Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java-Scriptvirus JS/Decdec.psc

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.02.2012, 20:42   #1
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Hallo!

Als Ersteller von privaten Homepages habe ich dass Problem, dass vor kurzem ein paar der Seiten vom Javascript-Virus JS/Decdec.ps (Meldung aus Avira) heimgesucht wurden. Auf meinem PC wurde nichts gefunden!

Also habe ich die Seiten gelöscht, neu beladen und alles war gut. Nach ca. 2 Wochen erneut Virenbefall!

Kann ich mich vor neuem Befall irgendwie schützen? Wie soll ich prüfen, ob der Virus nicht doch auf meinem PC ist (Malwarebytes und Avira melden nichts)? Liegt das evtl. an einer alten Webdesigner-Software?

Vielen Dank für einen Kontakt (hat mir schonmal sehr geholfen)!

Alt 07.02.2012, 08:56   #2
kira
/// Helfer-Team
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)
2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles, die Du posten möchtest)[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________

Alt 07.02.2012, 20:34   #3
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Hallo und vielen Dank, dass Du Dich meines Problems annimmst

Dann wollen wir mal starten.

Logfile HijackThis:

Code:
ATTFilter
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:55, on 07.02.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
c:\program files\avira\antivir desktop\ipmGui.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
R3 - URLSearchHook: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
O4 - HKLM\..\Run: [TrayServer] C:\MAGIX\Video_deluxe_2007_PLUS\TrayServer.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [hama.exe] C:\Users\Stefan\AppData\Roaming\Byotov\hama.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///E:/components/hidinputmonitorx.ocx
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///E:/components/A9.ocx
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} (EAFO3AXLauncher Control) - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///E:/components/wmvhdrating.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 11923 bytes
         
--- --- ---
Logfile OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.02.2012 20:25:46 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,02% Memory free
4,23 Gb Paging File | 2,99 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 178,38 Gb Free Space | 40,03% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Iminent\IMBooster\IMBooster.exe (Iminent)
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\afde06a0045b8eff499236a7a9d4115a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\84dc06c59f7bce1e6b0a1792ac24d60f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\edf330ecd1bef0a27c0d74d6503c77f7\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5aed030616241447754922b488372ae3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Services.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (EUFS) -- C:\Windows\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EuDisk) -- C:\Windows\System32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (SKYNET) -- C:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 17:11:53 | 000,000,000 | ---D | M]
 
[2011.04.01 22:15:34 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2010.12.21 23:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14729 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrayServer] C:\MAGIX\Video_deluxe_2007_PLUS\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [hama.exe] C:\Users\Stefan\AppData\Roaming\Byotov\hama.exe File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B37002-36E9-4A77-9DC4-D081363E3413}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F590491-063E-4E74-978F-82A33451A8F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F076153C-EE15-41C0-8EB0-C3697B4B3D66}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell - "" = AutoRun
O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\Shell\AutoRun\command - "" = K:\PhotoViewerAP_V207.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.07 19:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.02.07 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.02.07 19:33:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.02.01 18:22:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\.minecraft
[2012.02.01 18:22:13 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Stefan\Desktop\MinecraftSP.exe
[2012.01.23 22:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.23 22:47:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.23 22:47:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.23 22:47:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.20 19:31:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\dvdcss
[2012.01.11 15:32:55 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 15:32:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 15:32:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 15:32:51 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.11 15:32:51 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.07 19:54:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.07 19:54:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.07 19:51:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 19:51:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 19:51:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.07 19:47:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.07 19:46:57 | 000,002,485 | ---- | M] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk
[2012.02.07 19:43:57 | 000,000,160 | ---- | M] () -- C:\Users\Stefan\Desktop\Neue Internetverknüpfung.url
[2012.02.07 19:37:16 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.07 19:33:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.02.06 21:02:48 | 000,604,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.06 19:14:18 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.06 19:11:54 | 000,000,926 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk
[2012.02.06 19:11:54 | 000,000,906 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.21 11:13:22 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.21 11:13:22 | 000,607,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.21 11:13:22 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.21 11:13:22 | 000,108,406 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.07 19:43:51 | 000,000,160 | ---- | C] () -- C:\Users\Stefan\Desktop\Neue Internetverknüpfung.url
[2012.02.07 19:37:16 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.07 19:34:07 | 000,002,485 | ---- | C] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk
[2012.01.23 16:38:52 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.11.20 16:35:13 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.13 13:24:53 | 000,038,433 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.04 18:15:27 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2011.03.16 21:43:07 | 000,000,098 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2011.03.13 13:33:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011.03.04 18:11:40 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.04 18:11:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.01.23 14:19:04 | 000,038,426 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.01.20 18:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.24 10:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010.09.29 22:29:14 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat
[2010.09.27 20:44:34 | 000,006,138 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin
[2010.08.22 15:45:41 | 000,139,152 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PnkBstrK.sys
[2010.08.22 15:45:41 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.22 15:45:23 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.08.22 15:45:19 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.08.22 15:45:19 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.02.23 19:17:08 | 000,103,951 | ---- | C] () -- C:\Windows\System32\dtnet.dat
[2009.11.09 21:26:45 | 000,038,425 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2009.07.01 14:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.01 14:55:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.22 14:54:02 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.24 19:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.13 01:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Default.PLS
[2008.09.24 19:30:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.07 16:37:52 | 000,067,616 | ---- | C] () -- C:\Windows\unTMV.exe
[2008.07.12 17:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat
[2008.05.27 18:12:09 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.04.02 15:00:56 | 000,000,557 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\TheLastRipper.xml
[2008.03.31 20:49:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.03.19 17:41:12 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008.03.15 19:55:36 | 000,091,136 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.02 23:05:12 | 000,000,480 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.02.22 20:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.22 13:44:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat
[2008.02.22 13:33:27 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.01.16 14:05:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.01.16 14:05:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.01.14 13:02:18 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.01.14 10:59:00 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.12.12 16:49:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.12.12 14:45:55 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.24 12:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006.11.02 16:33:31 | 000,642,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,131,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,604,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,607,030 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,406 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.20 23:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll
[2005.09.01 15:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >
         
--- --- ---

[/CODE]

