Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?

TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?


Plagegeister aller Art und deren Bekämpfung: TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.05.2012, 07:07   #1
Synapse6675
 
TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen? - Standard

TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?


Hallo,
mein Avira hat den TR/Crypt/XPACK.Gen2 festgestellt, nach verschieben in Quarantäne kommt das Ding im Minutentakt immer wieder. Das Problem, warum ich keine Logfiles etc posten kann, meine Browser gehen nicht mehr! Ich kann die eigenen Dateien sehen, Avira updaten, aber nicht surfen. Ich schreibe jetzt auf meinem Netbook. Der PC hat W Vista. Der Virus sitzt laut Avira C:\Users\MaatKaRe\AppData\Local\Temp\POSB49F.tmp

Wie kann ich ohne Bowser den Virus entfernen?

Besten Dank im voraus,
S.
PS: ich kann nicht mal Photoshop oder FileZilla öffnen zum arbeiten ;-(

Alt 04.05.2012, 13:42   #2
Swisstreasure
/// Malwareteam
 
TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen? - Standard

TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?




Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:


Schritt 2

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.


Schritt 3

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
Alt 04.05.2012, 14:36   #3
Synapse6675
 
TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen? - Standard

TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?


Hallo,
wieso auch immer, die Browser und auch Photoshop/Filezilla laufen wieder, Avira ist auch bisher ruhig geblieben.
Ich habe den Scan mit Malewarebytes gemacht:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.04.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
MaatKaRe :: HATCHEPSUT [Administrator]

Schutz: Aktiviert

04.05.2012 09:43:26
mbam-log-2012-05-04 (09-43-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400708
Laufzeit: 3 Stunde(n), 24 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00000398.exe (Trojan.Inject) -> Daten: "C:\Users\MaatKaRe\AppData\Roaming\KB00000398.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 7
C:\Users\MaatKaRe\Downloads\SoftonicDownloader_fuer_free-video-to-flash-converter.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\MaatKaRe\AppData\Roaming\KB00000398.exe (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MaatKaRe\Downloads\SmartProtector(2).exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MaatKaRe\Downloads\SmartProtector(3).exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MaatKaRe\Downloads\SmartProtector(4).exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MaatKaRe\Downloads\SmartProtector.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\MaatKaRe\Downloads\Samsung_PC_Studio.exe (Adware.Bundler) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTLOTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 04.05.2012 15:29:50 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = c:\Users\MaatKaRe\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,95% Memory free
4,24 Gb Paging File | 2,75 Gb Available in Paging File | 64,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,77 Gb Total Space | 58,38 Gb Free Space | 26,21% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 2,94 Gb Free Space | 29,43% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 83,24 Gb Free Space | 17,87% Space Free | Partition Type: NTFS
 
Computer Name: HATCHEPSUT | User Name: MaatKaRe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\MaatKaRe\AppData\Local\Temp\Adobelm_Cleanup.0001 (Macrovision Europe Ltd.)
PRC - c:\Users\MaatKaRe\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\MaatKaRe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Adobe\Adobe Photoshop CS2\Photoshop.exe (Adobe Systems, Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\MaatKaRe\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp ()
MOD - C:\Users\MaatKaRe\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp ()
MOD - C:\Users\MaatKaRe\AppData\Local\Temp\Adobelm_Cleanup.0001.dir.0000\~de2fd8.tmp ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\libeay32.dll ()
MOD - C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\ssleay32.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_6c825ce.dll ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UsbserFilt) -- system32\DRIVERS\usbser_lowerfltj.sys File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nmwcdc) -- system32\drivers\ccdcmbo.sys File not found
DRV - (nmwcd) -- system32\drivers\ccdcmb.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (Adsssvaenv) --  File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (MSTAPE) -- C:\Windows\System32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\Windows\System32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (AR5211) -- C:\Windows\System32\drivers\WG311T13.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110811&babsrc=HP_ss&mntrId=f6e1e90e00000000000000184d716e26
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110811&babsrc=SP_ss&mntrId=f6e1e90e00000000000000184d716e26
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=&apn_uid=0F7C28EC-44B1-46DE-8F1C-3ED6D2BC857B&apn_sauid=0A071D72-8601-436D-99C1-130D5A044015&
IE - HKCU\..\SearchScopes\{4EFDCD40-F20B-4A5C-9C7F-C205C307E000}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms}
IE - HKCU\..\SearchScopes\{AA4D9A93-21F1-4416-9DAB-DE6947D0C701}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{F26D89B6-3868-4BC0-895A-29F4AAE2DB06}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: ar@dictionaries.addons.mozilla.org:2.0.20080110.1
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {E9503836-F26F-454D-BD55-25B18B483586}:1.0.8
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.8.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BB359C50-BFC9-4f40-8302-3FE5A499A859}:3.6.1
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.9
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&apn_uid=0F7C28EC-44B1-46DE-8F1C-3ED6D2BC857B&apn_ptnrs=U9&apn_sauid=0A071D72-8601-436D-99C1-130D5A044015&apn_dtid=&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1:  File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 08:25:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.24 08:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.12 11:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.24 08:06:46 | 000,000,000 | ---D | M]
 
