Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.06.2012, 16:26   #1
Orieolobl
 
Verschlüsselungs Trojaner - Standard

Verschlüsselungs Trojaner



Hallo zusammen,

Ich habe diesen Trojaner eingefangen und bin froh um Hilfe.
Den Check mit MalewareBytes hab ich bereits gemacht:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.02

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Nicole :: SAMSUNG [Administrator]

Schutz: Deaktiviert

06.06.2012 12:44:03
malwarbyte

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359810
Laufzeit: 39 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 13
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt.
HKCR\CLSID\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3228B03C-11A2-4598-B127-089103A37FAC} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5f09bce-3a9f-020c-c58e-e473f8bc3061} (Adware.LoudMo) -> Keine Aktion durchgeführt.
HKCR\CLSID\{e5f09bce-3a9f-020c-c58e-e473f8bc3061} (Adware.LoudMo) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5F09BCE-3A9F-020C-C58E-E473F8BC3061} (Adware.LoudMo) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5F09BCE-3A9F-020C-C58E-E473F8BC3061} (Adware.LoudMo) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|A4DF8040 (Trojan.Agent) -> Daten: C:\Users\Nicole\AppData\Roaming\Lqcpb\4491C4B6A4DF80409468.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.Palevo) -> Daten: explorer.exe,C:\Users\Nicole\AppData\Roaming\juzjf.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Keine Aktion durchgeführt.

Infizierte Dateien: 11
C:\Users\Nicole\AppData\Roaming\Lqcpb\4491C4B6A4DF80409468.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Nicole\AppData\Local\Temp\kravozydgm.pre (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Nicole\AppData\Local\Temp\rmgejpbdar.pre (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\hpilclpacieflhmobalmaccogiioldoo.crx (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\data\nQgfAJsdpqgsanNUx (PUP.BFlix) -> Keine Aktion durchgeführt.
C:\ProgramData\TheBflix\data\NUGeovrDyQGfajsDpE (PUP.BFlix) -> Keine Aktion durchgeführt.

(Ende)
         
Leider hab ich nicht herausgefunden wie man das gefunden in die Quarantäne verschieben kann. Kann nur auswählen zwischen Löschen/Ignorieren.


Besten Dank für jede Hilfe.

Ich hab noch den Scan mit dem OLT gemacht.

OLT.txt:
Code:
ATTFilter
OTL logfile created on: 6/6/2012 6:44:58 PM - Run 1
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Users\Nicole\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 70.60% Memory free
5.99 Gb Paging File | 5.27 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 86.62 Gb Free Space | 61.22% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 36.92 Gb Free Space | 26.10% Space Free | Partition Type: NTFS
Drive E: | 519.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SAMSUNG | User Name: Nicole | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nicole\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Mcx2Svc) -- C:\Windows\System32\Mcx2Svc.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\System32\mprdim.dll (Microsoft Corporation)
SRV - (SharedAccess) -- C:\Windows\System32\ipnathlp.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Program Files\Orange\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (StarOpen) -- C:\windows\System32\drivers\StarOpen.sys ()
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb119?a=6PQpiW1uHg&i=26
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2F7ACB53-23F8-415E-83FC-88494625638A}: "URL" = hxxp://www.chameleonsearch.com/search.php?src=tops&q={SearchTerms}
IE - HKCU\..\SearchScopes\{4A370633-5B82-4827-8535-C10546664F20}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\..\SearchScopes\{8B035C2B-7508-42FC-9ED0-F7C03B020953}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{9198A103-03DB-4105-B76E-E33A6FB3476A}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms}
IE - HKCU\..\SearchScopes\{B0AC2587-F76B-4576-9DD6-062B08F53CAC}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{C01E9A0A-BEF9-49F0-A75C-136D3161A529}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQpiW1uHg&i=26
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/18 19:55:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 19:55:08 | 000,000,000 | ---D | M]
 