Logfile Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.02.2012 20:25:46 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,02% Memory free
4,23 Gb Paging File | 2,99 Gb Available in Paging File | 70,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 178,38 Gb Free Space | 40,03% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0201F59C-2A42-4168-B6B3-0742E5C310B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0C374FB5-C899-43F0-8440-CEF2C997466A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1518B4B1-47F0-454E-870F-A83E43BB0003}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{16CA8772-9CFC-4479-AB82-F3D0EDB737DE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1AAFA3D1-57AC-45D2-B1EC-0E67FE66E630}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1F6033E4-9018-4FFD-9DE0-AB3C2B32C051}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1F7A2B43-39B1-4595-9BD3-E9DF6500598B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{22E5DAEB-6EF8-4768-9FE9-02A3C9CF0BD0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{239A7D70-29B6-4EFE-A9DD-E931FEF69E24}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3093077A-A4DA-446A-B8A6-56926CE9987D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{327B40F8-3A96-41DD-98EF-975A84E152E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{32DA4576-3502-4566-A3F7-20C9D8BE930C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{43AC3E41-E303-413C-85B8-0575B0532089}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5A22D451-B80E-444F-BD57-CF3659A1AD5E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{64DD3AA3-6C78-468F-8C19-062A97787F6D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6C7ABAEA-94EC-4F40-A78E-F2E7FF53D3EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6D4368A2-515B-4932-B719-1184C7752B63}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6F30EEAC-6DBD-40E4-9596-39696C3F6C39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{715CA0D4-A98F-401B-AC78-89ECBDB349D3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{74808D74-C2BD-4A44-AC30-791CD7B9F552}" = lport=139 | protocol=6 | dir=in | app=system | 
"{74DA62FC-0629-4CA1-8A0F-3292C621547D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{76021415-672B-4BCA-B811-AC4BD3D956FB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{76BB8A26-5137-4959-91DE-A544DE014778}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7951D290-6C16-4660-AA11-BE856F384E45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7D9972D8-4A7D-4060-9BCD-BAB3A90EAEE9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7F51410D-E049-4FCF-99EE-85CF9E5E2E70}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{8446FBC6-5150-4991-93EC-2EC0AD81ED96}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{87E96F97-35F1-41E9-B390-7949D1AADBEA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{8A2810D4-2EE8-4E4C-8BD0-FE761B7D7D28}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{90119939-426B-49D7-97BC-0DAC63F39D81}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{96D3B22B-7AB5-4ECA-BB09-B0B3AFF16731}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ABE7A324-DFA9-488A-9D24-30BE2C720CCD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BAAAAAD3-4046-4A38-8385-980E90373444}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{BEA55080-9409-4E50-A6EF-F28CE67A7FA6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C104868A-E41F-430A-9A0E-71F1C19D55E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD8C93B5-C428-4F8F-927B-D47E4C143769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DE171572-4743-471A-8A63-D11154E857C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EC7832DF-1DED-4986-8BDA-95898C853F85}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F1DDFF17-B9F2-4235-B371-141B01438809}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FC58C0F7-580D-431C-9D23-11321A42056D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FDF1D35E-458B-4BC7-83F5-B651D7D99EC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FDF91233-0723-477B-BD79-CBF101054E7E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D254ED-9826-4CF1-ACD8-D1732D481C7A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{08488E07-A207-42AB-8C3C-6234D4396596}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{11320A4E-C369-4050-9037-652326A3953B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{15AD1714-57F8-45D4-BB36-38FB0005CA13}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{17928989-23AD-45A1-B328-F4E7B48D9D42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{180BC910-87AD-4BE4-9CF0-4CD1A942FE0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1C29A5E9-1F6B-4E23-801C-EA30A51E1972}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1C37DE41-E3BF-427A-9BE5-6ECA3FAE25FB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1D5A908B-8BFA-4831-A11F-3D1430B9C6D7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2825FD05-8E9E-4F6B-991E-5CFEEA5F841E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2E46EB3C-480D-4D0E-AF80-572C3B12DE95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2EC05C3B-AF24-4E33-BFFE-7081C60BF964}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2EDF8A3C-2FCF-40D4-8DBB-3DEBD09C146C}" = protocol=6 | dir=in | app=c:\program files\lgnas\nasdetector\nasdetector.exe | 
"{2FFBBAFD-24F9-491A-9C9B-5C53047559C5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{36AB7289-69E8-4406-9ACB-D849CBC89157}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{395C9D7B-C4AC-454E-A9C9-A27ED810A8B6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3CDFB4C1-B800-4D04-B0AE-36EFC87CB051}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3D8EA1C3-8B1D-4F13-B5E2-ED0336057A24}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3F95A07C-1F03-4610-A52B-9F5856D9DFC8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4130BA16-172C-4907-9EAD-6444ECE778FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{41CB5248-31AC-40D4-B543-E959845B6369}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4223D670-0C76-493C-97FC-48EDAD66CD39}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{436C73AB-F50A-42DC-909C-357E7BACD274}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4A6A6F1F-946A-475C-92C2-04682888C7A9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4B126F9E-065A-470F-9C57-52CB0D311214}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4BE09AE3-8CEA-4D5A-83F6-9B259977B5A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4C920248-1C27-42F6-A992-8940750818D0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4EDAAC79-8CE8-4EDC-89B4-5A453A79A54C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5296BD95-B0C9-41C8-892E-4EBDD6228956}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{55769CE4-6FD5-4D49-AA8A-2F6497F362AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5FE68731-57D6-4BBE-A189-4CDD3DEB8EA4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{637E056F-BB80-44AA-83D0-18D13BC5D005}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6A7CB09F-4801-48DC-BAFA-6BD594F30F17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6D6E7386-1D55-459D-928F-B099D1F5CDD8}" = protocol=6 | dir=in | app=c:\program files\iminent\imbooster\imbooster.exe | 
"{6F3ECAFA-4177-48A7-94A8-6B6DAE4F9A2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7011A1BC-C5F3-4374-81B3-81493CD9B1C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{705A9499-0508-4DB6-A0DA-B07CB757CB71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{712F08D0-B161-4F7E-B97A-01B05C400584}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7329836A-FF09-48A1-85E6-9FCE61342786}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{74DC73B1-AEAB-46BE-AF7B-9676ADA91C79}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{75D38908-D88F-4BCD-8673-ACBA9F14C821}" = protocol=6 | dir=out | app=c:\program files\iminent\mmserver\iminent.mmserver.exe | 
"{79B7172D-5A63-4FD2-A06D-789F731AABD2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7BE8CB32-F8AF-44F9-9EB4-CA3F3D28B706}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7C352E82-A9AE-4161-A086-6A7FDB17CB58}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{82CCB4E1-227E-431E-8A38-6A6F97BE8229}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8365281E-FE34-4F34-ACFC-BB8639624FBE}" = protocol=6 | dir=in | app=c:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8A7CBBDB-F778-4169-9CF9-06BE3DB69BB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8AAAE017-0EEE-4EFE-BEE9-AD38B6809B3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F8628ED-03FB-459A-9828-7FAF30B5029F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8FEA870F-A015-41D5-B12C-B48681121F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{90CFDA12-EC19-4C9C-93BD-4D5F0DF0B93C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{91279B02-AC12-4F1E-9045-79C9BDED63A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9170DEBD-144B-42BF-92FB-5492B0B97876}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{92DAADF2-E286-41EA-AD09-4CE91022D5AF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{977C7884-AED8-430E-9144-1338B53EBDAC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{98C48465-0D56-46F2-AFBA-4F1826F61E23}" = protocol=17 | dir=in | app=c:\program files\lgnas\nasdetector\nasdetector.exe | 
"{9B0936E0-523C-4AB4-982B-4BB8AC559731}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9CC6AE99-3770-4BD5-ABE1-8B0C4E4DCB8A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9F4A847F-D43B-42E3-AD21-5688C065B128}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{A1CC2240-AEF8-4204-B042-CD1095CC280D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A25973C6-12CF-4C19-AF17-86BDFB75B5B8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A3732A94-E176-4A4F-B187-D744E879CF77}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{A76CDABD-2FB8-43DE-80E2-B8BD9FC372FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A8109008-5F0E-46FF-9DAC-D1CBCEFC9376}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A90B3C99-CF4F-4544-835B-9E8BDA060145}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{A9DBA0F3-E2BF-4D3F-9A76-39C9A0947EBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AC3A0640-F4C2-4B7E-B8B4-413A71852736}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AC9635B3-D98E-4D91-8B97-2CD66B5783E8}" = protocol=6 | dir=out | app=c:\program files\iminent\imbooster\imbooster.exe | 
"{B1747447-BF0E-422B-B6B7-E4A8E68AF401}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B2853FF3-0A8E-43D7-8CC4-3219CF3221C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B40D92F6-73DA-4845-BCCB-426269BC6EEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B628B371-F445-49D8-B181-97125F42E99E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BAB63DAB-B2DE-4371-AE2E-135634F56F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BC894A4C-B3BD-4CB5-9063-20D69D9E44FA}" = protocol=6 | dir=in | app=c:\program files\iminent\mmserver\iminent.mmserver.exe | 
"{BEB7F258-7ED2-46F9-ADA2-9A07451B427C}" = protocol=6 | dir=in | app=c:\users\stefan\downloads\landmaschinen2011\sweetimsetup.exe | 
"{C2E53F8F-64CD-49C6-8D66-3CDF0F739606}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C2E57F66-7940-429E-8FF5-CBF18FB5B1E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C3A4033A-3F0F-419C-ACE5-BEC637D3D1DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C58D1DCD-EE4E-4840-8553-81311D85DC70}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C663D907-5F36-46D4-891B-2F9126AD1BE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C6D3DF86-C56D-4A0D-A9B7-451108644B9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CCA07642-C99D-461B-990F-A2E81292271F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CDE31234-C3CC-45AB-BAF1-08B2356C4393}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D089D7B7-95C5-4821-8AB4-9D5021A0F7C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D3EF62A3-F4B2-4A3C-AC80-B64A40991BF1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D565D3CA-4C44-4462-98CD-C71E9E5292B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D8286C37-31A3-456B-96E7-51C01B820700}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D9B3EA17-0C0D-45BD-8AF6-4EA77EA2F314}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DC69D7D6-C91D-4829-87D1-360A048FD903}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DF221089-7BD5-46C6-A634-E80D1DF92CE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E635663D-12F6-4FC4-8DC2-12AA1BBF5A15}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E8B60ED1-4A67-43E2-A373-8193F101C35E}" = protocol=17 | dir=in | app=c:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E8B6F1F3-99E0-471C-8124-940E991DDC39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{F1CE6CA0-8BDB-4DFA-BBA9-872AA517DDC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F315DCD3-0B59-4F42-9BE3-B66552AAA5F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F620B9FB-98CB-4821-8A5F-5BB2D90E42D4}" = protocol=17 | dir=in | app=c:\users\stefan\downloads\landmaschinen2011\sweetimsetup.exe | 
"{F6548B0C-5362-4354-AF36-28E59F03792C}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{F66CB2D4-D35C-45CD-8E6F-E2EC92917714}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F96A2944-D4AF-453E-A674-38E75BBA035C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FAE6C358-C4A9-4B18-92D4-4665779AE73D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FC52596E-010B-41B6-81A0-33F919895C11}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{10ECA3A8-B5F2-4F81-8B66-DBF220F8976F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{3B497CA2-34F2-46FD-825C-CDD8F6340BFB}C:\team17\worms2\frontend.exe" = protocol=6 | dir=in | app=c:\team17\worms2\frontend.exe | 
"TCP Query User{412001A3-3FF8-428D-8B53-A4274F1BA699}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{4EF09714-D2F2-4879-9159-F27352479B1C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{549B736E-6DC4-4FD9-BBB2-1B6752134463}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{B67DBBF1-ACE6-4D5E-BE22-3BBEB8B1037D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{C42D7F3E-7804-4177-8A1C-0940A55A7379}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"TCP Query User{CF8E1166-9340-4BA5-BBD1-3DDDAA12375C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{D01091A6-C9CC-4242-BC86-3899BCA700A7}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"TCP Query User{D33545E8-764C-4394-AFED-5AC272B6F744}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{E43557DA-AF16-421B-A49A-415280A38953}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{EB6A1FF4-4C10-49E9-ACF9-B57380E9C389}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{ED9E25E4-1781-49F9-B0B6-43F5300E3B25}C:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{01E375B9-E3CB-460A-B3A6-27EE354E1077}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe | 
"UDP Query User{0683E01C-8237-41D2-A849-0EE87465F524}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{11730B34-FDDE-4A85-AFA0-DEC333F78C5B}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe | 
"UDP Query User{1D131489-9A37-40E8-872C-75D3246BFD3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{377AA072-31ED-4073-86F2-4065960F001E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{3CAB603B-C142-47B7-B07A-17AC38774F05}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{437BE1CB-487A-434B-B399-FE4C0403B89D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{4FF3F819-CF78-4F6C-B58F-7924EBFEE8DA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{5001422C-26EE-4188-8334-0DC78F453230}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{55862774-3A6E-498E-B9A1-AD30B2581E67}C:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{724EED51-F6B8-4BA0-A49D-F1675AB8C270}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{AEF77A85-1C1D-4899-A3D6-8FE8D0556E34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E7585E13-A285-46CD-A494-941D998BC189}C:\team17\worms2\frontend.exe" = protocol=17 | dir=in | app=c:\team17\worms2\frontend.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{241E9E85-7173-4AEC-9EE4-82A205EE6075}" = Application Suite
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59DC43FF-8F26-40B2-A566-C69C9457BF7D}" = Moorhuhn Soccer
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81388290-5DFA-493E-83D6-244B652DE5AA}" = LG NASDetector
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A05BD6BC-4710-402C-8BF3-B72A09119AE5}" = Doodle Outlook Plugin
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-12-16
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B82157D3-6D31-4650-93B4-FC39BB08D6CE}" = AAVUpdateManager
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}" = Motorola Mobile Drivers Installation 5.1.0
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4BA029E-0303-48D2-B9F9-2763D468DC64}" = MainConcept DTV Decoder Standard
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E38DA569-3CC2-4E9A-BAE2-77D9295DE734}" = Motorola Software Update
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.22
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F33D9B-49B4-4D17-B1D9-CA16E9E65062}" = Iminent
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.4.2
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCon" = AudioCon
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AudioNoise_is1" = AudioNoise 1.3.2
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bagger-Simulator 2008" = Bagger-Simulator 2008
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Catan - Das Kartenspiel MMP" = Catan - Das Kartenspiel MMP
"Catan Online Welt" = Catan Online Welt
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeWallet Pro 2006 Desktop Companion" = CodeWallet Pro 2006 Desktop Companion
"CodeWallet Pro 2006 for Windows Mobile" = CodeWallet Pro 2006 for Windows Mobile
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DVBViewer_is1" = DVBViewer Technisat Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.3.1117
"Free Monitor for Google_is1" = Free Monitor for Google 2.4
"Free Video Dub_is1" = Free Video Dub version 2.0.0.1117
"Free Video to Android Converter_is1" = Free Video to Android Converter version 2.2.17.324
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.0.1117
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.19.324
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.38.517
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IMBoosterARP" = Iminent
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 (D)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)
"MAGIX Video deluxe 2007 PLUS D" = MAGIX Video deluxe 2007 PLUS (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MotoHelper" = MotoHelper 2.0.46 Driver 5.0.0
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"ResInfo" = WR-Tools ResInfo
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"Scriptdoc" = Windows Script V5.6 Dokumentation
"SuperMailer" = SuperMailer 5.00
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Vistumbler" = Vistumbler
"VLC media player" = VLC media player 1.1.8
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"Worms2" = Worms2
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2010 14:45:24 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul SearchSpider.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x49272c86, Ausnahmecode 0xc0000005, Fehleroffset 0x02763568,  Prozess-ID 0x1d0, 
Anwendungsstartzeit 01cadcca5a99b4cd.
 