[2010.11.13 09:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Extensions
[2010.11.13 09:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 18:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions
[2011.06.15 14:20:32 | 000,000,000 | ---D | M] (Arabic spell-checking dictionary) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions\ar@dictionaries.addons.mozilla.org
[2010.12.18 16:40:14 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2010.10.06 09:18:24 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.04.16 08:23:29 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions\info@djzig.com
[2008.06.08 08:10:11 | 000,002,341 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\anderes-wortde.xml
[2007.08.21 19:48:27 | 000,001,963 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\de-en-beolingus.xml
[2010.05.17 08:17:38 | 000,002,101 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\googlede.xml
[2012.03.10 09:48:19 | 000,001,831 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\leo-deu-eng.xml
[2010.09.17 08:37:02 | 000,005,588 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\webde-suche.xml
[2012.01.29 10:10:55 | 000,002,440 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\wikibooks-de.xml
[2012.03.18 08:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.24 13:37:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.12.23 10:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.12.23 10:37:07 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\CONTEXTMENUEXTENSION@LEO.ORG.XPI
() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI
[2009.07.02 10:01:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.18 08:25:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.12 13:59:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 03:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.18 10:53:59 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.17 03:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.17 03:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 03:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 03:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.17 03:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Arabica] C:\Programme\Arabica\Astart.exe (Arabica Online)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WEB.DE Club E-Mail Alarm] C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\MaatKaRe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MaatKaRe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab (WEBDE Fotoalbum Upload Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (Steuerung des DownloadManager )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C3CF26F-FC33-4219-A8F8-4D701AD87C81}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F0FB4CA-D270-4BB5-9A26-2CB1C41696E0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MaatKaRe\Desktop\wahiba.jpg
O24 - Desktop BackupWallPaper: C:\Users\MaatKaRe\Desktop\wahiba.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{798c0706-ec52-11dd-8990-00184d716e26}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.04 09:41:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.04 09:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.03 17:29:19 | 000,000,000 | -H-D | C] -- C:\Users\MaatKaRe\AppData\Roaming\55F2405F
[2012.04.22 18:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung PC Studio 3
[2012.04.22 18:03:25 | 070,984,344 | ---- | C] (Macrovision Corporation) -- C:\Users\MaatKaRe\Desktop\20080918150353328_Samsung_PC_Studio_322_HF1.exe
[2012.04.22 17:33:46 | 000,000,000 | ---D | C] -- C:\Users\MaatKaRe\AppData\Roaming\Temp
[2012.04.22 16:54:10 | 000,000,000 | ---D | C] -- C:\Users\MaatKaRe\AppData\Local\Samsung
[2012.04.22 16:53:23 | 000,000,000 | ---D | C] -- C:\Users\MaatKaRe\Documents\samsung
[2012.04.22 16:52:02 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2012.04.22 16:52:02 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2012.04.22 16:52:02 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2012.04.22 16:52:02 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2012.04.22 16:52:02 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2012.04.22 16:52:02 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2012.04.22 16:52:02 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2012.04.22 16:49:25 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012.04.22 16:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012.04.22 16:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.04.13 08:57:09 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.13 08:57:08 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.13 08:48:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.13 08:48:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.13 08:48:45 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.13 08:48:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.13 08:48:45 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.04.13 08:48:45 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.13 08:48:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.04.13 08:48:45 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.04.13 08:48:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.04.13 08:48:45 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.04.13 08:48:45 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.13 08:48:45 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.04.13 08:48:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.04.13 08:48:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.04.13 08:48:45 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.04.13 08:48:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.04.13 08:48:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.04.13 08:48:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.04.11 10:00:45 | 000,000,000 | ---D | C] -- C:\Users\MaatKaRe\Documents\C4S-Quartal-01_1012
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.04 15:30:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.04 15:18:42 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2012.05.04 15:18:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.04 15:18:28 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 15:18:28 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 15:18:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.04 15:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.04 11:58:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.05.04 09:42:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.04 07:14:46 | 000,005,368 | ---- | M] () -- C:\Users\MaatKaRe\Desktop\PwdGen.ini
[2012.05.04 07:12:48 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8DD861A7-3150-45B1-824A-0F26F6824FF2}.job
[2012.05.02 08:10:52 | 000,126,271 | ---- | M] () -- C:\Users\MaatKaRe\Documents\Kontoauszug_1002907770-2010_009.pdf
[2012.05.02 08:09:13 | 000,128,474 | ---- | M] () -- C:\Users\MaatKaRe\Documents\Kontoauszug_1002907770-2010_008.pdf
[2012.04.23 09:28:15 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.23 09:28:15 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.23 09:28:15 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.23 09:28:15 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.22 18:52:56 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2012.04.22 18:04:31 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\Samsung PC Studio 3.lnk
[2012.04.22 18:03:56 | 070,984,344 | ---- | M] (Macrovision Corporation) -- C:\Users\MaatKaRe\Desktop\20080918150353328_Samsung_PC_Studio_322_HF1.exe
[2012.04.20 13:01:37 | 000,040,448 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.20 13:01:11 | 000,000,104 | ---- | M] () -- C:\Users\MaatKaRe\Computer - Verknüpfung.lnk
[2012.04.10 09:21:12 | 000,033,100 | ---- | M] () -- C:\Users\MaatKaRe\Desktop\twoo.jpg
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.04 09:42:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.02 08:10:52 | 000,126,271 | ---- | C] () -- C:\Users\MaatKaRe\Documents\Kontoauszug_1002907770-2010_009.pdf
[2012.05.02 08:09:13 | 000,128,474 | ---- | C] () -- C:\Users\MaatKaRe\Documents\Kontoauszug_1002907770-2010_008.pdf
[2012.04.22 18:48:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.04.22 18:04:31 | 000,000,773 | ---- | C] () -- C:\Users\Public\Desktop\Samsung PC Studio 3.lnk
[2012.04.20 13:01:11 | 000,000,104 | ---- | C] () -- C:\Users\MaatKaRe\Computer - Verknüpfung.lnk
[2012.04.10 09:20:52 | 000,033,100 | ---- | C] () -- C:\Users\MaatKaRe\Desktop\twoo.jpg
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.03.21 10:17:31 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.03.21 10:14:22 | 000,436,736 | ---- | C] () -- C:\Windows\System32\setup.exe
[2010.12.21 08:30:49 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.21 08:30:49 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Luna.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Schafskrimi.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\samsung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen2008Neu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\RE2007Neu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\OnLocation CS3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NPS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NokiaHandy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NeroVision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Nero Recode:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My NPS Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My Art:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\MemoriesOnWeb:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Member_Texte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Logo_MCinema_Verträge.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Kontoauszüge:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\iMesh:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Ideen Movies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\GFDOutDir:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Eigene Webs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Deutsche Post AG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Catarina:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal04-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-04-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-04-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-11:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-02-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-02-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01_1012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-02-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S_Quartal03_11:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Adobe Scripts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\AbrechnungenC4S:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\WindowsEasyTransfer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\PunishedByTheGoverness_P2.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\Mozilla Firefox:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova03.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova02.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova01.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\Foto0371.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\DSC_0014.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\DreiSchmutzkinder.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\cold wind.wav:Roxio EMC Stream
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
--- --- ---

--- --- ---OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.05.2012 15:29:50 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = c:\Users\MaatKaRe\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,95% Memory free
4,24 Gb Paging File | 2,75 Gb Available in Paging File | 64,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,77 Gb Total Space | 58,38 Gb Free Space | 26,21% Space Free | Partition Type: NTFS
Drive E: | 10,00 Gb Total Space | 2,94 Gb Free Space | 29,43% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 83,24 Gb Free Space | 17,87% Space Free | Partition Type: NTFS
 
