\abakus\AppData\Roaming\nvModes.dat [2008.03.06 22:05:00 | 000,161,792 | ---- | C] () -- C:\Users\abakus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.26 05:51:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.02.26 05:50:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.25 22:08:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.02.25 21:57:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.07.25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.15 20:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 17:33:31 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,131,194 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 001,809,152 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\abakus\skull_logo.jpg:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Visual Studio 2008:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Version Cue:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Sony Ericsson:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\RealFlight G4:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\RCT3:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\OneNote-Notizbücher:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\NFS SHIFT:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Meine Paletten:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Video_deluxe_16_Download-Version:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Speed2_burnR_mxcdr:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Screenshare:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX Downloads:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\KMPlayer:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\ImTOO Software Studio:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Dell Webcam Center:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Corel:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Bioshock:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Anno 1404:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\AdobeStockPhotos:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Adobe Scripts:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\abakus\Desktop\Sortieren:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\SuBi:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Modellbau:Roxio EMC Stream @Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2011 14:23:53 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\abakus\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,27 Gb Total Space | 4,26 Gb Free Space | 1,94% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 0,27 Gb Free Space | 2,66% Space Free | Partition Type: NTFS
Computer Name: LAPTOPDELL | User Name: abakus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2451145638-1982524823-2130488400-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{238C2A9A-5CE5-465B-B1C6-0CDF7CA006D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2940F504-1954-4FA1-B1A7-41F39EDCEEA5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2B46D42B-5A88-4559-9B4E-325C1A4A4F11}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2EB8256B-F78D-4FB1-9E81-C2B517BE4822}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66A844EC-69E7-4779-B593-2BE19990D811}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7B487717-4534-4062-89C1-F2DA093C0AD0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B37C2C97-D26A-4529-839B-8D509AD80912}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C028A73C-5398-4B1A-A39D-08196F4A9659}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB959ABA-DBCF-42C0-8938-0AFE94EADBF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE676EA-39C0-442E-8DCE-9A7539D7A5CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F6236FE-4B5D-442A-9984-452503FA4379}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{105BCD5E-A222-4DB1-9264-2051F1D1205C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13D4555F-30A3-460C-9DC7-9EAC61344A43}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{160C5103-3007-4EF6-91F7-0FD40947D2CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{18D42D4F-4F9C-47F8-832B-18A6DEF2EF1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{292A9302-2C4C-4443-BF2A-CB9D5D39B6CB}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{3582933E-FBBE-4646-9ADE-CDFC33607848}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37EA8649-46CA-4899-A029-291B25AE2D63}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\semc omsi module\semc omsi module.exe |
"{39A22E71-04C3-48B1-ABB4-30E522529CE3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{449B9DAC-534E-47CD-89EC-66053AC3E62D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4536F702-C816-47C1-B84F-537D1D1B8F43}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{48BD8565-30CE-444B-9B27-6E2536801F40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{53B233D3-E0FD-4FC9-9110-B69BF332812E}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{645111C7-D256-4A49-9C83-877376734784}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65C9BD6B-CFAC-40E6-B8F7-DDBE726A17F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7406E7CE-C275-442D-ABE7-6CC26D377E46}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7609130E-9453-4481-B45E-ABCC5F99E6BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76C5A276-87CA-4D1A-9A0C-AEC7DD645446}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7D52F021-1551-4D49-8FC9-E581D0311376}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{824F2DFF-AF80-45B7-A470-67EB80B3AFDB}" = protocol=6 | dir=out | app=system |