Error - 15.04.2010 14:45:28 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00039747,  Prozess-ID 0x7ec, Anwendungsstartzeit
 01cadcca6070c32d.
 
Error - 15.04.2010 15:50:56 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.04.2010 15:50:56 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2010 10:25:21 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2010 10:25:21 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2010 10:28:32 | Computer Name = Stefan-PC | Source = Windows Search Service | ID = 3024
Description = 
 
Error - 17.04.2010 03:49:48 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.04.2010 03:49:48 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.04.2010 05:13:49 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003969b,  Prozess-ID 0x17d8, Anwendungsstartzeit
 01cade0e3dbc4d93.
 
[ OSession Events ]
Error - 13.11.2009 15:57:09 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 10.08.2010 17:24:37 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.10.2010 13:03:25 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 380
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 05.01.2011 17:29:30 | Computer Name = Stefan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 142
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 16.01.2012 13:29:03 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 20.01.2012 14:19:41 | Computer Name = Stefan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 20.01.2012 14:20:58 | Computer Name = Stefan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 20.01.2012 14:22:14 | Computer Name = Stefan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 20.01.2012 14:22:45 | Computer Name = Stefan-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 23.01.2012 11:11:36 | Computer Name = Stefan-PC | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
Error - 23.01.2012 16:50:27 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 26.01.2012 15:37:16 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 06.02.2012 16:02:50 | Computer Name = Stefan-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker HP DeskJet 970Cxi nicht unter 
dem Namen HP DeskJet 970Cxi freigeben. Fehler: 2114. Der Drucker kann nicht von 
anderen Benutzern im Netzwerk verwendet werden.
 
Error - 06.02.2012 16:02:50 | Computer Name = Stefan-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker CIB pdf brewer nicht unter dem
 Namen CIB pdf brewer freigeben. Fehler: 2114. Der Drucker kann nicht von anderen
 Benutzern im Netzwerk verwendet werden.
 
 
< End of report >
         
--- --- ---

[/CODE]
__________________

Alt 07.02.2012, 20:35   #4
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Hier der Rest!