Computer Name: HATCHEPSUT | User Name: MaatKaRe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0133A6F3-9E76-4792-9629-34A86540F6F4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{31607B92-3967-40C8-A8FA-1F4122032207}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4217F4E3-BDDB-4067-8AE2-F7CA892454F6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4451BF11-C97C-479B-8B1C-98371BB9D129}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4A289BC7-0607-426D-8AAE-F6B2DA0D0EED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A546682-733E-4D40-A0B3-4AAF9D68489B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5452698C-4A3B-48A6-BFAB-6DA89ADCC05A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5701B86A-BD27-4C9C-9DBB-8D5DD1F3473C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B098B40-ED29-456C-8812-CF38BABC4531}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5F0972BF-CE61-4D0B-9A24-B8179B08E67F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{608CAAF0-306B-4FC6-BA07-54AAF67286D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{66DBFA7F-02BF-4F5D-AAE1-689B195339B5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6A8B71D1-399E-42C5-94C3-B8840DA9448F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6B32A721-21E8-46DB-8566-298299919EAF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{70FBF588-84D8-4238-B233-C223FBDFA698}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{739192EB-938E-4DC9-8793-AA06A6B71C31}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{7918A893-0A64-4835-95D3-CE1068CCE230}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{792175B3-BE20-4722-ADB3-4542687181A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79BE9A57-D6FB-4D6F-AF4D-0BE82EF6172D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7E6C67F7-C4DC-4ACE-A4D2-659B50F3B7F0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7F662CAA-FDDB-48A1-9DD3-8EA5ECE13158}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A08861FD-510A-4089-BE35-137C0586324D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{ABECA252-12A4-4A3C-8C29-E5A0F2209353}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B34D6E02-A54E-4F5C-834B-1383CE37CA87}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B91A47D4-C04C-4BC0-9584-5A224F3A6FC9}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{B9FFAD44-2970-4D67-BF30-2945E055B208}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2D7A763-FB9B-4D60-8D0C-42C0B4F4868E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C8C1A24C-9B9F-43F8-ACC3-DD0AA116FCF5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CCDE06E9-1DF9-4D62-9981-B90ADE64EF16}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E9C7BB25-4642-4D25-A48A-EE2F2B5AE869}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{EB2B6A79-827B-4B8F-8579-4EA4BB8B575C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EDB483F0-5DD2-49DD-A435-75E23DD27AE8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F2E09E7F-2A7B-4BBF-AD3E-4538B49F9A2D}" = lport=3389 | protocol=6 | dir=in | app=system | 
"{F7520DE2-00F8-487F-B290-2D272796148B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F9AA6209-0C51-40B4-8F1B-2E7ED38B4E46}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FE287F12-7CDE-4ABE-AE7A-9F2804579838}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0585FF58-0E25-4A98-9AB3-A70BBBA74CEB}" = protocol=17 | dir=in | app=c:\users\maatkare\appdata\roaming\dropbox\bin\dropbox.exe | 
"{144C60D5-1107-4522-A528-18D565AF1991}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{15459979-5FE8-4448-8482-A1905F0C31B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3D4404B8-DD8B-4345-ADC8-CF8750F8BAC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{414B6F5B-BF70-472D-8D35-DF90D02EAE2C}" = protocol=6 | dir=out | app=system | 
"{45BAA045-A0F0-4509-A665-B22AFE7BD1FF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{5F66DD4F-735D-4C4E-8613-A24371895CF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{680227CD-9DB0-46B6-807F-17973A6DAB16}" = protocol=6 | dir=in | app=c:\users\maatkare\appdata\roaming\dropbox\bin\dropbox.exe | 
"{710EF7DD-6CA7-4BCB-8B5F-047F79B21EAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73CDB8BA-2002-4199-A137-2E4B14EF7B40}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{765EE318-A8CA-48C5-96AB-D846796CF99C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A8236D9-0CEB-4D74-94C4-1FA93A58C1FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8C528CEB-8DB0-49E4-A045-4E58CD69C5CD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{95E284F7-58E7-4EB2-8C79-F2642810267F}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{95F6211C-11C6-4FC3-8F56-060675F89145}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{95FFC774-8EEB-4375-ACF4-136EA228B65F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A8FD870-A032-404E-BA89-07F08AC17D7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9FB701C3-277B-4661-901E-065F62DA6137}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A162AA1B-8989-4AD8-B51F-470406B5F13E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A2888E65-4DBF-479A-82F9-A8C98211E4EC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A3299F04-BF5E-4D47-BB81-B7E42511C572}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{AC529091-EA90-4FFE-ABD1-62927BF1CC83}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B416B3AB-2879-434D-A14E-1641612080F5}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B681CC9F-1BDE-464F-AECD-A6D312374401}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDCC4E2C-807D-43CD-9B65-7CF7E1F488A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D117CAC5-C14A-4265-A3B0-620D521A001F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D339C75E-C45B-4EF8-8891-EB7686A14C0E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D8A2A7D1-125A-47BF-A4F4-BC98D6D95077}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F26D0680-9C51-4F73-B20B-5612E1E931CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC7FD266-B613-4B97-9C77-FF960E545C9B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FDFC2FBD-A142-4EF9-B443-0CB7566D2CC8}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{FFB9779C-D826-4ED0-827A-F4F727F4C9BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{167043E6-6CCD-4259-A989-60BA52D27DC2}C:\program files\filezilla\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla\filezilla.exe | 
"TCP Query User{3582E7ED-0204-453C-9D6E-A4F1AA8FC65B}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{44E5CB35-2114-44E5-B2E6-F8207F4FA262}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{499774DD-3FE9-419A-97EA-3673EA7B88E7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4B48A61B-CEDF-411D-ADD2-CEB702C90120}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{56E64DA2-277E-4630-AF54-F8F6813AE0C1}C:\users\maatkare\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\maatkare\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{625679EE-B0EF-4425-81F3-D6BCDCF750DD}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{6A78FFB0-AD64-4A9A-B5DF-B2BAF15D1793}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{755A03CF-31A8-4F78-A9F2-472901954E04}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{7E7FA6CB-C485-42D9-96FA-CAF97A3AF407}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"TCP Query User{80A2FDDC-873E-4B10-AADC-610DDD21ACB6}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{C0AA53CB-FF72-4330-8F1C-0318EEE3407E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{D133BB2E-E7C9-433E-A6EE-8285DE33F774}C:\users\maatkare\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\maatkare\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{DD0B0C98-6FE4-413D-991D-E8C77A6F9F41}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{ECAB3DE2-F5D9-461A-9FD2-F193F978A69E}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{00B93AB7-5D7E-42EA-B6D7-4483100C31A6}C:\users\maatkare\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\maatkare\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{1BEBF182-9F92-41A5-9E30-352B83DEBA2B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{26FD28F5-C2EC-4997-AB89-5E8F775759EC}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{2E50E9C1-7907-4B31-A0D4-A9EAB2A354BD}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{5443577A-C5B1-43AE-A9FB-DBB7C17354BC}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{5618A56F-1476-4F55-AB0F-2BDD6380B2B5}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{68F7A31C-E47D-44B7-8DF6-A33CA39BBD65}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{6B9CAB85-1546-4827-BE65-E146AEAB4317}C:\users\maatkare\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\maatkare\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{6DF61708-7726-48C2-9610-A46E85320DAC}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{94A84F2B-5A01-4D70-AAD6-A3BB8367ECFE}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{9C205CD9-9177-4ACB-A962-40FC0A870E2B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{BC1ECF34-73CF-4E27-8B55-9764E55ABFB6}C:\program files\filezilla\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla\filezilla.exe | 
"UDP Query User{CE2E37A5-9EE5-4FD7-B27B-0139F657B3B9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{D1D069FF-0541-4F20-85B4-AFB448DFE27B}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"UDP Query User{D333C074-3453-4851-9CEC-E5E84D497311}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic
"{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English
"{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing
"{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}" = Adobe Setup
"{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7066F2DB-5032-4B6F-A8E7-A6F946043438}" = Adobe Setup
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility
"{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean
"{DB4C031D-B2F8-47F1-A274-59A8F3B61033}" = Nero 7 Premium
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German
"{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian
"{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French
"{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_54503dca4c8f2a99b3c8c810699cd75" = Adobe Encore CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_71c180716438072ebd356ce2549df41" = Adobe Premiere Pro CS3 Third Party Content
"Akamai" = Akamai NetSession Interface Service
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"BabylonToolbar" = Babylon toolbar on IE
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Photo RX685_690 Benutzerhandbuch" = EPSON Stylus Photo RX685_690 Handbuch
"FileZilla" = FileZilla (remove only)
"FreePDF_XP" = FreePDF XP (Remove only)
"GNU Ghostscript 7.05" = GNU Ghostscript 7.05
"GNU Ghostscript Fonts" = GNU Ghostscript Fonts
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"iMesh" = iMesh
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Security Task Manager" = Security Task Manager 1.7h
"Skype_is1" = Skype 3.2
"ST6UNST #1" = Arabica
"VodafoneConnector" = Vodafone Connector
"WEB.DE Club E-Mail Alarm" = WEB.DE Club E-Mail Alarm
"WEB.DE Club SmartFax" = WEB.DE Club SmartFax
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.5.3
"FoxTab Video Converter" = FoxTab Video Converter
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.05.2012 01:22:16 | Computer Name = Hatchepsut | Source = MsiInstaller | ID = 11327
Description = 
 
