| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.07.2012, 19:38
| #1 |
| |  TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? Am 10.07.12 wurde mir beim Surfen der Download einer pdf-Datei mit der vierstelligen Nummer als Titel zum Download angeboten. Da mir das unseriös vorkam, da ich kein Download angefordert hatte habe ich rechts oben im Dialogfeld das weiße Kreuz auf rotem Quadrat geklickt , um das Dialogfeld zu schliessen. Meine Vermutung: Genau mit diesem Vorgang habe ich mir die Malware auf den Rechner geladen, denn wenige Sekunden später meldete mein aktuelles Avira Free Antivirus den Schädling TR/Crypt.ZPack.Gen8 und nahm ihn in Quarantäne. Daraufhin lies ich den Spywareterminator 2012, CCleaner und Malwarebytes durchlaufen. Ich bin mir nicht sicher, ob mein Rechner zuvor "clean"war: Zuvor meldete mir Avira am 17.6.12 beim Update von phonostar die Datei APPL/Yabector.Gen5 und nahm diesen in Quarantäne, wo er jetzt noch mit dem TR/Crypt.ZPack.Gen8 liegt. Zuvor hatte ich am 29.02.12 vermutlich das Bundespolizei-Virus. Die Dateien dazu, die Malwarebytes an diesem Tag um 09:03 in Quarantäne nahm, sind PUM.HiJack.StartMenu und Malware.Trace. Ach ja- seit Längerem habe ich noch eine Amazon Toolbar in der Systemsteuereung unter Programmen stehen, kann sie aber nicht entfernen. Probleme mit der Rechnergeschwindigkeit oder sonstige verdächtige Vorkommnisse hatte ich in den letzten Monaten seit Februar nicht. Nun bin ich aber doch stutzig geworden, ob die o.g. Vorkommnisse zusammenhängen. Ich würde gerne wissen, was ich mit den Dateien machen soll, die sich in Quarantäne von AntiVir und Malwarebytes befinden. Welche minimalen bzw. welche sicheren Maßnahmen empfehlt ihr? Logs von OTL, Malwarebytes und GMER habe ich angehängt. Ich danke euch jetzt schon für euren fachkundigen Rat! --------- OTL logfile created on: 10.07.2012 17:50:02 - Run 4 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Program Files\Hilfsprogramme\OTL Oldtimer Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,91% Memory free 4,23 Gb Paging File | 2,72 Gb Available in Paging File | 64,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 258,05 Gb Total Space | 168,91 Gb Free Space | 65,46% Space Free | Partition Type: NTFS Drive D: | 7,97 Gb Total Space | 0,97 Gb Free Space | 12,17% Space Free | Partition Type: NTFS Drive X: | 160,09 Gb Total Space | 53,28 Gb Free Space | 33,28% Space Free | Partition Type: NTFS Drive Y: | 39,65 Gb Total Space | 10,61 Gb Free Space | 26,77% Space Free | Partition Type: NTFS Computer Name: 03-PC | User Name: chronos | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\RAUM_1\Desktop\Defogger.exe () PRC - C:\Programme\Hilfsprogramme\OTL Oldtimer\OTL.exe (OldTimer Tools) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== MOD - C:\Users\RAUM_1\Desktop\Defogger.exe () MOD - C:\Programme\Hilfsprogramme\WinRAR\RarExt.dll () MOD - C:\Programme\Hilfsprogramme\DiskDefrag\Auslogics Disk Defrag\ausshellext.dll () MOD - C:\Programme\Common Files\Acronis\Common\gc.dll () ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Macromedia Licensing Service) -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe () SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Viewpoint Service) -- C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) ========== Driver Services (SafeList) ========== DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {307E6955-6CF9-4791-A645-558FBCD6A46B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.* IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox10\components [2012.05.03 09:08:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox10\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox 13\components [2012.06.10 11:21:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox 13\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox7\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox7\plugins [2008.09.02 12:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Extensions [2012.02.29 13:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions [2010.06.24 15:25:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.17 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.10 11:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions [2012.06.10 11:21:55 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.04.23 22:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox10\extensions [2012.05.03 09:08:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox10\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.02.29 13:05:57 | 000,773,933 | ---- | M] () (No name found) -- C:\USERS\CHRONOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQNN3MJF.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.03.05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.04.10 17:10:06 | 000,312,259 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10751 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (TBSB03603 Class) - {5C9BE6C7-015B-4C06-BDB8-205163FA5F2C} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Programme\Copernic\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000..