Ccleaner Installierte Programme

Code:
ATTFilter
7-Zip 9.20		05.02.2012	2,86MB	
AAVUpdateManager	Akademische Arbeitsgemeinschaft	19.02.2011	18,5MB	15.00.0000
Adobe AIR	Adobe Systems Incorporated	05.02.2012	30,1MB	2.7.0.19530
Adobe Community Help	Adobe Systems Incorporated.	05.02.2012	5,70MB	3.4.980
Adobe Download Assistant	Adobe Systems Incorporated	05.02.2012	2,91MB	1.0.2
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	05.02.2012		11.1.102.55
Adobe Reader X (10.1.0) - Deutsch	Adobe Systems Incorporated	15.06.2011	165,3MB	10.1.0
Adobe Shockwave Player 11	Adobe Systems, Inc.	05.02.2012		11
Adobe Widget Browser	Adobe Systems Incorporated.	05.02.2012	2,18MB	2.0 Build 230
AGEIA PhysX v7.11.13	AGEIA Technologies, Inc.	26.08.2011	99,7MB	7.11.13
Amazon MP3-Downloader 1.0.9		05.02.2012	1,67MB	
Application Suite		05.02.2012	0,78MB	
AudioCon	Basement Softworks	05.02.2012	1,71MB	1.0
Audiograbber 1.83 SE	Audiograbber Deutschland	28.12.2009		1.83 SE
Audiograbber Lame-MP3-Plugin	AG	05.02.2012	4,63MB	1.0
AudioNoise 1.3.2	Marc Scherer	10.11.2011	0,98MB	
Avidemux 2.5		05.02.2012	33,3MB	2.5.4.6714
Avira Free Antivirus	Avira	05.02.2012	162,2MB	12.0.0.872
AVM FRITZ!Box Dokumentation	AVM Berlin	05.02.2012	4,73MB	
AVM FRITZ!Box Druckeranschluss	AVM Berlin	05.02.2012		
Bagger-Simulator 2008		05.02.2012	139,5MB	
Canon CanoScan Toolbox 5.0		05.02.2012	8,88MB	
CanoScan LiDE 70		05.02.2012		
Catan - Das Kartenspiel MMP	Catan GmbH	05.02.2012		2.0
Catan Online Welt	Catan GmbH	05.02.2012	210MB	3.576
CCleaner	Piriform	06.02.2012	3,60MB	3.15
CIB pdf brewer 2.5.22	CIB software GmbH	04.01.2009	11,6MB	2.5.22
CodeWallet Pro 2006 Desktop Companion	Developer One	05.02.2012	4,48MB	6.60
CodeWallet Pro 2006 for Windows Mobile	Developer One	05.02.2012	4,35MB	6.51
Compatibility Pack für 2007 Office System	Microsoft Corporation	16.12.2011		12.0.6612.1000
CorelDRAW Graphics Suite 11	Corel Corporation	09.01.2011	228MB	11
Designer 2.0	fotobuch.de AG	09.01.2010	48,5MB	7.7.7
Digital Image Recovery 1.47	Alexander Grau	05.02.2012	0,82MB	
DivX-Setup	DivX, LLC	05.02.2012	3,53MB	2.6.1.5
dm-Fotowelt		05.02.2012	303MB	
Doodle Outlook Plugin	Doodle AG	03.10.2009	1,18MB	1.0.20
DriveImage XML (Private Edition)	Runtime Software	05.02.2012	3,05MB	2.22
Dropbox	Dropbox, Inc.	05.02.2012	25,4MB	1.2.51
DVBViewer Technisat Edition	CM&V	03.02.2011	3,56MB	
DVD Flick 1.3.0.7	Dennis Meuwissen	22.02.2011	43,2MB	1.3.0.7
EASEUS Todo Backup Home 2.0	CHENGDU YIWO Tech Development Co., Ltd	12.03.2011	111,6MB	2.0.0.1
Evernote v. 4.4.2	Evernote Corp.	01.08.2011	139,1MB	4.4.2.4912
Firebird SQL Server - MAGIX Edition	MAGIX AG	15.01.2008	6,57MB	2.0.1.8
Free Audio CD Burner version 1.4.8	DVDVideoSoft Limited.	28.05.2011	3,15MB	
Free DVD Video Burner version 3.1.3.1117	DVDVideoSoft Ltd.	21.11.2011	10,4MB	
Free Monitor for Google 2.4	CleverStat	24.04.2009	2,42MB	
Free Video Dub version 2.0.0.1117	DVDVideoSoft Ltd.	21.11.2011	2,54MB	
Free Video to Android Converter version 2.2.17.324	DVDVideoSoft Limited.	05.04.2011	2,97MB	
Free Video to DVD Converter version 5.0.0.1117	DVDVideoSoft Ltd.	21.11.2011	11,3MB	
Free Video to MP3 Converter version 4.2.19.324	DVDVideoSoft Limited.	15.04.2011	3,07MB	
Free WAV to MP3 Converter	Polaris-Software.com	05.02.2012	13,4MB	1.17
Free YouTube Download version 2.10.33.324	DVDVideoSoft Limited.	31.03.2011	3,55MB	
Free YouTube to MP3 Converter version 3.9.38.517	DVDVideoSoft Limited.	28.05.2011	4,12MB	
Google Earth	Google	17.11.2011	92,8MB	6.1.0.5001
GPL MPEG-1/2 DirectShow Decoder Filter	Peter Wimmer	30.10.2011	0,25MB	0.1.2
HiJackThis	Trend Micro	06.02.2012	0,36MB	1.0.0
Iminent	Iminent	05.02.2012	16,4MB	4.10.0.0
InterActual Player		05.02.2012	3,63MB	
IrfanView (remove only)	Irfan Skiljan	05.02.2012	1,93MB	4.27
Java(TM) 6 Update 30	Oracle	28.09.2010	94,9MB	6.0.300
Juniper Networks Host Checker	Juniper Networks	05.11.2011	8,13MB	7.1.0.19243
Juniper Networks, Inc. Setup Client	Juniper Networks, Inc.	05.11.2011	1,67MB	7.1.4.13103
Landwirtschafts Simulator 2008	astragon Software GmbH	26.08.2011	72,9MB	
Landwirtschafts Simulator 2011	GIANTS Software	10.11.2011	774MB	1.0
LetsTrade Komponenten		05.02.2012	19,6MB	
LG NASDetector	LG Electronics Inc.	31.08.2011	5,14MB	1.00.0000
Logitech Harmony Remote Software	Logitech	26.02.2011	0,69MB	0.6.0201
Logitech Webcam Software	Logitech Inc.	05.02.2012		2.0
Macromedia Dreamweaver MX 2004	Macromedia	05.02.2012	146,9MB	7.0
Macromedia Extension Manager	Macromedia	05.02.2012	3,76MB	1.5
Macromedia Fireworks MX 2004	Macromedia	05.02.2012	45,1MB	7
MAGIX Foto Clinic 5.5 (D)	MAGIX AG	15.03.2011	11,1MB	5.5.23.0
MAGIX Foto Manager 2007 (D)	MAGIX AG	15.03.2011	114,6MB	4.0.1.161
MAGIX Goya burnR (D)	MAGIX AG	15.03.2011	33,8MB	1.3.0.9
MAGIX Music Manager 2006 (D)	MAGIX AG	15.03.2011	46,2MB	7.2.0.133
MAGIX Online Druck Service (D)	MAGIX AG	15.03.2011	9,41MB	2.3.2.0
MAGIX Video deluxe 2007 PLUS (D)	MAGIX AG	15.03.2011	3.222MB	6.5.0.23
MainConcept DTV Decoder Standard	MainConcept AG	06.04.2008	7,60MB	1.1.15295.1
MakeDisc	CyberLink Corp.	05.02.2012	101,3MB	3.0.2203
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	05.02.2012	4,80MB	1.60.1.1000
MCE Software Encoder 1.1	CyberLink Corporation	05.02.2012	1,32MB	1.1.0.1918
MediaShow	CyberLink Corporation	05.02.2012	33,1MB	3.0.4325
Microsoft .NET Framework 1.1		05.02.2012		
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	05.02.2012	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	05.02.2012	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	05.02.2012	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	05.02.2012	24,5MB	4.0.30319
Microsoft Office Enterprise 2007	Microsoft Corporation	05.02.2012	472MB	12.0.6612.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	13.09.2011	7,92MB	14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	05.02.2012	300MB	12.0.6612.1000
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	16.12.2011		12.0.6612.1000
Microsoft Primary Interoperability Assemblies 2005	Microsoft Corporation	03.09.2011	7,77MB	8.0.50727.42
Microsoft Silverlight	Microsoft Corporation	11.10.2011		4.0.60831.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	27.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	27.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	26.02.2011	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	09.07.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	21.03.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	14.05.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	15.10.2011	12,3MB	10.0.40219
Microsoft Works	Microsoft Corporation	16.12.2010		9.7.0621
Moorhuhn Soccer		05.02.2012	21,7MB	1.00.0000
MotoHelper 2.0.46 Driver 5.0.0	Motorola	05.02.2012	2,65MB	2.0.46
Motorola Software Update	Motorola	12.06.2011	58,6MB	01.16.10
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	12.12.2007	1,27MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	08.01.2008	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	13.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.11.2009	1,34MB	4.20.9876.0
MSXML 4.0 SP3 Parser	Microsoft Corporation	21.07.2011	1,48MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	23.07.2011	1,54MB	4.30.2107.0
MyPhoneExplorer	F.J. Wechselberger	05.02.2012	11,1MB	1.8.0
Nero 8 Essentials	Nero AG	13.01.2008	1.536MB	8.2.87
Nero BackItUp	Nero AG	03.09.2011	101,3MB	5.2.24001
Nero BackItUp and Burn	Nero AG	03.09.2011	318MB	1.2.0031.1
Nero BurnRights	Nero AG	03.09.2011	4,36MB	3.6.26001
Nero Express	Nero AG	03.09.2011	197,3MB	9.6.16000
Nero RescueAgent	Nero AG	03.09.2011	5,19MB	2.6.26000
NVIDIA Drivers		05.02.2012		
Picasa 3	Google, Inc.	05.02.2012	56,9MB	3.8
PL-2303 USB-to-Serial	Prolific Technology INC	19.11.2010	2,37MB	1.3.0
PowerDirector	CyberLink Corp.	08.01.2008	233MB	6.5.2209a
PowerDVD	CyberLink Corporation	05.02.2012	87,2MB	7.0.3118.0
PowerProducer		05.02.2012	190,2MB	
Pro Evolution Soccer 2012 DEMO	KONAMI	20.09.2011	1.439MB	1.00.0000
PunkBuster Services	Even Balance, Inc.	05.02.2012		0.987
QuickTime	Apple Inc.	13.01.2008	76,9MB	7.3.1.70
RealPlayer	RealNetworks	05.02.2012	46,3MB	
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	11.12.2007	15,6MB	6.0.1.5512
Rossmann Fotoservice		26.09.2010	14,6MB	
Rossmann Online Print Wizard Installer 1.0		05.02.2012	0,68MB	
SIW version 2008-12-16	Topala Software Solutions	21.02.2009	2,45MB	2008.12.16
Skype™ 5.5	Skype Technologies S.A.	19.11.2011	19,1MB	5.5.124
Steuer-Spar-Erklärung 2008	Akademische Arbeitsgemeinschaft	26.05.2008	155,0MB	13.01.0000
Steuer-Spar-Erklärung 2009	Akademische Arbeitsgemeinschaft Verlag	25.05.2009	265MB	14.01.0000
Steuer-Spar-Erklärung 2010	Akademische Arbeitsgemeinschaft Verlag	26.09.2010		15.13
Steuer-Spar-Erklärung 2011	Akademische Arbeitsgemeinschaft Verlag	29.08.2011		16.14
SuperMailer 5.00		05.02.2012	18,5MB	
SweetIM for Messenger 3.6	SweetIM Technologies Ltd.	10.11.2011	4,76MB	3.6.0002
SweetIM Toolbar for Internet Explorer 4.2	SweetIM Technologies Ltd.	10.11.2011	4,13MB	4.2.0004
TechniSat DVB-PC TV Star	TechniSat	03.02.2011	4,04MB	4.3.3
TmNationsForever	Nadeo	29.06.2010	717MB	
Ulead PhotoImpact 12	Ulead System	05.02.2012	389MB	12.0
Uninstall 1.0.0.1		28.05.2011	20,6MB	
Unity Web Player	Unity Technologies ApS	16.09.2010	80,00KB	2.6.1f3_31223
Vistumbler		05.02.2012	6,81MB	
VLC media player 1.1.8	VideoLAN	05.02.2012	78,1MB	1.1.8
Windows Mobile-Gerätecenter	Microsoft Corporation	30.03.2008	27,5MB	6.1.6965.0
Windows Mobile-Gerätecenter: Treiberupdate	Microsoft Corporation	30.03.2008	42,4MB	6.1.6965.0
Windows Mobile-Ressourcen	Microsoft Corporation	05.02.2012	7,20MB	1.0
Windows Script V5.6 Dokumentation		05.02.2012		
WinZip 15.0	WinZip Computing, S.L. 	12.06.2011	36,2MB	15.0.9411
WISO Mein Geld 2008 Professional	Buhl Data Service GmbH	13.01.2008	167,5MB	9.00.01.0023
Worms2		05.02.2012	46,9MB	
WR-Tools ResInfo		05.02.2012		
X10 Hardware(TM)		05.02.2012	28,00KB
         