Error - 04.05.2012 01:22:16 | Computer Name = Hatchepsut | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 04.05.2012 01:32:56 | Computer Name = Hatchepsut | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.05.2012 01:56:35 | Computer Name = Hatchepsut | Source = Windows Backup | ID = 4104
Description = 
 
Error - 04.05.2012 01:58:06 | Computer Name = Hatchepsut | Source = Windows Backup | ID = 4104
Description = 
 
Error - 04.05.2012 01:58:18 | Computer Name = Hatchepsut | Source = Windows Backup | ID = 4104
Description = 
 
Error - 04.05.2012 03:43:05 | Computer Name = Hatchepsut | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.05.2012 03:43:07 | Computer Name = Hatchepsut | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.05.2012 03:43:07 | Computer Name = Hatchepsut | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.05.2012 06:06:29 | Computer Name = Hatchepsut | Source = Windows Backup | ID = 4104
Description = 
 
[ System Events ]
Error - 04.05.2012 01:08:25 | Computer Name = Hatchepsut | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2012 01:21:54 | Computer Name = Hatchepsut | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 04.05.2012 01:22:01 | Computer Name = Hatchepsut | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 04.05.2012 01:22:01 | Computer Name = Hatchepsut | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 04.05.2012 01:22:15 | Computer Name = Hatchepsut | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 04.05.2012 01:29:15 | Computer Name = Hatchepsut | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 04.05.2012 01:35:48 | Computer Name = Hatchepsut | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2012 01:37:00 | Computer Name = Hatchepsut | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2012 09:20:08 | Computer Name = Hatchepsut | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 04.05.2012 09:21:01 | Computer Name = Hatchepsut | Source = Service Control Manager | ID = 7001
Description = 
 
[ TuneUp Events ]
Error - 13.02.2011 06:33:17 | Computer Name = Hatchepsut | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 14.02.2011 03:55:26 | Computer Name = Hatchepsut | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 15.02.2011 02:29:24 | Computer Name = Hatchepsut | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 16.02.2011 04:36:47 | Computer Name = Hatchepsut | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 17.02.2011 03:27:37 | Computer Name = Hatchepsut | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 04.05.2012 03:42:11 | Computer Name = Hatchepsut | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-04 09:42:10', '\device\harddiskvolume3\program
 files\malwarebytes' anti-malware\mbam.exe','4848',0)
 
Error - 04.05.2012 03:42:57 | Computer Name = Hatchepsut | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-04 09:42:57', '\device\harddiskvolume3\program
 files\malwarebytes' anti-malware\mbam.exe','3824',0)
 
Error - 04.05.2012 03:43:07 | Computer Name = Hatchepsut | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-04 09:43:07', '\device\harddiskvolume3\program
 files\malwarebytes' anti-malware\mbamservice.exe','6012',0)
 
Error - 04.05.2012 03:43:07 | Computer Name = Hatchepsut | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-04 09:43:07', '\device\harddiskvolume3\program
 files\malwarebytes' anti-malware\mbamgui.exe','4888',0)
 
Error - 04.05.2012 09:18:59 | Computer Name = Hatchepsut | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2012-05-04 15:18:59', '\device\harddiskvolume3\program
 files\malwarebytes' anti-malware\mbamservice.exe','3672',0)
 
 
< End of report >
--- --- ---

Muss noch mehr gemacht werden?
Vielen Dank,
Grüsse,
S.
__________________
Geändert von Synapse6675 (04.05.2012 um 14:45 Uhr)

Alt 06.05.2012, 10:30   #4
Swisstreasure
/// Malwareteam
 
TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen? - Standard

TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?


  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110811&babsrc=HP_ss&mntrId=f6e1e90e00000000000000184d716e26
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110811&babsrc=SP_ss&mntrId=f6e1e90e00000000000000184d716e26
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=&apn_uid=0F7C28EC-44B1-46DE-8F1C-3ED6D2BC857B&apn_sauid=0A071D72-8601-436D-99C1-130D5A044015&
ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms}
IE - HKCU\..\SearchScopes\{AA4D9A93-21F1-4416-9DAB-DE6947D0C701}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&apn_uid=0F7C28EC-44B1-46DE-8F1C-3ED6D2BC857B&apn_ptnrs=U9&apn_sauid=0A071D72-8601-436D-99C1-130D5A044015&apn_dtid=&q="
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Luna.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Schafskrimi.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\samsung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen2008Neu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\RE2007Neu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\OnLocation CS3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NPS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NokiaHandy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NeroVision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Nero Recode:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My NPS Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My Art:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\MemoriesOnWeb:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Member_Texte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Logo_MCinema_Verträge.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Kontoauszüge:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\iMesh:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Ideen Movies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\GFDOutDir:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Eigene Webs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Deutsche Post AG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Catarina:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal04-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-04-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-04-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-11:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-02-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-02-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01_1012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-02-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S_Quartal03_11:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Adobe Scripts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\AbrechnungenC4S:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\WindowsEasyTransfer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\PunishedByTheGoverness_P2.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\Mozilla Firefox:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova03.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova02.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova01.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\Foto0371.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\DSC_0014.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\DreiSchmutzkinder.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\cold wind.wav:Roxio EMC Stream
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
Alt 11.05.2012, 10:42   #5
Synapse6675
 
TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen? - Standard

TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?