[2012/03/10 19:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2012/03/10 19:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/06/06 00:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\crkogry4.default\extensions
[2012/02/23 20:40:09 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\crkogry4.default\extensions\info@bflix.info
[2011/11/02 23:22:07 | 000,002,457 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\DXetdruTlsdOvyEx
[2011/11/02 23:22:07 | 000,002,419 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\eaxfuOlXUGJNjnf
[2011/11/02 23:22:07 | 000,000,933 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\gvryEXeQgLqTDftEjsa
[2011/08/12 09:28:52 | 000,005,508 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\GVtugyEdGNQjLeagJ
[2011/11/02 23:22:07 | 000,010,525 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\OJNEjpeQgyoTDtdjnea
[2012/02/23 20:39:23 | 000,002,203 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\crkogry4.default\searchplugins\TlpfsgveaGVNunysUNuE
[2011/03/10 08:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/05/07 11:06:12 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/07 11:57:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/07 11:57:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/07 11:57:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/07 11:57:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/07 11:57:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/07 11:57:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TheBflix Class) - {3228B03C-11A2-4598-B127-089103A37FAC} - C:\ProgramData\TheBflix\bhoclass.dll (Injector)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (WitBHO Class) - {75ED56AF-4DC9-4243-A30C-4EF4DD0CA28F} - C:\Program Files\ChameleonTom\wit4ie.dll File not found
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (chameleontom) - {e5f09bce-3a9f-020c-c58e-e473f8bc3061} - C:\windows\system32\-wnbLv-5ciFpS-.dll File not found
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\tbZyn1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [A4DF8040] C:\Users\Nicole\AppData\Roaming\Lqcpb\4491C4B6A4DF80409468.exe (Al Momento Non è Registrata)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra 'Tools' menuitem : ChameleonTom - {14CD42DD-ABCD-3586-DCAB-40E3693E3737} - C:\Program Files\ChameleonTom\ct.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: absolog.ch ([silviokeller] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} hxxp://www.lokalisten.de/iup/ImageUploader6.cab (Image Uploader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B836DB-879A-4D3A-90FF-7ED802146BA9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9FD38A0-81A9-4AEE-98B3-F7338FFC24BA}: DhcpNameServer = 195.141.56.5 193.192.227.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D24FC75C-5E3A-4CD8-BCAC-AF5D2F431E78}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Nicole\AppData\Roaming\juzjf.exe) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/20 07:14:28 | 000,000,043 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{539e5775-e600-11de-aa10-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{539e5775-e600-11de-aa10-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe -- [2010/11/05 08:43:36 | 001,888,193 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{bbac63b6-f263-11e0-a07f-002454240b80}\Shell - "" = AutoRun
O33 - MountPoints2\{bbac63b6-f263-11e0-a07f-002454240b80}\Shell\AutoRun\command - "" = F:\Start_eBanking_Login-Stick_Win.exe
O33 - MountPoints2\{c802ddb6-8225-11df-9ea9-002454240b80}\Shell - "" = AutoRun
O33 - MountPoints2\{c802ddb6-8225-11df-9ea9-002454240b80}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{e7b4ded8-47e7-11df-a1ac-002454240b80}\Shell - "" = AutoRun
O33 - MountPoints2\{e7b4ded8-47e7-11df-a1ac-002454240b80}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/06 12:24:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/06 12:24:51 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2012/06/06 12:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/06 12:24:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/06/06 12:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/06 12:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 00:37:01 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/06/06 00:27:04 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3586743A-8CE9-4132-8862-3A72771ECE7F}
[2012/06/06 00:26:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{684DCE48-620F-4E6A-B670-ADE83C80A311}
[2012/06/05 23:37:08 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Lqcpb
[2012/06/05 11:58:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{2129B552-6B2C-4615-A299-681BDE15084E}
[2012/06/05 11:58:25 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{1FDA4053-7F9B-4D3A-A5E1-325F57C829F7}
[2012/06/04 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{0760A984-9FD0-48F7-9CDE-880035D8CA1A}