Viele Grüße!

Stefan

Alt 08.02.2012, 09:24   #5
kira
/// Helfer-Team
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



1.
nicht empfohlen, ich würde deinstallieren (Magnet für Malware) :
unter `Systemsteuerung -->Software -->Ändern/Entfernen...`
Code:
ATTFilter
SweetIM for Messenger 
SweetIM Toolbar for Internet Explorer
         
2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

5.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 08.02.2012, 22:18   #6
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



hallo!

vielen dank für die tolle betreuung. bin heute leider nur zu den punkten 1 und 2 gekommen. morgen abend mache ich weiter...

stefan

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

08.02.2012 19:09:09
mbam-log-2012-02-08 (19-09-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 527291
Laufzeit: 2 Stunde(n), 53 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 09.02.2012, 22:40   #7
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Und weiter...

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.02.2012 22:31:13 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,68% Memory free
4,24 Gb Paging File | 3,16 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 176,47 Gb Free Space | 39,60% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Iminent\IMBooster\IMBooster.exe (Iminent)
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\afde06a0045b8eff499236a7a9d4115a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\84dc06c59f7bce1e6b0a1792ac24d60f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\edf330ecd1bef0a27c0d74d6503c77f7\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5aed030616241447754922b488372ae3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Services.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll ()
MOD - C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MotoHelper) -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (EASEUS Agent) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (AAV UpdateService) -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (EUFS) -- C:\Windows\system32\drivers\eufs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDSKACS) -- C:\Windows\System32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\Windows\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EuDisk) -- C:\Windows\System32\drivers\EuDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (SKYNET) -- C:\Windows\System32\drivers\SkyNET.sys (TechniSat Digital, S.A.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 17:11:53 | 000,000,000 | ---D | M]
 
[2011.04.01 22:15:34 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2010.12.21 23:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14729 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [TrayServer] C:\MAGIX\Video_deluxe_2007_PLUS\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [hama.exe] C:\Users\Stefan\AppData\Roaming\Byotov\hama.exe File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B37002-36E9-4A77-9DC4-D081363E3413}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F590491-063E-4E74-978F-82A33451A8F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F076153C-EE15-41C0-8EB0-C3697B4B3D66}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell - "" = AutoRun
O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\Shell\AutoRun\command - "" = K:\PhotoViewerAP_V207.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.08 19:07:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.07 19:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.02.07 19:34:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.02.07 19:33:48 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.02.01 18:22:37 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\.minecraft
[2012.02.01 18:22:13 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Stefan\Desktop\MinecraftSP.exe
[2012.01.23 22:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.23 22:47:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.01.23 22:47:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.01.23 22:47:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.01.20 19:31:45 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\dvdcss
[2012.01.11 15:32:55 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 15:32:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 15:32:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 15:32:51 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.11 15:32:51 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.09 22:27:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.09 22:26:56 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 22:26:55 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 22:26:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.08 22:21:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.08 21:54:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.07 19:46:57 | 000,002,485 | ---- | M] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk
[2012.02.07 19:43:57 | 000,000,160 | ---- | M] () -- C:\Users\Stefan\Desktop\Neue Internetverknüpfung.url
[2012.02.07 19:37:16 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.07 19:33:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.02.06 21:02:48 | 000,604,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.06 19:14:18 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.06 19:11:54 | 000,000,926 | ---- | M] () -- C:\Users\Stefan\Desktop\Dropbox.lnk
[2012.02.06 19:11:54 | 000,000,906 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.21 11:13:22 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.21 11:13:22 | 000,607,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.21 11:13:22 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.21 11:13:22 | 000,108,406 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.07 19:43:51 | 000,000,160 | ---- | C] () -- C:\Users\Stefan\Desktop\Neue Internetverknüpfung.url
[2012.02.07 19:37:16 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.07 19:34:07 | 000,002,485 | ---- | C] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk
[2012.01.23 16:38:52 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.11.20 16:35:13 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2011.08.19 10:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 10:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 10:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 07:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.13 13:24:53 | 000,038,433 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.04 18:15:27 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2011.03.16 21:43:07 | 000,000,098 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2011.03.13 13:33:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011.03.04 18:11:40 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.04 18:11:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.01.23 14:19:04 | 000,038,426 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.01.20 18:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.24 10:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010.09.29 22:29:14 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat
[2010.09.27 20:44:34 | 000,006,138 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin
[2010.08.22 15:45:41 | 000,139,152 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PnkBstrK.sys
[2010.08.22 15:45:41 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.22 15:45:23 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.08.22 15:45:19 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.08.22 15:45:19 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.02.23 19:17:08 | 000,103,951 | ---- | C] () -- C:\Windows\System32\dtnet.dat
[2009.11.09 21:26:45 | 000,038,425 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2009.07.01 14:55:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.01 14:55:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.22 14:54:02 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.01.24 19:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.13 01:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Default.PLS
[2008.09.24 19:30:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.07 16:37:52 | 000,067,616 | ---- | C] () -- C:\Windows\unTMV.exe
[2008.07.12 17:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat
[2008.05.27 18:12:09 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.04.02 15:00:56 | 000,000,557 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\TheLastRipper.xml
[2008.03.31 20:49:46 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.03.19 17:41:12 | 000,210,944 | ---- | C] () -- C:\Windows\System32\Msvcrt10.dll
[2008.03.15 19:55:36 | 000,091,136 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.02 23:05:12 | 000,000,480 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.02.22 20:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.22 13:44:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat
[2008.02.22 13:33:27 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.01.16 14:05:14 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.01.16 14:05:14 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.01.14 13:02:18 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.01.14 10:59:00 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.12.12 16:49:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.12.12 14:45:55 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.04.24 12:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2006.11.02 16:33:31 | 000,642,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,131,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,604,856 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,607,030 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,406 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.20 23:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll
[2005.09.01 15:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC

< End of report >
         
--- --- ---


[/CODE]

Code:
ATTFilter
OTL Extras logfile created on: 09.02.2012 22:31:13 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 51,68% Memory free
4,24 Gb Paging File | 3,16 Gb Available in Paging File | 74,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 176,47 Gb Free Space | 39,60% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 10,84 Gb Free Space | 53,81% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Cen
         

Alt 09.02.2012, 22:53   #8
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Gmer ist mit einem Fehler abgebrochen!

Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\00000058 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
C:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x82E62912] -> \Device\Harddisk0\DR0[0x86A102A8]
3 CLASSPNP[0x88DB98B3] -> ntkrnlpa!IofCallDriver[0x82E62912] -> [0x85E5D260]
5 acpi[0x806936BC] -> ntkrnlpa!IofCallDriver[0x82E62912] -> \Device\00000058[0x85E03030]
kernel: MBR read successfully
user & kernel MBR OK
         
Bis bald ;-)

Alt 10.02.2012, 09:12   #9
kira
/// Helfer-Team
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
Zitat:
Firebird SQL-Server
unter `Systemsteuerung -> Software/Programme
Firebird SQL Server - mit MAGIX wird `automatisch` installiert. Falls nicht benötigst, kannst Du bedenkslos deinstallieren
Du hast einen Server mit einer Datenbank (er wird automatisch und ungefragt bei der Installation der Magix-Programme mitinstalliert, aber von den meisten Usern gar nicht benötigt)
Jedes Mal wenn Du das Programm Magix startest, ein Script dafür sorgt, das alle vorhandenen Datensätze der Datenbank werden aufgerufen, die wiederum meisten gar nicht benötigen...


3.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKCU..\Run: [hama.exe] C:\Users\Stefan\AppData\Roaming\Byotov\hama.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell - "" = AutoRun
O33 - MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\Shell\AutoRun\command - "" = F:\setup.exe -a
O33 - MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\Shell\AutoRun\command - "" = K:\PhotoViewerAP_V207.exe
[2012.02.09 22:27:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.08 21:54:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

4.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 12.02.2012, 22:17   #10
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Hallo!

1.) Windows defender deaktiviert
2.) Firebird SQL-Server deinstalliert
3.) Fixen mit OTL => FÜHRT ZU ABBRUCH!!!!!!!
4.) CCleaner: durchgeführt
5.) SUPERAntiSpyware: durchgeführt
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/12/2012 at 09:43 PM

Application Version : 5.0.1144

Core Rules Database Version : 8230
Trace Rules Database Version: 6042

Scan type       : Complete Scan
Total Scan Time : 01:53:24

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 755
Memory threats detected   : 0
Registry items scanned    : 37150
Registry threats detected : 0
File items scanned        : 70860
File threats detected     : 213