Sorry, für die späte Rückmeldung.
Bin mir nicht sicher, ob das das richtige File ist:

Error: Unable to interpret <OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.05.2012 07:53:05 - Run 4> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.42.2     Folder = c:\Users\MaatKaRe\Downloads> in the current context!
Error: Unable to interpret <Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.6001.19222)> in the current context!
Error: Unable to interpret <Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,01% Memory free> in the current context!
Error: Unable to interpret <4,23 Gb Paging File | 3,10 Gb Available in Paging File | 73,31% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 222,77 Gb Total Space | 88,62 Gb Free Space | 39,78% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive E: | 10,00 Gb Total Space | 3,10 Gb Free Space | 30,98% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive G: | 465,76 Gb Total Space | 46,77 Gb Free Space | 10,04% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: HATCHEPSUT | User Name: MaatKaRe | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: All users | Quick Scan> in the current context!
Error: Unable to interpret <Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - [2012.05.09 08:52:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe> in the current context!
Error: Unable to interpret <PRC - [2012.05.09 08:52:08 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe> in the current context!
Error: Unable to interpret <PRC - [2012.05.09 08:52:07 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe> in the current context!
Error: Unable to interpret <PRC - [2012.05.09 08:52:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe> in the current context!
Error: Unable to interpret <PRC - [2012.05.05 07:05:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe> in the current context!
Error: Unable to interpret <PRC - [2012.05.04 08:51:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- c:\Users\MaatKaRe\Downloads\OTL.exe> in the current context!
Error: Unable to interpret <PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe> in the current context!
Error: Unable to interpret <PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe> in the current context!
Error: Unable to interpret <PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\MaatKaRe\AppData\Roaming\Dropbox\bin\Dropbox.exe> in the current context!
Error: Unable to interpret <PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe> in the current context!
Error: Unable to interpret <PRC - [2009.11.25 07:56:59 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe> in the current context!
Error: Unable to interpret <PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE> in the current context!
Error: Unable to interpret <PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE> in the current context!
Error: Unable to interpret <PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe> in the current context!
Error: Unable to interpret <PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe> in the current context!
Error: Unable to interpret <PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe> in the current context!
Error: Unable to interpret <PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe> in the current context!
Error: Unable to interpret <PRC - [2007.05.14 11:03:20 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe> in the current context!
Error: Unable to interpret <PRC - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (No Company Name) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - [2012.05.10 06:54:28 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll> in the current context!
Error: Unable to interpret <MOD - [2012.05.05 07:05:02 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll> in the current context!
Error: Unable to interpret <MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll> in the current context!
Error: Unable to interpret <MOD - [2007.05.28 12:03:04 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - [2012.05.09 08:52:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)> in the current context!
Error: Unable to interpret <SRV - [2012.05.09 08:52:07 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)> in the current context!
Error: Unable to interpret <SRV - [2012.05.05 07:05:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)> in the current context!
Error: Unable to interpret <SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)> in the current context!
Error: Unable to interpret <SRV - [2012.03.28 00:30:06 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)> in the current context!
Error: Unable to interpret <SRV - [2011.11.16 18:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)> in the current context!
Error: Unable to interpret <SRV - [2010.12.21 19:04:59 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)> in the current context!
Error: Unable to interpret <SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)> in the current context!
Error: Unable to interpret <SRV - [2010.03.22 19:32:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)> in the current context!
Error: Unable to interpret <SRV - [2009.11.25 07:56:59 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)> in the current context!
Error: Unable to interpret <SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)> in the current context!
Error: Unable to interpret <SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)> in the current context!
Error: Unable to interpret <SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)> in the current context!
Error: Unable to interpret <SRV - [2007.09.12 14:01:12 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)> in the current context!
Error: Unable to interpret <SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)> in the current context!
Error: Unable to interpret <SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)> in the current context!
Error: Unable to interpret <SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)> in the current context!
Error: Unable to interpret <SRV - [2003.07.28 19:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Adsssvaenv)> in the current context!
Error: Unable to interpret <DRV - [2012.05.09 08:52:14 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)> in the current context!
Error: Unable to interpret <DRV - [2012.05.09 08:52:14 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)> in the current context!
Error: Unable to interpret <DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)> in the current context!
Error: Unable to interpret <DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)> in the current context!
Error: Unable to interpret <DRV - [2010.12.21 07:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)> in the current context!
Error: Unable to interpret <DRV - [2010.12.21 07:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)> in the current context!
Error: Unable to interpret <DRV - [2010.12.21 07:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)> in the current context!
Error: Unable to interpret <DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)> in the current context!
Error: Unable to interpret <DRV - [2009.09.05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)> in the current context!
Error: Unable to interpret <DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)> in the current context!
Error: Unable to interpret <DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)> in the current context!
Error: Unable to interpret <DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)> in the current context!
Error: Unable to interpret <DRV - [2008.01.19 07:53:28 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)> in the current context!
Error: Unable to interpret <DRV - [2008.01.19 07:53:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)> in the current context!
Error: Unable to interpret <DRV - [2007.06.15 19:25:46 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)> in the current context!
Error: Unable to interpret <DRV - [2007.05.28 12:03:02 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)> in the current context!
Error: Unable to interpret <DRV - [2007.05.21 13:35:14 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)> in the current context!
Error: Unable to interpret <DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)> in the current context!
Error: Unable to interpret <DRV - [2006.04.04 10:54:28 | 000,456,768 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WG311T13.sys -- (AR5211)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms}> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110811&babsrc=HP_ss&mntrId=f6e1e90e00000000000000184d716e26> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110811&babsrc=SP_ss&mntrId=f6e1e90e00000000000000184d716e26> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=&apn_uid=0F7C28EC-44B1-46DE-8F1C-3ED6D2BC857B&apn_sauid=0A071D72-8601-436D-99C1-130D5A044015&> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes\{4EFDCD40-F20B-4A5C-9C7F-C205C307E000}: "URL" = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes\{AA4D9A93-21F1-4416-9DAB-DE6947D0C701}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\SearchScopes\{F26D89B6-3868-4BC0-895A-29F4AAE2DB06}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultengine: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Ask.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.2: "1und1 Suche"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.3: "amazon.de"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.4: "WEB.DE Suche"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.selectedEngine: "LEO Deu-Eng"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.useDBForOrder: true> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: ar@dictionaries.addons.mozilla.org:2.0.20080110.1> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {E9503836-F26F-454D-BD55-25B18B483586}:1.0.8> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.8.2> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {BB359C50-BFC9-4f40-8302-3FE5A499A859}:3.6.1> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.9> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&apn_uid=0F7C28EC-44B1-46DE-8F1C-3ED6D2BC857B&apn_ptnrs=U9&apn_sauid=0A071D72-8601-436D-99C1-130D5A044015&apn_dtid=&q="> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1:  File not found> in the current context!