\Run: [Vidalia] C:\Program Files\Hilfsprogramme\vidaliaBundle\Vidalia Bundle\Vidalia\vidalia.exe () O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004..\Run: [RfxSrvTray] "C:\Program Files\RadioFX\Tobit Radio.fx\Client\rfx-tray.exe" File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes\161\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = File not found O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24DD98CD-B228-4DFA-91EA-1A3FEB3250F2}: NameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.08 21:39:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.06.14 15:12:55 | 000,182,852 | ---- | M] () - X:\autokosten betriebsausgabe test.pdf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.10 11:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2009.12.03 23:30:22 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vcredist_x86.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.07.10 17:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job [2012.07.10 17:47:49 | 000,000,000 | ---- | M] () -- C:\Users\chronos\defogger_reenable [2012.07.10 16:49:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 16:49:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.10 08:48:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.10 08:48:46 | 2143,879,168 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 10:36:40 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2012.07.04 16:30:40 | 000,638,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.04 16:30:40 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.04 16:30:40 | 000,130,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.04 16:30:40 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.14 10:19:23 | 000,708,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.10 17:47:49 | 000,000,000 | ---- | C] () -- C:\Users\chronos\defogger_reenable [2012.07.05 10:35:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2012.02.28 17:05:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2010.09.06 20:26:43 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.02.17 21:59:15 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.02.17 21:59:06 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.16 13:00:32 | 000,001,074 | RH-- | C] () -- C:\Users\chronos\XrxWm.ini [2008.10.16 13:00:31 | 000,000,522 | RH-- | C] () -- C:\Users\chronos\xw45cpdy.dyc [2007.08.11 21:41:08 | 000,000,086 | ---- | C] () -- C:\Users\chronos\AppData\Roaming\wklnhst.dat [2007.08.10 20:03:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.08.09 18:36:21 | 000,000,680 | RHS- | C] () -- C:\Users\chronos\ntuser.pol [2007.08.09 15:23:34 | 000,007,680 | ---- | C] () -- C:\Users\chronos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.08 16:00:41 | 000,000,095 | ---- | C] () -- C:\Users\chronos\AppData\Local\fusioncache.dat ========== LOP Check ========== [2007.09.08 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ACD Systems [2007.08.09 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Acronis [2008.11.11 11:23:06 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Alien Skin [2008.01.08 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ASCOMP Software [2012.01.29 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Auslogics [2009.02.04 10:18:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Copernic [2007.08.08 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DataDesign [2010.06.25 09:37:13 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DeepBurner [2010.07.13 08:33:56 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\JAM Software [2008.03.31 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\McNeel [2010.03.14 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\OpenOffice.org [2011.01.13 23:21:29 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar GmbH [2009.10.02 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar-Player [2012.02.28 16:43:28 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Spyware Terminator [2007.08.11 21:41:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Template [2011.05.31 16:13:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Tobit [2008.05.16 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\WinBatch [2007.09.08 22:15:37 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\ACD Systems [2012.02.01 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Auslogics [2012.07.08 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Canon [2008.10.16 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\CDZilla [2009.02.04 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Copernic [2007.08.15 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DataDesign [2009.06.11 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DeepBurner [2012.05.30 18:12:50 