Adware.Tracking Cookie
	C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\J5A5U3SZ.txt [ /doubleclick.net ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\alexandra@doubleclick[1].txt [ Cookie:alexandra@doubleclick.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Y551VTFI.txt [ Cookie:alexandra@apmebf.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\8YO8AABQ.txt [ Cookie:alexandra@c.atdmt.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\S4MPHKB0.txt [ Cookie:alexandra@atdmt.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adopt.euroclick[2].txt [ Cookie:alexandra@adopt.euroclick.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@at.atwola[2].txt [ Cookie:alexandra@at.atwola.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0VV6KOVS.txt [ Cookie:alexandra@ad.yieldmanager.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DOUHJ2MO.txt [ Cookie:alexandra@tracking.quisma.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YGH6M8WN.txt [ Cookie:alexandra@2o7.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads3.net2day[1].txt [ Cookie:alexandra@ads3.net2day.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@komtrack[2].txt [ Cookie:alexandra@komtrack.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@media.funpic[1].txt [ Cookie:alexandra@media.funpic.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLVE51AY.txt [ Cookie:alexandra@go.dynamic-tracking.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@e-2dj6wjlikld5whq.stats.esomniture[1].txt [ Cookie:alexandra@e-2dj6wjlikld5whq.stats.esomniture.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\XG5QUW89.txt [ Cookie:alexandra@webmasterplan.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@imrworldwide[2].txt [ Cookie:alexandra@imrworldwide.com/cgi-bin ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adserver.easyad[1].txt [ Cookie:alexandra@adserver.easyad.info/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@liveperson[3].txt [ Cookie:alexandra@liveperson.net/hc/2383438 ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@content.yieldmanager[1].txt [ Cookie:alexandra@content.yieldmanager.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MLDQ9HTD.txt [ Cookie:alexandra@eas.apm.emediate.eu/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KYC2WBG0.txt [ Cookie:alexandra@track.adform.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@data.coremetrics[1].txt [ Cookie:alexandra@data.coremetrics.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@urbia.wwe-media[2].txt [ Cookie:alexandra@urbia.wwe-media.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@msnportal.112.2o7[2].txt [ Cookie:alexandra@msnportal.112.2o7.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0YIDEBE.txt [ Cookie:alexandra@serving-sys.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@www.art2digital[1].txt [ Cookie:alexandra@www.art2digital.com/crawltrack/phpmvcrawlt/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@unitymedia[1].txt [ Cookie:alexandra@unitymedia.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RHJYXNOW.txt [ Cookie:alexandra@revsci.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@bluestreak[2].txt [ Cookie:alexandra@bluestreak.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3IOR8X4.txt [ Cookie:alexandra@adbrite.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\AJTB1K9Q.txt [ Cookie:alexandra@adtech.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYZ26J08.txt [ Cookie:alexandra@fastclick.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@statcounter[2].txt [ Cookie:alexandra@statcounter.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de.sitestat[5].txt [ Cookie:alexandra@de.sitestat.com/otto-de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads.quartermedia[1].txt [ Cookie:alexandra@ads.quartermedia.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de.sitestat[3].txt [ Cookie:alexandra@de.sitestat.com/sport1/adv1/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@sevenoneintermedia.112.2o7[1].txt [ Cookie:alexandra@sevenoneintermedia.112.2o7.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@autoscout24.112.2o7[1].txt [ Cookie:alexandra@autoscout24.112.2o7.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adserver.71i[1].txt [ Cookie:alexandra@adserver.71i.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\M7TRSH9Q.txt [ Cookie:alexandra@adfarm1.adition.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adsrv.admediate[2].txt [ Cookie:alexandra@adsrv.admediate.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\N2ZKAZIR.txt [ Cookie:alexandra@smartadserver.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de.sitestat[2].txt [ Cookie:alexandra@de.sitestat.com/sport1/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NB2O0QX1.txt [ Cookie:alexandra@doubleclick.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads2.net2day[2].txt [ Cookie:alexandra@ads2.net2day.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de2.komtrack[2].txt [ Cookie:alexandra@de2.komtrack.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@specificclick[2].txt [ Cookie:alexandra@specificclick.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ad.adnet[2].txt [ Cookie:alexandra@ad.adnet.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DI4WTD5Y.txt [ Cookie:alexandra@apmebf.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@questionmarket[2].txt [ Cookie:alexandra@questionmarket.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@server.iad.liveperson[2].txt [ Cookie:alexandra@server.iad.liveperson.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\SODF5AIT.txt [ Cookie:alexandra@bs.serving-sys.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJ030SL6.txt [ Cookie:alexandra@adform.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@hmt.connexpromotions[2].txt [ Cookie:alexandra@hmt.connexpromotions.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@zanox-affiliate[1].txt [ Cookie:alexandra@zanox-affiliate.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\R6TQINSS.txt [ Cookie:alexandra@tradedoubler.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@imgw.adbureau[1].txt [ Cookie:alexandra@imgw.adbureau.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@tracking.mlsat02[2].txt [ Cookie:alexandra@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@fl01.ct2.comclick[1].txt [ Cookie:alexandra@fl01.ct2.comclick.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YNH04701.txt [ Cookie:alexandra@poobieseuropebv.solution.weborama.fr/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\BURJJC5S.txt [ Cookie:alexandra@atdmt.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@de.sitestat[1].txt [ Cookie:alexandra@de.sitestat.com/sport1/sport1-de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adecn[1].txt [ Cookie:alexandra@adecn.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@statse.webtrendslive[1].txt [ Cookie:alexandra@statse.webtrendslive.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads.familymedia[2].txt [ Cookie:alexandra@ads.familymedia.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads2.wwe[2].txt [ Cookie:alexandra@ads2.wwe.biz/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@advertising[2].txt [ Cookie:alexandra@advertising.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adserver.schlagerportal[2].txt [ Cookie:alexandra@adserver.schlagerportal.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adserver.traffictrack[2].txt [ Cookie:alexandra@adserver.traffictrack.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L1NYMNXV.txt [ Cookie:alexandra@a.revenuemax.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\FFCN7PF2.txt [ Cookie:alexandra@track.effiliation.com/servlet/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\OIDQ5PB6.txt [ Cookie:alexandra@ww251.smartadserver.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ad1.adfarm1.adition[2].txt [ Cookie:alexandra@ad1.adfarm1.adition.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adsrv1.admediate[1].txt [ Cookie:alexandra@adsrv1.admediate.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TFYD4654.txt [ Cookie:alexandra@google.com/accounts/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@ads5.wwe[1].txt [ Cookie:alexandra@ads5.wwe.biz/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@tvtv.122.2o7[1].txt [ Cookie:alexandra@tvtv.122.2o7.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@tacoda[1].txt [ Cookie:alexandra@tacoda.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@secmedia[1].txt [ Cookie:alexandra@secmedia.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@adx.chip[1].txt [ Cookie:alexandra@adx.chip.de/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9IKOSAWM.txt [ Cookie:alexandra@www.burstnet.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\G2AIZ28T.txt [ Cookie:alexandra@ad4.adfarm1.adition.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@stat.dealtime[2].txt [ Cookie:alexandra@stat.dealtime.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@liveperson[1].txt [ Cookie:alexandra@liveperson.net/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\alexandra@zedo[1].txt [ Cookie:alexandra@zedo.com/ ]
	C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PQWQBRFO.txt [ Cookie:alexandra@accounts.google.com/ ]
	C:\USERS\ALEXANDRA\Cookies\alexandra@doubleclick[1].txt [ Cookie:alexandra@doubleclick.net/ ]
	C:\USERS\ALEXANDRA\Cookies\Y551VTFI.txt [ Cookie:alexandra@apmebf.com/ ]
	C:\USERS\ALEXANDRA\Cookies\8YO8AABQ.txt [ Cookie:alexandra@c.atdmt.com/ ]
	C:\USERS\ALEXANDRA\Cookies\S4MPHKB0.txt [ Cookie:alexandra@atdmt.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\marek@smartadserver[2].txt [ Cookie:marek@smartadserver.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\HYYB3IQC.txt [ Cookie:marek@eas.apm.emediate.eu/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@media.adrevolver[3].txt [ Cookie:marek@media.adrevolver.com/adrevolver/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adsrv.admediate[1].txt [ Cookie:marek@adsrv.admediate.net/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adsrv1.admediate[1].txt [ Cookie:marek@adsrv1.admediate.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\3MBF2ZU7.txt [ Cookie:marek@ad.yieldmanager.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@atdmt[1].txt [ Cookie:marek@atdmt.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\D7XMSJON.txt [ Cookie:marek@fastclick.net/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\4GVZFEMW.txt [ Cookie:marek@tracking.quisma.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adserver.adtechus[1].txt [ Cookie:marek@adserver.adtechus.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@ads.gamesbannernet[1].txt [ Cookie:marek@ads.gamesbannernet.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\52FF3DVY.txt [ Cookie:marek@ads2.fettspielen.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@ads.247activemedia[1].txt [ Cookie:marek@ads.247activemedia.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@www.etracker[2].txt [ Cookie:marek@www.etracker.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@a.revenuemax[1].txt [ Cookie:marek@a.revenuemax.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\H93BADIW.txt [ Cookie:marek@ad3.adfarm1.adition.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@leaderboard.olympicvideogames[2].txt [ Cookie:marek@leaderboard.olympicvideogames.com/beijing_tracking/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@ad.adserver01[2].txt [ Cookie:marek@ad.adserver01.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q2XT8Y06.txt [ Cookie:marek@apmebf.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@clkads[3].txt [ Cookie:marek@clkads.com/adServe/banners ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKA83X3K.txt [ Cookie:marek@ad1.adfarm1.adition.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\44471UKX.txt [ Cookie:marek@questionmarket.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\AM39WIOL.txt [ Cookie:marek@mediaplex.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@tracking.mlsat02[1].txt [ Cookie:marek@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\UFTDBB8P.txt [ Cookie:marek@www.compluscommediaads.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\9YGYJQ3O.txt [ Cookie:marek@ad4.adfarm1.adition.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\GWMWNAW3.txt [ Cookie:marek@adfarm1.adition.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adserver.easyad[1].txt [ Cookie:marek@adserver.easyad.info/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERYRUIWE.txt [ Cookie:marek@zanox.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\M3I2DSCF.txt [ Cookie:marek@ad.adition.net/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\2Y3N2EAY.txt [ Cookie:marek@dyntracker.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@rotator.adjuggler[1].txt [ Cookie:marek@rotator.adjuggler.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\5I46VL8I.txt [ Cookie:marek@nextag.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\NRXTUZSA.txt [ Cookie:marek@eyewonder.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@media.adrevolver[2].txt [ Cookie:marek@media.adrevolver.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\TTC543Y7.txt [ Cookie:marek@zanox-affiliate.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@statse.webtrendslive[2].txt [ Cookie:marek@statse.webtrendslive.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@tracking.3gnet[1].txt [ Cookie:marek@tracking.3gnet.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@pro-market[1].txt [ Cookie:marek@pro-market.net/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\XMI7D7X1.txt [ Cookie:marek@ad.zanox.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0JFLXRC.txt [ Cookie:marek@track.effiliation.com/servlet/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@www.active-tracking[2].txt [ Cookie:marek@www.active-tracking.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\YHQTYCRH.txt [ Cookie:marek@mobi-media.nl/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\ETW1FO73.txt [ Cookie:marek@statcounter.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\432P0VU0.txt [ Cookie:marek@content.yieldmanager.com/ak/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@www.googleadservices[1].txt [ Cookie:marek@www.googleadservices.com/pagead/conversion/1033930600/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@casalemedia[1].txt [ Cookie:marek@casalemedia.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJ9C2DQ9.txt [ Cookie:marek@www.googleadservices.com/pagead/conversion/1072741710/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\JGG9SLWE.txt [ Cookie:marek@ich.adscale.de/adserver-ich/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\C2C4JR9O.txt [ Cookie:marek@smartadserver.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@lego.112.2o7[1].txt [ Cookie:marek@lego.112.2o7.net/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\05WOQQ54.txt [ Cookie:marek@studivz.adfarm1.adition.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\MS2MGRRC.txt [ Cookie:marek@invitemedia.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@2o7[2].txt [ Cookie:marek@2o7.net/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@overture[2].txt [ Cookie:marek@overture.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@adrevolver[2].txt [ Cookie:marek@adrevolver.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\BOW7H06N.txt [ Cookie:marek@tradedoubler.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@komtrack[1].txt [ Cookie:marek@komtrack.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@tracking.mindshare[1].txt [ Cookie:marek@tracking.mindshare.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\5TOUOWA4.txt [ Cookie:marek@adx.chip.de/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\S347IVLG.txt [ Cookie:marek@webmasterplan.com/ ]
	C:\USERS\MAREK\AppData\Roaming\Microsoft\Windows\Cookies\Low\marek@clkads[2].txt [ Cookie:marek@clkads.com/adServe/ ]
	C:\USERS\MAREK\Cookies\marek@smartadserver[2].txt [ Cookie:marek@smartadserver.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\63ECPBXI.txt [ Cookie:mika@ad.zanox.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\IMZOLZJP.txt [ Cookie:mika@ad3.adfarm1.adition.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\61SYWKTM.txt [ Cookie:mika@traffictrack.de/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DZ8RH5EO.txt [ Cookie:mika@ad4.adfarm1.adition.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TUD0ESLV.txt [ Cookie:mika@unitymedia.de/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@track.effiliation[1].txt [ Cookie:mika@track.effiliation.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@ad.dyntracker[1].txt [ Cookie:mika@ad.dyntracker.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Z5OE9KI.txt [ Cookie:mika@int.sitestat.com/panasonic/de/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A74U16TS.txt [ Cookie:mika@ad1.adfarm1.adition.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@clkads[1].txt [ Cookie:mika@clkads.com/adServe/banners ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3PKHISOZ.txt [ Cookie:mika@ad.yieldmanager.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@lego.112.2o7[1].txt [ Cookie:mika@lego.112.2o7.net/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\2JPUMKIZ.txt [ Cookie:mika@adtech.de/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@clkads[2].txt [ Cookie:mika@clkads.com/adServe/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@apmebf[1].txt [ Cookie:mika@apmebf.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\A102AXIO.txt [ Cookie:mika@webmasterplan.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@mediaplex[1].txt [ Cookie:mika@mediaplex.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\DCGFWCCN.txt [ Cookie:mika@www.googleadservices.com/pagead/conversion/1057938296/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\847MPNOR.txt [ Cookie:mika@adviva.net/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@adform[1].txt [ Cookie:mika@adform.net/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3V4P69LJ.txt [ Cookie:mika@macromedia.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@bs.serving-sys[1].txt [ Cookie:mika@bs.serving-sys.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\618HYVZZ.txt [ Cookie:mika@adfarm1.adition.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@e-2dj6wgkociazolq.stats.esomniture[2].txt [ Cookie:mika@e-2dj6wgkociazolq.stats.esomniture.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@content.yieldmanager[1].txt [ Cookie:mika@content.yieldmanager.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\P6QNDDHB.txt [ Cookie:mika@fl01.ct2.comclick.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NP56PFTR.txt [ Cookie:mika@calumetphoto.122.2o7.net/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@fastclick[1].txt [ Cookie:mika@fastclick.net/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\mika@atdmt[2].txt [ Cookie:mika@atdmt.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4BL4E4OG.txt [ Cookie:mika@tracking.quisma.com/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\M4AO2EHA.txt [ Cookie:mika@zanox-affiliate.de/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZTJ19AWG.txt [ Cookie:mika@int.sitestat.com/panasonic/ ]
	C:\USERS\MIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\6QKP2ZXS.txt [ Cookie:mika@zanox.com/ ]
	C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\560VV2GP.txt [ Cookie:stefan@zanox.com/ ]
	C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\OZI41X98.txt [ Cookie:stefan@traffictrack.de/ ]
	C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\NVKGGN7J.txt [ Cookie:stefan@zanox-affiliate.de/ ]
	C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\YMQ4R92H.txt [ Cookie:stefan@apmebf.com/ ]
	C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\P1ML437M.txt [ Cookie:stefan@adtech.de/ ]
	C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\A8MF7DSA.txt [ Cookie:stefan@atdmt.com/ ]
	C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\VMU3AYYY.txt [ Cookie:stefan@mediaplex.com/ ]
	C:\USERS\STEFAN\AppData\Roaming\Microsoft\Windows\Cookies\VO53JP13.txt [ Cookie:stefan@www.zanox-affiliate.de/ ]
	C:\USERS\STEFAN\Cookies\560VV2GP.txt [ Cookie:stefan@zanox.com/ ]
	C:\USERS\STEFAN\Cookies\OZI41X98.txt [ Cookie:stefan@traffictrack.de/ ]
	C:\USERS\STEFAN\Cookies\J5A5U3SZ.txt [ Cookie:stefan@doubleclick.net/ ]
	C:\USERS\STEFAN\Cookies\NVKGGN7J.txt [ Cookie:stefan@zanox-affiliate.de/ ]
	C:\USERS\STEFAN\Cookies\YMQ4R92H.txt [ Cookie:stefan@apmebf.com/ ]
	C:\USERS\STEFAN\Cookies\P1ML437M.txt [ Cookie:stefan@adtech.de/ ]
	C:\USERS\STEFAN\Cookies\A8MF7DSA.txt [ Cookie:stefan@atdmt.com/ ]
	C:\USERS\STEFAN\Cookies\VMU3AYYY.txt [ Cookie:stefan@mediaplex.com/ ]
	C:\USERS\STEFAN\Cookies\VO53JP13.txt [ Cookie:stefan@www.zanox-affiliate.de/ ]
	memecounter.com [ C:\BACKUP\DATEIEN\LAPTOP STEFAN\DOKUMENTE UND EINSTELLUNGEN\STEFAN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PSL6X3H ]
	track.webgains.com [ C:\BACKUP\DATEIEN\LAPTOP STEFAN\DOKUMENTE UND EINSTELLUNGEN\STEFAN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PSL6X3H ]
	memecounter.com [ C:\DATEIEN\LAPTOP STEFAN\DOKUMENTE UND EINSTELLUNGEN\STEFAN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PSL6X3H ]
	track.webgains.com [ C:\DATEIEN\LAPTOP STEFAN\DOKUMENTE UND EINSTELLUNGEN\STEFAN\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6PSL6X3H ]
	C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
	C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@CUNDA.122.2O7[1].TXT [ /CUNDA.122.2O7 ]
	C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
	C:\USERS\MIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKA@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
	C:\USERS\MIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKA@INTERCLICK[1].TXT [ /INTERCLICK ]
         