Error: Unable to interpret <FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.05 07:05:02 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.24 08:06:46 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.12 11:27:26 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.24 08:06:46 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.11.13 09:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Extensions> in the current context!
Error: Unable to interpret <[2010.11.13 09:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}> in the current context!
Error: Unable to interpret <[2012.05.02 18:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions> in the current context!
Error: Unable to interpret <[2011.06.15 14:20:32 | 000,000,000 | ---D | M] (Arabic spell-checking dictionary) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions\ar@dictionaries.addons.mozilla.org> in the current context!
Error: Unable to interpret <[2010.12.18 16:40:14 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions\de-AT@dictionaries.addons.mozilla.org> in the current context!
Error: Unable to interpret <[2010.10.06 09:18:24 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions\en-US@dictionaries.addons.mozilla.org> in the current context!
Error: Unable to interpret <[2012.04.16 08:23:29 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\MaatKaRe\AppData\Roaming\mozilla\Firefox\Profiles\ja7luem5.default\extensions\info@djzig.com> in the current context!
Error: Unable to interpret <[2008.06.08 08:10:11 | 000,002,341 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\anderes-wortde.xml> in the current context!
Error: Unable to interpret <[2007.08.21 19:48:27 | 000,001,963 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\de-en-beolingus.xml> in the current context!
Error: Unable to interpret <[2010.05.17 08:17:38 | 000,002,101 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\googlede.xml> in the current context!
Error: Unable to interpret <[2012.03.10 09:48:19 | 000,001,831 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\leo-deu-eng.xml> in the current context!
Error: Unable to interpret <[2010.09.17 08:37:02 | 000,005,588 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\webde-suche.xml> in the current context!
Error: Unable to interpret <[2012.01.29 10:10:55 | 000,002,440 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\Mozilla\Firefox\Profiles\ja7luem5.default\searchplugins\wikibooks-de.xml> in the current context!
Error: Unable to interpret <[2012.03.18 08:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2009.07.24 13:37:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru> in the current context!
Error: Unable to interpret <[2011.12.23 10:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions> in the current context!
Error: Unable to interpret <[2011.12.23 10:37:07 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de> in the current context!
Error: Unable to interpret <() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI> in the current context!
Error: Unable to interpret <() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI> in the current context!
Error: Unable to interpret <() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\CONTEXTMENUEXTENSION@LEO.ORG.XPI> in the current context!
Error: Unable to interpret <() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI> in the current context!
Error: Unable to interpret <() (No name found) -- C:\USERS\MAATKARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JA7LUEM5.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI> in the current context!
Error: Unable to interpret <[2009.07.02 10:01:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION> in the current context!
Error: Unable to interpret <[2012.05.05 07:05:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll> in the current context!
Error: Unable to interpret <[2012.03.12 13:59:07 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll> in the current context!
Error: Unable to interpret <[2011.12.17 03:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml> in the current context!
Error: Unable to interpret <[2012.03.18 10:53:59 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml> in the current context!
Error: Unable to interpret <[2011.12.17 03:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2011.12.17 03:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml> in the current context!
Error: Unable to interpret <[2011.12.17 03:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml> in the current context!
Error: Unable to interpret <[2011.12.17 03:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml> in the current context!
Error: Unable to interpret <[2011.12.17 03:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1       localhost> in the current context!
Error: Unable to interpret <O1 - Hosts: ::1             localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: []  File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Arabica] C:\Programme\Arabica\Astart.exe (Arabica Online)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\MaatKaRe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MaatKaRe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O15 - HKU\S-1-5-21-1602687600-2271198525-3877034382-1000\..Trusted Ranges: GD ([http] in Local intranet)> in the current context!
Error: Unable to interpret <O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)> in the current context!
Error: Unable to interpret <O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab (WEBDE Fotoalbum Upload Control)> in the current context!
Error: Unable to interpret <O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (Steuerung des DownloadManager )> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C3CF26F-FC33-4219-A8F8-4D701AD87C81}: DhcpNameServer = 192.168.1.1> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F0FB4CA-D270-4BB5-9A26-2CB1C41696E0}: DhcpNameServer = 192.168.1.1> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O24 - Desktop WallPaper: C:\Users\MaatKaRe\Desktop\wahiba.jpg> in the current context!
Error: Unable to interpret <O24 - Desktop BackupWallPaper: C:\Users\MaatKaRe\Desktop\wahiba.jpg> in the current context!
Error: Unable to interpret <O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{798c0706-ec52-11dd-8990-00184d716e26}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *)> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)> in the current context!
Error: Unable to interpret <O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.05.05 07:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla> in the current context!
Error: Unable to interpret <[2012.05.05 07:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service> in the current context!
Error: Unable to interpret <[2012.05.04 09:41:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[2012.05.04 09:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret <[2012.05.03 17:29:19 | 000,000,000 | -H-D | C] -- C:\Users\MaatKaRe\AppData\Roaming\55F2405F> in the current context!
Error: Unable to interpret <[2012.04.22 18:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung PC Studio 3> in the current context!
Error: Unable to interpret <[2012.04.22 17:33:46 | 000,000,000 | ---D | C] -- C:\Users\MaatKaRe\AppData\Roaming\Temp> in the current context!
Error: Unable to interpret <[2012.04.22 16:54:10 | 000,000,000 | ---D | C] -- C:\Users\MaatKaRe\AppData\Local\Samsung> in the current context!
Error: Unable to interpret <[2012.04.22 16:53:23 | 000,000,000 | ---D | C] -- C:\Users\MaatKaRe\Documents\samsung> in the current context!
Error: Unable to interpret <[2012.04.22 16:52:02 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys> in the current context!
Error: Unable to interpret <[2012.04.22 16:52:02 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys> in the current context!
Error: Unable to interpret <[2012.04.22 16:52:02 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys> in the current context!
Error: Unable to interpret <[2012.04.22 16:52:02 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys> in the current context!
Error: Unable to interpret <[2012.04.22 16:52:02 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys> in the current context!
Error: Unable to interpret <[2012.04.22 16:52:02 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys> in the current context!
Error: Unable to interpret <[2012.04.22 16:52:02 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys> in the current context!
Error: Unable to interpret <[2012.04.22 16:49:25 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll> in the current context!
Error: Unable to interpret <[2012.04.22 16:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny> in the current context!
Error: Unable to interpret <[2012.04.22 16:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung> in the current context!
Error: Unable to interpret <[2012.04.11 10:00:45 | 000,000,000 | ---D | C] -- C:\Users\MaatKaRe\Documents\C4S-Quartal-01_1012> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.05.11 07:45:18 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job> in the current context!
Error: Unable to interpret <[2012.05.11 07:45:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2012.05.11 07:41:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.05.11 07:41:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2012.05.11 07:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2012.05.10 19:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <[2012.05.10 11:58:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job> in the current context!
Error: Unable to interpret <[2012.05.10 11:18:13 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8DD861A7-3150-45B1-824A-0F26F6824FF2}.job> in the current context!
Error: Unable to interpret <[2012.05.10 08:41:26 | 000,101,806 | ---- | M] () -- C:\Users\MaatKaRe\Desktop\1.jpg> in the current context!