[2012/06/04 23:57:45 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{A86532B8-F091-41C6-B758-5440EC5D343F}
[2012/06/04 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{7778C1D7-E4D3-4E7E-9787-F7805D271542}
[2012/06/02 16:06:07 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{ADABA92C-1EB0-4A46-AA3F-5F9D43D41187}
[2012/06/02 16:05:53 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3C42FE58-F2EF-4F24-A009-89CE455603F6}
[2012/06/01 20:51:47 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{36D163E3-D22F-4071-A571-73633DA2FD78}
[2012/06/01 20:51:33 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8B1A03A4-F3FB-4FAF-BFFE-A778128174E9}
[2012/05/31 11:00:01 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{9E9FD00B-AAAA-4BFE-9553-3EEBDEAA5A57}
[2012/05/31 10:59:49 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{ADBB3C1B-1D27-472A-9B44-53FCF7F9979C}
[2012/05/30 17:58:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{9F5F35F1-CB8C-4259-B207-0B3A6EE4A95D}
[2012/05/30 17:57:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{65201E5F-29B8-4E22-914E-FA78EA0FE4BE}
[2012/05/29 05:10:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{2C3D1E0E-9FDF-468C-A905-B35BABA564CA}
[2012/05/29 05:10:18 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{CF13DFD7-4A01-4E6F-8BD2-0D01123382D9}
[2012/05/28 17:09:51 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{5372B4A0-B523-4AB7-8B89-738301C85F47}
[2012/05/28 17:09:40 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{29D85BA9-84AC-428E-BA6D-FAFFEFC12CA5}
[2012/05/28 05:09:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{255FDC48-94E4-4289-9508-C1732BB007EC}
[2012/05/27 20:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012/05/27 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{C5C2DCFF-9680-41E1-B656-676B1E86E5BC}
[2012/05/27 17:08:31 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{D4AEA7F5-C593-40E5-B7CD-CB09B2777C24}
[2012/05/26 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8A2EB421-DAD2-43C5-97AD-FA78B353C069}
[2012/05/26 12:18:45 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{BEBBBD1B-D097-46CF-BDE6-ADEFBC3DF0D5}
[2012/05/24 12:16:44 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{F5578B99-5E07-421B-823A-E47B085A8B9C}
[2012/05/24 12:16:17 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{47A4459D-9962-45BE-9B69-8D0022F5D683}
[2012/05/23 23:29:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8D412523-2178-4B84-BCB6-875AC9C18EFA}
[2012/05/23 23:29:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{6A9A4EDF-9709-49E6-8962-CF3C820ADB90}
[2012/05/23 11:27:02 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{2597FC09-9ECE-44DD-983F-06613CA9D52E}
[2012/05/23 11:26:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{050B55E5-2A61-4EF6-A9E2-47EADB17C177}
[2012/05/22 23:26:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{325C7423-4092-423C-BC91-EE7817DD6067}
[2012/05/22 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{BEA792EE-46E6-4C8D-A8D0-70DB0FC2BDF8}
[2012/05/22 11:18:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{4DCE5FFC-151A-413B-8465-A9E88F5C766C}
[2012/05/22 11:18:04 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{B498A526-1F35-481A-8CED-0BB5B4D57096}
[2012/05/21 16:18:52 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{6F6235F4-94C2-4E41-8BEE-4A09D95DA0C0}
[2012/05/21 16:18:37 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{22DAD31F-08BB-4530-8745-5F7EACBBE5B4}
[2012/05/20 16:35:29 | 000,000,000 | R--D | C] -- C:\Users\Nicole\Podcasts
[2012/05/20 16:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012/05/20 16:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2012/05/19 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\I Phone Bilder
[2012/05/19 14:11:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{A6D958EA-202C-43D4-AF9E-39D76D00F54D}
[2012/05/19 14:11:27 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{54B3F663-1BD7-4033-B359-DA51FA71AF7B}
[2012/05/18 19:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/18 19:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/18 19:54:41 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{BC83D4E3-048A-4A5F-99D9-2EDBCA30DFFE}
[2012/05/18 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3D215BB3-26ED-4B7C-8CFE-33F94C850F14}
[2012/05/18 07:53:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{7B56347D-D35B-4CD2-BA9D-2E5843F97D1F}
[2012/05/18 07:53:36 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{E5AC9DE9-6798-4872-8014-C5DCDA32E068}
[2012/05/17 16:29:42 | 000,000,000 | ---D | C] -- C:\Users\Nicole\Desktop\ewige libi
[2012/05/17 16:14:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{F7BCD2F6-DB81-4E92-9288-BC6759998336}
[2012/05/17 16:14:08 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8360D53D-5747-47E2-8C16-C685391DB4EC}
[2012/05/17 07:42:20 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{962482CE-6DD8-4275-97BF-EE219B6A8A92}