"{97C2F876-D8C5-44D3-A26F-8A91F68AA7AA}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{9B529FB8-B20F-457A-AE3E-FC315EEA7DD3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{A02AECFC-AE58-4D55-8821-0E6F3BC1AACD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A89D069D-9782-467B-B4FB-B4B34329EC70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADCE5659-C685-4226-9076-DF64BA9CEE97}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{AE1655B2-4D32-47E5-99F6-A695161F2D9E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B46AEF4C-FE7C-41AC-A9AD-6C72585014BB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{B96C951C-C32B-4C51-AB3A-B3497D04C25F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{C224466E-2977-4733-B85C-D25A1D6C85A9}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{C27D3795-1D13-4A89-B5CA-F514CD078509}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{C2D94260-5F87-43F4-B2EA-CDA1DC9A259D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C52E59B2-989A-4DBB-8DD9-22DEB0BE881A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C6A779AE-4AD3-439E-9AF9-82A3B1BAA3D2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E12C20D1-0D8F-431B-B2A1-92E69AE66D85}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{E63ED4C9-6BE7-4CE6-8019-A14ECFD692FA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\semc omsi module\semc omsi module.exe |
"{E6D6E4AB-79FE-4E5A-8AFA-87870E3AF8AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EAE395E2-050B-4AB4-B4C4-244E36AB8CC1}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{EB9AA9A3-117E-44C0-98CA-5F0EEAEEB670}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{F9213CB3-C5DE-4216-AD49-49D712B325B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB57D9CE-4CEB-4157-934B-3B3F8A1D9861}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{FEC37177-C375-414E-96A6-FB89ADDD5DA4}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{923A4C69-6327-470E-AFA5-9086925D448B}C:\program files\abc\abc.exe" = protocol=6 | dir=in | app=c:\program files\abc\abc.exe |
"TCP Query User{9F6FC0B6-A266-42A7-B475-7DA473E9FE48}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{BB8A7718-B360-49C3-B0BA-7D46F4BB4770}C:\games\nexuiz\nexuiz\nexuiz.exe" = protocol=6 | dir=in | app=c:\games\nexuiz\nexuiz\nexuiz.exe |
"TCP Query User{BBF64915-5658-4C2A-9D7F-AA119EB7A054}C:\games\steam\steamapps\epfelbutz\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\games\steam\steamapps\epfelbutz\team fortress 2\hl2.exe |
"TCP Query User{C8541742-0FD8-49CA-8E0F-BC56439BB9EC}C:\users\abakus\desktop\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\users\abakus\desktop\world of padman\wop.exe |
"TCP Query User{DEAD958A-2DC3-465B-AA63-172E1FF064E0}C:\games\world of padman\wop.exe" = protocol=6 | dir=in | app=c:\games\world of padman\wop.exe |
"TCP Query User{E09EF945-0388-40CC-82BF-E4F3E464886F}C:\program files\firefox.exe" = protocol=6 | dir=in | app=c:\program files\firefox.exe |
"UDP Query User{3B2D5A9D-D9AB-40C1-B41E-2D4E6C850CDF}C:\program files\abc\abc.exe" = protocol=17 | dir=in | app=c:\program files\abc\abc.exe |
"UDP Query User{5439E6C1-2893-4AB4-81B2-E354C21EDEA2}C:\games\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\games\world of padman\wop.exe |
"UDP Query User{665FD235-994E-444D-B2D3-906451C60ED8}C:\users\abakus\desktop\world of padman\wop.exe" = protocol=17 | dir=in | app=c:\users\abakus\desktop\world of padman\wop.exe |
"UDP Query User{B9EC4F7C-C1DB-4D78-9D82-11BFCC08E40B}C:\games\steam\steamapps\epfelbutz\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\games\steam\steamapps\epfelbutz\team fortress 2\hl2.exe |
"UDP Query User{C34FBE9B-1917-4EE3-A228-16EE33D3247A}C:\games\nexuiz\nexuiz\nexuiz.exe" = protocol=17 | dir=in | app=c:\games\nexuiz\nexuiz\nexuiz.exe |
"UDP Query User{DD2C0A8B-CE5D-4CCD-B3FE-D4510C278A34}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{FEB1906F-860A-40A3-84C5-7EE6DF3CCE3B}C:\program files\firefox.exe" = protocol=17 | dir=in | app=c:\program files\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Foto-Manager 2009
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5D3DAABF-723A-44FB-9408-6AB8887DD056}" = Corel Graphics - Windows Shell Extension
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73795789-5F8E-4FFA-A14D-70ED252AE1A9}" = LogView 2
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour-Druckdienste
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AD188724-A159-49CB-81CA-E6ECDF067391}" = Castle Link
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBAAD3E-0B95-496E-A939-F54309F26856}_is1" = Genius
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Creative OEM004" = Laptop Integrated Webcam Driver (1.03.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"ImTOO iPhone Ringtone Maker" = ImTOO iPhone Ringtone Maker
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Movies2iPhone" = Movies2iPhone .74b
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"Mp3tag" = Mp3tag v2.44
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3_is1" = Photomatix Pro version 3.0.3RC2
"ProInst" = Intel(R) PROSet/Wireless Software
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SecuROM Diagnostic Tool" = SecuROM Diagnostic Tool
"SLABCOMM&10C4&EA60" = CP210x USB to UART Bridge Controller
"SynTPDeinstKey" = Dell Touchpad
"TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay
"Trillian" = Trillian
"VLC media player" = VLC media player 0.9.8a
"WinISD beta" = WinISD beta
"winscp3_is1" = WinSCP 4.1.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2011 08:39:54 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13806