Alt 13.02.2012, 03:52   #11
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Eset-Ergebnis:

C:\Program Files\FoxTabAudioConverter\AudioConverter.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
D:\TOOLS\Nero Burning ROM 8 Update\Nero-8.2.8.0_deu_update.exe Win32/Toolbar.AskSBar application deleted - quarantined

Gruß
Stefan

Alt 13.02.2012, 08:48   #12
kira
/// Helfer-Team
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Zitat:
Zitat von StefHei Beitrag anzeigen
3.) Fixen mit OTL => FÜHRT ZU ABBRUCH!!!!!!!
Zitat:
im abgesicherten Modus versuchen:
♦ PC neu starten
♦ Drücke gleich mehrmals die F8-Taste. Am besten mehrmals und schnell nacheinander drücken.
♦ Wähle in der Liste, die nun erscheint, den abgesicherten Modus aus.

Dann die Schritte 5. und 6. bitte auch noch erledigen (Posting #9)

außerdem:
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 13.02.2012, 19:29   #13
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Ok, im abgesicherten Modus hat's geklappt ;-))

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hama.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b01ae6c9-28c5-11e0-8f83-001d92612aad}\ not found.
File F:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd6a3ee2-bcb2-11dd-9ca1-001d92612aad}\ not found.
File K:\PhotoViewerAP_V207.exe not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:364682BC .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alexandra
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mika
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 248122838 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5669 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11443463 bytes
->Java cache emptied: 1817904 bytes
->Flash cache emptied: 56943 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1848161 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 251,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 02132012_192341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 13.02.2012, 21:37   #14
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



SUPERAntiSpyware:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/13/2012 at 09:20 PM

Application Version : 5.0.1144

Core Rules Database Version : 8232
Trace Rules Database Version: 6044

Scan type       : Complete Scan
Total Scan Time : 01:49:03

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 772
Memory threats detected   : 0
Registry items scanned    : 37161
Registry threats detected : 0
File items scanned        : 69238
File threats detected     : 10

Adware.Tracking Cookie
	C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\UO9W7A91.txt [ /smartadserver.com ]
	C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\0UZA632L.txt [ /doubleclick.net ]
	C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\OE64MMJN.txt [ /apmebf.com ]
	C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\0WVY004X.txt [ /atdmt.com ]
	C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Cookies\VVDCMBKH.txt [ /mediaplex.com ]
	C:\USERS\STEFAN\Cookies\UO9W7A91.txt [ Cookie:stefan@smartadserver.com/ ]
	C:\USERS\STEFAN\Cookies\0UZA632L.txt [ Cookie:stefan@doubleclick.net/ ]
	C:\USERS\STEFAN\Cookies\OE64MMJN.txt [ Cookie:stefan@apmebf.com/ ]
	C:\USERS\STEFAN\Cookies\0WVY004X.txt [ Cookie:stefan@atdmt.com/ ]
	C:\USERS\STEFAN\Cookies\VVDCMBKH.txt [ Cookie:stefan@mediaplex.com/ ]
         

Alt 14.02.2012, 04:24   #15
StefHei
 
Java-Scriptvirus JS/Decdec.psc - Standard

Java-Scriptvirus JS/Decdec.psc



Eset hat nichts gefunden ;-)

Antwort

Themen zu Java-Scriptvirus JS/Decdec.psc
alten, avira, befall, decdec.ps, erneut, gelöscht, homepage, javasript, kontakt, malwarebytes, melde, melden, meldung, neu, neuem, nichts, private, problem, prüfen, schonmal, schütze, schützen, sehr geholfen, seite, seiten, virenbefall, virus, woche, wochen



Ähnliche Themen: Java-Scriptvirus JS/Decdec.psc


  1. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  2. Java-Scriptvirus JS/EXP.Redir.EL.7
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (13)
  3. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  4. JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (22)
  5. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  6. Trojanisches Pferd TR/Spy.Banker.Gen5 & EXP/CVE-2012-1723.BU & Java-Scriptvirus JS/Dldr.Expack.BA.3
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (3)
  7. Hilfe bei Gmer-Logfile nach Avira-Fund Java-Scriptvirus JS/Decdec.psc
    Log-Analyse und Auswertung - 29.06.2012 (34)
  8. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  9. Trojaner TR/Drop.Croff.A, TR/Offend.KD.448731, TR/crypt.epack.gen und Java-Scriptvirus JS/Toieung.A
    Log-Analyse und Auswertung - 07.01.2012 (29)
  10. Trojaner TR/Buzus.iias + TR/Buzus.ihys + Enthält Erkennungsmuster des Java-Scriptvirus JS/Agent.akm
    Plagegeister aller Art und deren Bekämpfung - 14.09.2011 (38)
  11. VBS Scriptvirus - erstellt viele Verknüpfungen und laesst sich mit AntiVir nicht beheben
    Log-Analyse und Auswertung - 13.04.2011 (31)
  12. Fund eines html-scriptvirus/silly.gen
    Log-Analyse und Auswertung - 23.09.2009 (1)
  13. 8 mal svchost.exe,1 mit fund von html-scriptvirus
    Plagegeister aller Art und deren Bekämpfung - 03.11.2008 (6)
  14. HTML-Scriptvirus durch registri key entfernen löschen?
    Plagegeister aller Art und deren Bekämpfung - 27.09.2008 (6)
  15. Scriptvirus ?! html/rce.gen
    Plagegeister aller Art und deren Bekämpfung - 15.09.2008 (23)
  16. Java-Scriptvirus JS/Dldr.lstBar.J
    Plagegeister aller Art und deren Bekämpfung - 05.01.2006 (1)
  17. Java-Scriptvirus JS/Small.AF und TR/StartPage.UO
    Plagegeister aller Art und deren Bekämpfung - 21.02.2005 (1)

Zum Thema Java-Scriptvirus JS/Decdec.psc - Hallo! Als Ersteller von privaten Homepages habe ich dass Problem, dass vor kurzem ein paar der Seiten vom Javascript-Virus JS/Decdec.ps (Meldung aus Avira) heimgesucht wurden. Auf meinem PC wurde nichts - Java-Scriptvirus JS/Decdec.psc...
Archiv
Du betrachtest: Java-Scriptvirus JS/Decdec.psc auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.