[2012/05/17 07:40:54 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{D391F326-B432-4CA4-AB10-C160E811CDF9}
[2012/05/15 10:11:51 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8E3BE15D-5F1C-4CD8-AB9C-4E6D09056DCA}
[2012/05/15 10:11:38 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{612C55B2-8956-4159-8797-3B58FFC2B68B}
[2012/05/14 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{4AFA7C0C-9097-46F4-BE4D-D1DBFCA7CB7C}
[2012/05/14 00:11:51 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{67E9C848-87B0-44B5-8BDC-EFE943600FD2}
[2012/05/14 00:11:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3F2F641A-AD44-4BA5-8C3E-4E064A8F31CE}
[2012/05/13 12:11:12 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{85AAF572-CE27-4505-99B7-54F7E9C75137}
[2012/05/13 12:10:59 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{B8137D6E-A044-4C3E-A2D9-BC694B09D6E2}
[2012/05/13 00:10:23 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{BADF6564-62EB-4BCF-AE61-24B4F18B66EB}
[2012/05/13 00:10:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{3A3E035F-849B-459B-921A-7C77768FC363}
[2012/05/12 10:50:54 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{05F44A4D-5B92-4457-8E5A-890859855E32}
[2012/05/11 18:59:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{8B88B5C9-D81A-464D-B4F5-992717CAA2B0}
[2012/05/11 18:59:16 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{72F1439E-C440-45AB-9385-43B0735FFC75}
[2012/05/10 17:38:57 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012/05/10 17:38:57 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012/05/10 17:38:57 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/05/10 17:38:53 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012/05/10 17:31:44 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{45F1393A-2E0D-446C-9B30-C4756296A92C}
[2012/05/10 17:31:30 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{527470A2-C9A8-4E8D-ABFF-32CDA2527905}
[2012/05/09 19:10:45 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{D74B993A-1F72-41BB-9522-26237F03DE62}
[2012/05/09 19:10:22 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{2FA2833C-CADD-47F9-9EB4-8D5340545D3B}
[2012/05/08 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{38453675-A31D-4645-B7F2-7F5B1A68E090}
[2012/05/08 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\{196D0367-118A-4A59-9AAD-8E642E11F18B}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/06 12:43:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2012/06/06 12:24:48 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/06 12:21:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/06 12:21:21 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/06 06:57:17 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/06 05:59:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/06 00:46:26 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 00:46:26 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 20:08:46 | 000,000,000 | ---- | M] () -- C:\windows\BRPARAM.INI
[2012/05/20 16:37:08 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2012/05/20 16:36:49 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/05/20 16:34:12 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/05/18 19:55:04 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/17 16:17:36 | 000,714,880 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/05/17 16:17:36 | 000,665,854 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/17 16:17:36 | 000,154,776 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/05/17 16:17:36 | 000,124,988 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/11 18:57:07 | 000,418,704 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/09 19:09:59 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012/05/09 19:09:59 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/06 12:24:48 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/27 20:08:46 | 000,000,000 | ---- | C] () -- C:\windows\BRPARAM.INI
[2012/05/20 16:37:08 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2012/05/20 16:36:49 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012/05/20 16:34:12 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2012/05/18 19:55:04 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/09 15:20:38 | 004,794,880 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2012/01/28 13:12:40 | 000,079,360 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2012/01/09 20:45:18 | 000,178,688 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/12/07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\windows\System32\lagarith.dll
[2011/01/25 23:30:41 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\EyvgtVlTQrUtep
[2011/01/25 23:29:40 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\oqnvgeXoqQrUtnA
[2010/08/21 18:22:57 | 000,003,584 | ---- | C] () -- C:\Users\Nicole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/14 11:07:32 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
 