Error - 15.04.2011 08:39:56 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.04.2011 08:39:56 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15475
Error - 15.04.2011 08:39:56 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15475
Error - 16.04.2011 14:24:31 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.04.2011 14:24:31 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 107090505
Error - 16.04.2011 14:24:31 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 107090505
Error - 16.04.2011 14:24:32 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.04.2011 14:24:32 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 107091628
Error - 16.04.2011 14:24:32 | Computer Name = LaptopDell | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 107091628
[ Media Center Events ]
Error - 18.04.2008 06:18:27 | Computer Name = LaptopDell | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 09.09.2008 21:03:23 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7000
Description =
Error - 09.09.2008 21:04:24 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7009
Description =
Error - 09.09.2008 21:04:24 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7000
Description =
Error - 09.09.2008 21:04:58 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7009
Description =
Error - 09.09.2008 21:04:58 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7000
Description =
Error - 09.09.2008 21:13:45 | Computer Name = LaptopDell | Source = HTTP | ID = 15016
Description =
Error - 14.09.2008 10:06:10 | Computer Name = LaptopDell | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.09.2008 um 16:04:53 unerwartet heruntergefahren.
Error - 14.09.2008 10:06:14 | Computer Name = LaptopDell | Source = HTTP | ID = 15016
Description =
Error - 14.09.2008 10:06:52 | Computer Name = LaptopDell | Source = Service Control Manager | ID = 7026
Description =
Error - 11.10.2008 19:24:21 | Computer Name = LaptopDell | Source = DCOM | ID = 10010
Description =
< End of report >
Geändert von StartUp (23.04.2011 um 14:00 Uhr) |
|
25.04.2011, 15:03
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "192.168.0.1"
FF - prefs.js..network.proxy.gopher: "192.168.0.1"
FF - prefs.js..network.proxy.http: "192.168.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.1"
FF - prefs.js..network.proxy.ssl: "192.168.0.1"
FF - prefs.js..network.proxy.type: 4
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [cleanmgr] File not found
O4 - HKLM..\Run: [Copy Handler] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\Shell - "" = AutoRun
O33 - MountPoints2\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\Shell\AutoRun\command - "" = F:\sources\sperr32.exe x64
O33 - MountPoints2\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\Shell - "" = AutoRun
O33 - MountPoints2\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\skull_logo.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Visual Studio 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Version Cue:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Sony Ericsson:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\RealFlight G4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\RCT3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\NFS SHIFT:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Meine Paletten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Video_deluxe_16_Download-Version:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Speed2_burnR_mxcdr:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX_Screenshare:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\MAGIX Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\KMPlayer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\ImTOO Software Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Corel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Bioshock:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Anno 1404:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\AdobeStockPhotos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Documents\Adobe Scripts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\abakus\Desktop\Sortieren:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Program Files\SuBi:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Modellbau:Roxio EMC Stream
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
26.04.2011, 18:28
| #3 |
| | Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt Hier das OTL-Fix-Log:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" removed from keyword.URL
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: 0 removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.gopher
Prefs.js: 0 removed from network.proxy.backup.gopher_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: 0 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 0 removed from network.proxy.backup.ssl_port
Prefs.js: "192.168.0.1" removed from network.proxy.ftp
Prefs.js: "192.168.0.1" removed from network.proxy.gopher
Prefs.js: "192.168.0.1" removed from network.proxy.http
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "192.168.0.1" removed from network.proxy.socks
Prefs.js: "192.168.0.1" removed from network.proxy.ssl
Prefs.js: 4 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\cleanmgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Copy Handler deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fffe1eb-9826-11de-bc3d-0023ae0ad5ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fffe207-9826-11de-bc3d-0023ae0ad5ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7860aee0-f2a8-11dc-98ff-001d093cafdb}\ not found.