Error: Unable to interpret <[2012.05.09 08:52:14 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys> in the current context!
Error: Unable to interpret <[2012.05.09 08:52:14 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys> in the current context!
Error: Unable to interpret <[2012.05.08 09:40:01 | 000,005,368 | ---- | M] () -- C:\Users\MaatKaRe\Desktop\PwdGen.ini> in the current context!
Error: Unable to interpret <[2012.05.07 09:30:15 | 000,042,496 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2012.05.05 06:38:14 | 000,000,131 | ---- | M] () -- C:\Users\MaatKaRe\AppData\Roaming\mbam.context.scan> in the current context!
Error: Unable to interpret <[2012.05.04 09:42:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context!
Error: Unable to interpret <[2012.05.02 08:10:52 | 000,126,271 | ---- | M] () -- C:\Users\MaatKaRe\Documents\Kontoauszug_1002907770-2010_009.pdf> in the current context!
Error: Unable to interpret <[2012.05.02 08:09:13 | 000,128,474 | ---- | M] () -- C:\Users\MaatKaRe\Documents\Kontoauszug_1002907770-2010_008.pdf> in the current context!
Error: Unable to interpret <[2012.04.23 09:28:15 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat> in the current context!
Error: Unable to interpret <[2012.04.23 09:28:15 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat> in the current context!
Error: Unable to interpret <[2012.04.23 09:28:15 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat> in the current context!
Error: Unable to interpret <[2012.04.23 09:28:15 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat> in the current context!
Error: Unable to interpret <[2012.04.22 18:52:56 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt> in the current context!
Error: Unable to interpret <[2012.04.20 13:01:11 | 000,000,104 | ---- | M] () -- C:\Users\MaatKaRe\Computer - Verknüpfung.lnk> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.05.10 08:41:11 | 000,101,806 | ---- | C] () -- C:\Users\MaatKaRe\Desktop\1.jpg> in the current context!
Error: Unable to interpret <[2012.05.05 06:38:14 | 000,000,131 | ---- | C] () -- C:\Users\MaatKaRe\AppData\Roaming\mbam.context.scan> in the current context!
Error: Unable to interpret <[2012.05.04 09:42:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk> in the current context!
Error: Unable to interpret <[2012.05.02 08:10:52 | 000,126,271 | ---- | C] () -- C:\Users\MaatKaRe\Documents\Kontoauszug_1002907770-2010_009.pdf> in the current context!
Error: Unable to interpret <[2012.05.02 08:09:13 | 000,128,474 | ---- | C] () -- C:\Users\MaatKaRe\Documents\Kontoauszug_1002907770-2010_008.pdf> in the current context!
Error: Unable to interpret <[2012.04.22 18:48:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt> in the current context!
Error: Unable to interpret <[2012.04.20 13:01:11 | 000,000,104 | ---- | C] () -- C:\Users\MaatKaRe\Computer - Verknüpfung.lnk> in the current context!
Error: Unable to interpret <[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll> in the current context!
Error: Unable to interpret <[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll> in the current context!
Error: Unable to interpret <[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll> in the current context!
Error: Unable to interpret <[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll> in the current context!
Error: Unable to interpret <[2012.03.21 10:17:31 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc> in the current context!
Error: Unable to interpret <[2012.03.21 10:14:22 | 000,436,736 | ---- | C] () -- C:\Windows\System32\setup.exe> in the current context!
Error: Unable to interpret <[2010.12.21 08:30:49 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll> in the current context!
Error: Unable to interpret <[2010.12.21 08:30:49 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2012.05.03 17:33:18 | 000,000,000 | -H-D | M] -- C:\Users\MaatKaRe\AppData\Roaming\55F2405F> in the current context!
Error: Unable to interpret <[2008.11.22 14:57:48 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\ameCache> in the current context!
Error: Unable to interpret <[2012.03.18 10:53:51 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Babylon> in the current context!
Error: Unable to interpret <[2012.05.11 07:46:22 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Dropbox> in the current context!
Error: Unable to interpret <[2012.01.29 10:04:53 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\DVDVideoSoft> in the current context!
Error: Unable to interpret <[2008.10.06 08:43:26 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\EPSON> in the current context!
Error: Unable to interpret <[2012.05.09 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\FileZilla> in the current context!
Error: Unable to interpret <[2009.08.25 12:52:29 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Locktime> in the current context!
Error: Unable to interpret <[2011.01.15 09:20:04 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Nokia> in the current context!
Error: Unable to interpret <[2012.02.28 20:09:21 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Opera> in the current context!
Error: Unable to interpret <[2009.06.04 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\PC Suite> in the current context!
Error: Unable to interpret <[2012.04.22 18:49:00 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Samsung> in the current context!
Error: Unable to interpret <[2009.07.22 10:12:12 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\StarOffice8> in the current context!
Error: Unable to interpret <[2012.04.22 17:35:44 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Temp> in the current context!
Error: Unable to interpret <[2007.08.31 10:44:53 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Template> in the current context!
Error: Unable to interpret <[2010.11.13 09:51:23 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Thunderbird> in the current context!
Error: Unable to interpret <[2010.11.25 16:10:20 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\TuneUp Software> in the current context!
Error: Unable to interpret <[2009.08.25 13:10:02 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\Uniblue> in the current context!
Error: Unable to interpret <[2010.09.16 07:16:35 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\WEB.DE> in the current context!
Error: Unable to interpret <[2008.03.12 15:32:43 | 000,000,000 | ---D | M] -- C:\Users\MaatKaRe\AppData\Roaming\WEBDE> in the current context!
Error: Unable to interpret <[2012.05.11 07:45:18 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job> in the current context!
Error: Unable to interpret <[2012.05.11 07:40:55 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT> in the current context!
Error: Unable to interpret <[2012.05.10 11:18:13 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8DD861A7-3150-45B1-824A-0F26F6824FF2}.job> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Luna.jpg:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Schafskrimi.wav:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\samsung:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen2009:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen2008Neu:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen 2008:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen 2007:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\RE2007Neu:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\OnLocation CS3:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NPS:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NokiaHandy:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NeroVision:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Nero Recode:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My Received Files:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My NPS Files:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My Art:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\MemoriesOnWeb:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Member_Texte:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Logo_MCinema_Verträge.jpg:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Kontoauszüge:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\iMesh:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Ideen Movies:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\GFDOutDir:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Eigene Webs:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Deutsche Post AG:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Catarina:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal04-10:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-04-09:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-04-08:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-11:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-10:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-09:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-08:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-02-10:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-02-08:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-2012:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-10:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-09:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01_1012:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-02-09:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S_Quartal03_11:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Adobe:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Adobe Scripts:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\AbrechnungenC4S:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\Mozilla Firefox:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\DSC_0014.jpg:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\cold wind.wav:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\1.jpg:Roxio EMC Stream> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1> in the current context!
Error: Unable to interpret << End of report >
--- --- ---
> in the current context!