========== LOP Check ==========
 
[2010/03/23 13:52:29 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Canneverbe Limited
[2012/06/06 00:18:20 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\ICQ
[2010/06/17 21:13:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2012/06/05 23:37:08 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Lqcpb
[2010/07/01 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\mquadr.at
[2010/12/17 18:58:16 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Netgear Live Parental Controls
[2010/08/30 22:06:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TeamViewer
[2012/03/10 19:47:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TomTom
[2012/02/26 12:41:48 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Win7codecs
[2012/05/18 07:51:37 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
         


Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 6/6/2012 6:44:58 PM - Run 1
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Users\Nicole\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 70.60% Memory free
5.99 Gb Paging File | 5.27 Gb Available in Paging File | 88.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 86.62 Gb Free Space | 61.22% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 36.92 Gb Free Space | 26.10% Space Free | Partition Type: NTFS
Drive E: | 519.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: SAMSUNG | User Name: Nicole | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A7197BB-5021-4609-888B-911DF5E320A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0EEC0D59-EE68-490B-B5DE-2FBAA34F4329}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1BB7FCAF-93D9-4DBE-8F6C-DC41C22950FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1FD529A9-1027-430B-81E8-052EB257ED34}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{25F028D0-36CC-427C-84F3-02D92D4F5043}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2FB7862C-6C98-4BBD-9AFF-C5C047FAA327}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3147C501-3127-43B4-82D0-63AB47313349}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{38630A73-299C-4FB9-AB99-189C89CA1F3C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{609B6FAB-8908-4E32-A36B-A3DC83FF685F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{60CCBA5C-C865-42BE-8B29-9AD27DE9D5A0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6C0043FB-00DF-4CF2-AC73-0FEE329803E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6EDA6529-BA78-4C62-AF41-17413E63E8AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{73D49BD8-61B5-47A5-B53F-53F16E463663}" = lport=445 | protocol=6 | dir=in | app=system | 
"{73DB40F1-BF3D-4AD7-84DE-75A9B2808600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F69250C-6C1E-4560-ABB0-68D7ACE6BB8C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9D8E3A18-BDB1-4118-934D-975CC2ED249C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ACB3E3D3-0454-461A-A5B5-D8B7218C5983}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AD56E941-D9EB-4263-A82D-EA1E1C63F8D7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B8BCD630-9592-4D39-95E0-A12946132900}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B924F32F-BF92-4E1E-A16E-7929B96F1AD1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BFBE398E-0D5A-41CC-B277-DEA3E251317B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D9F5E18E-3A25-4FFB-97AC-0AC94BE2FE25}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DAA7E269-7266-49FE-9099-A3FC621C2E97}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EB5D97CA-7AAE-43C2-9084-52B2CEBDF295}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED2FF2D9-6BEB-45CC-9179-588EFD18FCDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EEBD75F7-8819-42B0-9422-E8A355E39A14}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FE2BDF4A-F758-4163-B4BC-9D5E9052B9E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FEE13DE9-EAD6-4229-A513-D6767A361086}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A08DA5-F282-4D01-8DF4-E1EF93333A6B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{06EBEECC-DEDB-44AB-9EE1-4EADD19FDA49}" = protocol=6 | dir=in | app=c:\program files\cablecom\installer\cablecom_installer.exe | 
"{0EF1A57E-E131-4AB0-890F-73A8FDC7638A}" = protocol=17 | dir=in | app=c:\program files\cablecom\installer\cablecom_installer.exe | 
"{200F9486-01E8-4029-9F7A-49684305A794}" = protocol=6 | dir=out | app=system | 
"{20888706-74B2-47BF-8776-BB55BCD07C0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{234152F2-E18D-4046-B3EF-58F9252B7B02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28CF7431-403B-4865-938B-D1AE8553321D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2E2E7F16-10AC-4013-A873-35804C3B3C77}" = protocol=17 | dir=in | app=c:\program files\cablecom\installer\cablecom_installer.exe | 
"{3F1CC036-CD90-41BD-A5F1-056F5774DF47}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{42D4C7F4-5914-4106-8284-4E70D05CEA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{472A7034-358D-4FB2-9EF7-759A4EBC00FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{478CCFC9-FFC1-4AA6-AA84-80B44486FDBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{503C3C57-1B80-4D55-81ED-8315D02D5A0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54F20C4D-58C7-44E4-BFC8-8DC0E4957BC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5AD4AE74-3EC7-45F3-9111-57C2214FEFBC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{63BF550D-54CB-49E1-9921-8EAF06AF7E4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6902CE81-79C7-4D7E-9C56-04207AF7347E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{69857331-C722-432F-A433-BEF892F893C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{726B8299-B040-4CD1-8A94-19CD6E49A7B6}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{734E034A-22EF-4EED-AA38-82B341377EA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F6F2D2F-0A22-4249-B381-2B88F5DE6CA9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{85E2ECC2-078D-4021-BAAF-2B4F58CE3F37}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{9065E2A5-4B96-421C-9ABF-AC2741D7BEB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{94962D29-6C96-4AF4-B777-CBA1839128A4}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{A5B174F8-E643-490C-93A1-943926C5E0F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD6FD4CD-F9F3-403A-B5A5-FCFA3DE7724B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C7CEF5FD-6F9F-4585-9AB8-F751FAFF88C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CC5956A9-6882-4805-AC88-046AD1763F76}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{D1FF9A5D-831B-4C0B-B197-D4431CB07E06}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D5B4B955-4D3D-4C0C-AA32-C6DE6CB25DFD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E61CD4B2-8779-4F2B-9C6A-0D9843C329C6}" = protocol=6 | dir=in | app=c:\program files\cablecom\installer\cablecom_installer.exe | 
"{F8D8FB5C-F8A9-4638-AA38-6115A55BCB69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{8D7005BC-08F2-4D8F-9E20-168D0F4F0501}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{CEB697A4-AEB4-432F-A389-A0B36A686150}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{D91B68F7-24DE-4DF5-AA40-35CAE70F52C7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{EB28421E-22CE-4331-BABC-5397035D300D}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{0D61AB39-77AF-46C9-86EA-BAC90D956D48}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{197C351A-941B-4056-9303-9C082018CAB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{6FF3F985-DF7D-42FD-96F9-F6E9B29B087B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{DD42B2E7-A199-4F12-BD6B-EB89C5C34542}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{29EFF077-2E09-4AF3-9744-54E41D245E93}" = Motorola Phone Tools
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2D7C3E18-E696-4B67-8B5D-45CD3BE6B27E}" = SweetIM for Messenger 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{631141AD-79AA-447F-B403-21C704D39B8C}" = UPC Fiber Power Optimizer
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{973B2A28-51AC-4985-A23B-158F546ED7DD}" = GlobeTrotter Connect
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F61310F9-DE52-4EF9-B514-F41DE0BC0418}" = cablecom installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"cablecom installer" = cablecom installer
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"ChameleonTom" = Chameleon Tom
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Chrome" = Google Chrome
"ifolor-Designer" = ifolor Designer
"incredibar" = Incredibar Toolbar  on IE and Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NETGEAR Live Parental Controls Management Utility" = NETGEAR Live Parental Controls Management Utility 2.1b12
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"PROR" = Microsoft Office Professional 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.3.2499
"UPC Fiber Power Optimizer" = UPC Fiber Power Optimizer
"WinLiveSuite" = Windows Live Essentials
"Zune" = Zune
"Zynga Toolbar" = Zynga Toolbar
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 07.06.2012, 17:22   #2
markusg
/// Malware-holic
 