File F:\sources\sperr32.exe x64 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bbb7736-9da6-11de-88b6-0023ae0ad5ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90d40524-088e-11df-9bf9-0023ae0ad5ab}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5d2f2f-e532-11de-9847-0023ae0ad5ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5d2f36-e532-11de-9847-0023ae0ad5ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5d2f38-e532-11de-9847-0023ae0ad5ab}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f325df3d-e70e-11de-a2de-0023ae0ad5ab}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f58a8cc2-d3e8-11de-93c9-0023ae0ad5ab}\ not found.
File F:\LaunchU3.exe -a not found.
ADS C:\Users\abakus\skull_logo.jpg:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Visual Studio 2008:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Version Cue:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Sony Ericsson:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\RealFlight G4:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\RCT3:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\OneNote-Notizbücher:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\NFS SHIFT:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Meine Paletten:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\MAGIX_Video_deluxe_16_Download-Version:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\MAGIX_Speed2_burnR_mxcdr:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\MAGIX_Screenshare:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\MAGIX Downloads:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\KMPlayer:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\ImTOO Software Studio:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Dell Webcam Center:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Corel:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Bioshock:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Anno 1404:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\AdobeStockPhotos:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Documents\Adobe Scripts:Roxio EMC Stream deleted successfully.
ADS C:\Users\abakus\Desktop\Sortieren:Roxio EMC Stream deleted successfully.
ADS C:\Program Files\SuBi:Roxio EMC Stream deleted successfully.
ADS C:\Modellbau:Roxio EMC Stream deleted successfully.
ADS C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: abakus
->Temp folder emptied: 434 bytes
->Temporary Internet Files folder emptied: 2784027 bytes
->Java cache emptied: 8521041 bytes
->FireFox cache emptied: 66637223 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1867244 bytes
User: Administrator
->Temp folder emptied: 33302 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 304138 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 77,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04262011_184936
Files\Folders moved on Reboot...
C:\Windows\temp\JETBF29.tmp moved successfully.
Registry entries deleted on Reboot...
Rest vom PC ist allerdings jetzt unauffällig... StartUp |
|
26.04.2011, 18:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.04.2011, 21:46
| #5 |
| | Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt Hallo, Hier die Combofix.txt: Code:
ATTFilter ComboFix 11-04-26.01 - abakus 26.04.2011 22:20:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3581.2701 [GMT 2:00]
ausgeführt von:: c:\users\abakus\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\INSTALL.LOG
c:\program files\PluginDL
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\recycle.bin\Recycle.Bin.exe
c:\windows\system32\tmp.reg
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-26 bis 2011-04-26 ))))))))))))))))))))))))))))))
.
.