OTL by OldTimer - Version 3.2.42.2 log created on 05112012_113822


Bin ich sauber

Danke im voraus
S.

PS: es funktioniert alles und Malewarebytes und Avira haben nichts mehr zu meckern.

Geändert von Synapse6675 (11.05.2012 um 10:48 Uhr)

Alt 11.05.2012, 19:52   #6
Swisstreasure
/// Malwareteam
 
TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen? - Standard

TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?


Du hast dies völlig falsch gemacht. Du must diesen Text in das Texfeld kopieren, nicht das ganze Log!!

Zitat:
:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=110811&babsrc=HP_ss&mntrId=f6e1e90e00000000000000184d716e26
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110811&babsrc=SP_ss&mntrId=f6e1e90e00000000000000184d716e26
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U9&apn_dtid=&apn_uid=0F7C28EC-44B1-46DE-8F1C-3ED6D2BC857B&apn_sauid=0A071D72-8601-436D-99C1-130D5A044015&
ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms}
IE - HKCU\..\SearchScopes\{AA4D9A93-21F1-4416-9DAB-DE6947D0C701}: "URL" = hxxp://search.ebay.de/search/search.dll?satitle={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&apn_uid=0F7C28EC-44B1-46DE-8F1C-3ED6D2BC857B&apn_ptnrs=U9&apn_sauid=0A071D72-8601-436D-99C1-130D5A044015&apn_dtid=&q="
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Luna.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Schafskrimi.wav:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\samsung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen2009:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen2008Neu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Rechnungen 2007:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\RE2007Neu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\OnLocation CS3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NPS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NokiaHandy:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\NeroVision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Nero Recode:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My NPS Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\My Art:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\MemoriesOnWeb:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Member_Texte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Logo_MCinema_Verträge.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Kontoauszüge:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\iMesh:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Ideen Movies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\GFDOutDir:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Eigene Webs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Deutsche Post AG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Catarina:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal04-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-04-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-04-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-11:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-03-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-02-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-02-08:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-2012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-10:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-Quartal-01_1012:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S-02-09:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\C4S_Quartal03_11:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Adobe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\Adobe Scripts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Documents\AbrechnungenC4S:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\WindowsEasyTransfer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\PunishedByTheGoverness_P2.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\Mozilla Firefox:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova03.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova02.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\GiacomoCansanova01.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\Foto0371.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\DSC_0014.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\DreiSchmutzkinder.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\MaatKaRe\Desktop\cold wind.wav:Roxio EMC Stream
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP1B5B4F1
:Commands
[purity]
[emptytemp]

Antwort

Themen zu TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?
appdata, avira, browser, dateien, entferne, entfernen, festgestellt, local, logfiles, minute, minuten, minutentakt, nicht mehr, poste, posten, problem, quarantäne, sitzt, surfe, temp, tr/crypt/xpack.gen2 browser geht nicht, update, updaten, users, verschieben, virus, virus entfernen, warum, wie entfernen, wie entfernen?


« Die von Ihnen verwendete Windows Lizenz ist abgelaufen | Dauerhafte CPU Auslastung, PC Verlangsamt & Sound ruckelt - mögl. Virus ? »


Ähnliche Themen: TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?


  1. TR/Crypt.XPACK.Gen2 entfernen?
    Log-Analyse und Auswertung - 10.04.2014 (9)
  2. TR/Sirefef.BP.1, TR/Crypt.XPACK.Gen, TR/Rootkit.Gen2 und Avira bekommt es nicht weg
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (16)
  3. Trojaner Crypt.XPACK.Gen2/3/8 lässt mich nicht in Ruhe
    Log-Analyse und Auswertung - 09.02.2012 (3)
  4. 'TR/Crypt.XPACK.Gen2' [trojan] von Avira Antivir gefunden, taucht nach entfernen wieder auf
    Log-Analyse und Auswertung - 29.09.2011 (21)
  5. TR/Crypt.XPACK.Gen2, antivir kann ihn nicht beseitigen...
    Log-Analyse und Auswertung - 24.09.2011 (2)
  6. TR/Crypt.XPACK.Gen2 - oder doch nicht?
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (24)
  7. starkes schwächeln,Rapider leistungsabfall+nicht mehr zu findender TR/Crypt.XPACK.Gen2
    Log-Analyse und Auswertung - 15.05.2011 (16)
  8. ADSPY/AdSpy.Gen2, TR/Crypt.XPACK.Gen2 u.a. , lassen sich nicht entfernen
    Log-Analyse und Auswertung - 06.05.2011 (9)
  9. Spaß mit TR/ATRAPS.Gen2, TR/Kazy.mekml.1 und Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (1)
  10. TR/Crypt.XPACK.Gen2, TR/Hiloti, und weitere Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 21.11.2010 (5)
  11. TR Crypt.xpack -> Internet-Browser nicht mehr funktionsfähig
    Plagegeister aller Art und deren Bekämpfung - 20.11.2010 (30)
  12. TR/Trash.Gen // TR/Spy.Agent.blbk // TR/Rootkit.Gen2' // TR/BHO.Gen // TR/Crypt.XPACK.Gen2' et al
    Antiviren-, Firewall- und andere Schutzprogramme - 05.11.2010 (16)
  13. TR/Crypt.XPACK.Gen2 aus dem System entfernen?
    Plagegeister aller Art und deren Bekämpfung - 21.10.2010 (3)
  14. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  15. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  16. Trojaner TR/Crypt.XPACK.Gen2 lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (1)
  17. TR/Crypt.XPACK.Gen2 Weis nicht weiter!
    Plagegeister aller Art und deren Bekämpfung - 02.12.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen? - Hallo, mein Avira hat den TR/Crypt/XPACK.Gen2 festgestellt, nach verschieben in Quarantäne kommt das Ding im Minutentakt immer wieder. Das Problem, warum ich keine Logfiles etc posten kann, meine Browser gehen - TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen?...
Archiv
Du betrachtest: TR/Crypt/XPACK.Gen2 Browser gehen nicht, wie entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129