Verschlüsselungs Trojaner - Standard

Verschlüsselungs Trojaner



update Malwarebytes bitte, dann vollständiger scan und löschen.
dann sende mir die infektionsquelle, wie das geht steht in meiner signatur.
http://www.trojaner-board.de/115496-...tml#post831090
bitte dann shadow explorer versuchen
__________________

__________________

Alt 07.06.2012, 22:12   #3
Orieolobl
 
Verschlüsselungs Trojaner - Standard

Verschlüsselungs Trojaner



Neu gescannt und gelöscht.
Soll ich den log nochmals posten?

Aufstarten geht wieder normal. Nur sind alle Dateien noch Verschlüsselt (bis auf C:/Programme und C:/Windows).

Werde ShadowExplorer noch versuchen.
Infektionsquelle sende ich nächstens auch.
__________________

Antwort

Themen zu Verschlüsselungs Trojaner
administrator, alternate, anti-malware, appdata, autostart, benutzerregistrierung, browser, canon, cdburnerxp, check, code, conduit, dateien, dateisystem, ebanking, explorer, explorer.exe, feedback, gen, google earth, hallo zusammen, helper, heuristiks/extra, heuristiks/shuriken, incredibar toolbar, install.exe, malwarebytes, microsoft, microsoft office word, montera, office 2007, origin, pup.mywebsearch, quarantäne, roaming, searchscopes, security scan, software, speicher, staropen, temp, test, trojan.agent, trojane, trojaner, uninstall.exe, verschieben, version=1.0, visual studio



Ähnliche Themen: Verschlüsselungs Trojaner


  1. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  2. windows verschlüsselungs trojaner-sofortiger TRojaner hinweis
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (9)
  3. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  4. verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 14.07.2012 (1)
  5. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  6. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 14.06.2012 (6)
  7. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (4)
  8. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 12.06.2012 (7)
  9. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  10. Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 10.06.2012 (1)
  11. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (6)
  12. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  13. verschlüsselungs trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  14. Verschlüsselungs-Trojaner auf XP
    Log-Analyse und Auswertung - 07.06.2012 (9)
  15. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 03.06.2012 (1)
  16. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 29.05.2012 (15)
  17. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)

Zum Thema Verschlüsselungs Trojaner - Hallo zusammen, Ich habe diesen Trojaner eingefangen und bin froh um Hilfe. Den Check mit MalewareBytes hab ich bereits gemacht: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org - Verschlüsselungs Trojaner...
Archiv
Du betrachtest: Verschlüsselungs Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.