2011-04-26 20:28 . 2011-04-26 20:32 -------- d-----w- c:\users\abakus\AppData\Local\temp
2011-04-26 20:28 . 2011-04-26 20:28 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-04-26 20:28 . 2011-04-26 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 20:28 . 2011-04-26 20:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-26 18:26 . 2011-04-26 18:26 143360 ----a-w- c:\windows\system32\null0.19355923350924187.exe
2011-04-26 17:20 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66FD57AC-EBEA-426F-8CB4-0AB8792C74F1}\mpengine.dll
2011-04-26 16:49 . 2011-04-26 16:49 -------- d-----w- C:\_OTL
2011-04-23 00:43 . 2011-04-23 00:43 -------- d-----w- c:\users\abakus\AppData\Roaming\Malwarebytes
2011-04-23 00:43 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-23 00:43 . 2011-04-23 00:43 -------- d-----w- c:\programdata\Malwarebytes
2011-04-23 00:43 . 2011-04-23 00:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-22 23:24 . 2011-04-22 23:25 -------- d-----w- c:\program files\CCleaner
2011-04-18 01:22 . 2011-04-18 01:23 -------- d-----w- C:\Resize
2011-04-12 23:20 . 2011-02-16 16:21 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-04-12 23:20 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-12 23:20 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-02 20:56 . 2011-04-02 21:22 -------- d-----w- C:\Panorama
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-23 20:16 . 2008-08-30 17:12 11773912 ----a-w- c:\program files\xul.dll
2011-03-23 20:16 . 2010-06-23 14:28 719832 ----a-w- c:\program files\mozcpp19.dll
2011-03-23 20:16 . 2010-06-23 14:28 16856 ----a-w- c:\program files\plugin-container.exe
2011-03-23 20:16 . 2008-08-30 17:12 492504 ----a-w- c:\program files\sqlite3.dll
2011-03-23 20:16 . 2008-08-30 17:11 98304 ----a-w- c:\program files\nssdbm3.dll
2011-03-23 20:16 . 2008-08-30 17:11 89048 ----a-w- c:\program files\nssutil3.dll
2011-03-23 20:16 . 2008-08-30 17:11 719832 ----a-w- c:\program files\mozcrt19.dll
2011-03-23 20:16 . 2008-08-30 17:11 107480 ----a-w- c:\program files\crashreporter.exe
2011-03-23 20:16 . 2008-03-11 17:23 646104 ----a-w- c:\program files\nss3.dll
2011-03-23 20:16 . 2008-03-11 17:23 343000 ----a-w- c:\program files\nssckbi.dll
2011-03-23 20:16 . 2008-03-11 17:23 245208 ----a-w- c:\program files\updater.exe
2011-03-23 20:16 . 2008-03-11 17:23 21976 ----a-w- c:\program files\plc4.dll
2011-03-23 20:16 . 2008-03-11 17:23 203736 ----a-w- c:\program files\nspr4.dll
2011-03-23 20:16 . 2008-03-11 17:23 19416 ----a-w- c:\program files\xpcom.dll
2011-03-23 20:16 . 2008-03-11 17:23 18904 ----a-w- c:\program files\plds4.dll
2011-03-23 20:16 . 2008-03-11 17:23 155648 ----a-w- c:\program files\softokn3.dll
2011-03-23 20:16 . 2008-03-11 17:23 142296 ----a-w- c:\program files\ssl3.dll
2011-03-23 20:16 . 2008-03-11 17:23 105432 ----a-w- c:\program files\smime3.dll
2011-03-23 20:16 . 2008-03-11 17:23 1018328 ----a-w- c:\program files\js3250.dll
2011-03-23 20:16 . 2008-03-11 17:23 249856 ----a-w- c:\program files\freebl3.dll
2011-03-23 20:16 . 2008-03-11 17:23 912344 ----a-w- c:\program files\firefox.exe
2011-03-23 20:16 . 2008-03-11 17:23 19416 ----a-w- c:\program files\AccessibleMarshal.dll
2011-02-22 14:13 . 2011-03-23 11:45 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 11:45 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 11:45 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-07 13:59 . 2011-02-07 13:59 119808 ----a-r- c:\users\abakus\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2011-02-02 16:11 . 2009-10-03 20:07 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 21:59 . 2011-01-26 21:59 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2011-01-26 21:59 . 2011-01-26 21:59 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2011-01-26 21:58 . 2011-01-26 21:58 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-08-04 15:03 . 2010-08-04 15:03 110 ----a-w- c:\program files\fjhdyfhsn.bat
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA61DE26-FA67-4575-9033-918671094293}]
2008-08-14 13:57 2484224 ----a-w- c:\users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]
.
[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{000E148C-F7A7-445A-9044-93BF6CE09ECB}"= "c:\users\abakus\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll" [2008-08-14 2484224]
.
[HKEY_CLASSES_ROOT\clsid\{000e148c-f7a7-445a-9044-93bf6ce09ecb}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB03968.TBSB03968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-12-03 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-03 149280]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\abakus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2008-2-25 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 19:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2451145638-1982524823-2130488400-1000]
"EnableNotificationsRef"=dword:00000002
.
R0 zvjew;zvjew; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 CH341SER;CH341SER;c:\windows\system32\Drivers\CH341SER.SYS [2007-09-23 37488]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 TfBulk;TfBulk;c:\windows\system32\DRIVERS\TfBulk.sys [2007-05-31 13312]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-03-15 682232]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
S3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\system32\DRIVERS\OEM04Vfx.sys [2007-12-03 7424]
S3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\system32\DRIVERS\OEM04Vid.sys [2007-12-03 234720]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-26 c:\windows\Tasks\User_Feed_Synchronization-{D0DE1368-97FE-4ED4-8B8E-B1693F7AF537}.job
- c:\windows\system32\msfeedssync.exe [2008-06-10 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\abakus\AppData\Roaming\Mozilla\Firefox\Profiles\k40y2snm.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.crc-oberkirch.de/\r
FF - Ext: eBay Sidebar for Firefox: {62760FD6-B943-48C9-AB09-F99C6FE96088} - %profile%\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-4E3E0230AEBB4E96 - c:\recycle.bin\Recycle.Bin.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
AddRemove-RealFlightG4Pro - c:\program files\Common Files\KnifeEdge\LauncherHelperG4.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-26 22:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.amr"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bwf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cel"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.flc"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fli"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2451145638-1982524823-2130488400-1000)
"Progid"="ACDSee Foto-Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m15"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m1a"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m2a"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m4b"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m4p"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m4v"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m75"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mpv"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2451145638-1982524823-2130488400-1000)
"Progid"="ACDSee Foto-Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2451145638-1982524823-2130488400-1000)
"Progid"="ACDSee Foto-Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pics"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2451145638-1982524823-2130488400-1000)
"Progid"="ACDSee Foto-Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psd"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.qcp"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.qtpf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sdv"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sfil"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.smf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.smi"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.smil"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sml"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.swa"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ulw"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.vfw"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 2009.xpm"
.
[HKEY_USERS\S-1-5-21-2451145638-1982524823-2130488400-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bb,67,13,bb,e6,86,50,86,f7,e5,2e,03,c2,60,c0,38,63,88,fb,2e,0d,ca,0d,
b6,4e,fc,04,2a,ee,a8,06,c3,c2,a5,18,41,62,33,cf,51,1e,61,31,53,b7,95,22,f8,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3440)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\conime.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
c:\windows\System32\rundll32.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-26 22:41:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-26 20:41
.
Vor Suchlauf: 7.517.548.544 Bytes frei
Nach Suchlauf: 7.144.144.896 Bytes frei
.
- - End Of File - - ECFACA10A4244CD9B3C511EC2D22D986
 *edit* TDSSKILLER ging nach dem Combofix-Durchlauf, hat einen Tread entfernt, nur hab ich da kein Log finden können... wenn ich das Programm neu starte, ist der Log leer... Bis jetzt schauts aber echt wieder so aus, als wärs überstanden...ich lass grad nochmal malwarebyte durchlaufen Geändert von StartUp (26.04.2011 um 22:45 Uhr) |
|
26.04.2011, 23:49
| #6 |
| | Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt Hi, ich könnt kotzen... Grad eben wieder komplett neu vom Anfang... Oh mann, ich versuch noch die letzten Daten zu retten und dann schiess ich die Kiste ab... *kotz* Die Frage ist halt, wie schütz ich mich vor erneutem Befall? StartUp |
|
27.04.2011, 10:35
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter File::
c:\windows\system32\null0.19355923350924187.exe
c:\program files\fjhdyfhsn.bat
Folder::
C:\Resize
Driver::
zvjew
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt |
| 7-zip, adblock, alternate, antivir, audiograbber, avgntflt.sys, avira, bho, bonjour, desktop, device driver, ebay, error, excel, fehler, firefox, flash player, focus, home, install.exe, kazy.mekml, location, logfile, microsoft office word, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, office 2007, oldtimer, plug-in, registry, saver, scan, sched.exe, searchplugins, security, security update, shell32.dll, shortcut, sketchup, software, sptd.sys, start menu, sttray.exe, studio, svchost.exe, system, unhide, usb, vista, visual studio, werbung |
Linear-Darstellung