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\elsterformular [2010.07.13 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\JAM Software [2010.03.27 01:24:06 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\McNeel [2011.03.30 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia [2011.03.30 11:16:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia Ovi Suite [2009.10.15 13:49:24 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Octoshape [2010.02.10 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\OpenOffice.org [2011.03.29 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PC Suite [2012.02.01 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PeaZip [2009.10.02 10:50:59 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar GmbH [2012.06.17 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar-Player [2007.10.20 19:54:52 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Template [2010.09.06 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Tobit [2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.07.09 22:35:56 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.10 17:50:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job ========== Purity Check ========== < End of report > |
|
13.07.2012, 14:42
| #2 |
| /// Malware-holic   | TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? hi
__________________öffne mal bitte avira, poste die genaue fundmeldung, danke
__________________ |
|
13.07.2012, 20:53
| #3 |
| | TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? Hallo markusg,
__________________hier die Chronik von Avira der letzten Tage: 10.07.12,10:25 In der Datei 'C:\Users\RAUM_1\AppData\Local\Temp\ffnx.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 10.07.12,10:25:23 In der Datei 'C:\Users\RAUM_1\AppData\Local\Temp\ffnx.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan] gefunden. Ausgeführte Aktion: Übergeben an Scanner 10.07.12,10:25:36 In der Datei 'C:\Users\RAUM_1\AppData\Local\Temp\ffnx.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 10.07.12,10:25:45 In der Datei 'C:\Users\RAUM_1\AppData\Local\Temp\ffnx.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 10.07.12,10:31:17 Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 68 Anzahl Verzeichnisse: 0 Anzahl Malware: 1 10.07.12,10:31:17 Die Datei 'C:\Users\RAUM_1\AppData\Local\Temp\ffnx.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55564758.qua' verschoben! Anzahl Warnungen: 0 10.07.12,14:55:37 Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 2 Anzahl Verzeichnisse: 0 Anzahl Malware: 0 Anzahl Warnungen: 0 10.07.12,10:32:12 Die Datei 'C:\Users\RAUM_1\AppData\Local\Temp\ffnx.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen8' [trojan]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden! Die Datei existiert nicht! 12.07.12, 00:38:16 Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 1493722 Anzahl Verzeichnisse: 37744 Anzahl Malware: 0 Anzahl Warnungen: 33 |
|
14.07.2012, 15:57
| #4 |
| /// Malware-holic | TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? hi Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.07.2012, 16:29
| #5 |
| | TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? Hi, hier nochmal ein aktueller scan mit OTL.txt und Extra.txt. Extra.txt wurde zunächst nicht angezeigt, hat aber nach einer Änderung der Einstellung dann geklappt. schöne Grüße OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.07.2012 16:56:22 - Run 8 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\R***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,26% Memory free 4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 258,05 Gb Total Space | 152,11 Gb Free Space | 58,95% Space Free | Partition Type: NTFS Drive D: | 7,97 Gb Total Space | 0,97 Gb Free Space | 12,17% Space Free | Partition Type: NTFS Drive X: | 160,09 Gb Total Space | 53,27 Gb Free Space | 33,27% Space Free | Partition Type: NTFS Drive Y: | 39,65 Gb Total Space | 10,61 Gb Free Space | 26,77% Space Free | Partition Type: NTFS Computer Name: 03-** | User Name: ch*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days ========== Processes (SafeList) ========== PRC - C:\Users\R***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Hilfsprogramme\WinRAR\RarExt.dll () MOD - C:\Programme\Hilfsprogramme\DiskDefrag\Auslogics Disk Defrag\ausshellext.dll () MOD - C:\Programme\Common Files\Acronis\Common\gc.dll () ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\AntiVir2012\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Macromedia Licensing Service) -- C:\Programme\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (ST2012_Svc) -- C:\Programme\Spyware Terminator\st_rsser.exe (Crawler.com) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe () SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Viewpoint Service) -- C:\Programme\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) ========== Driver Services (SafeList) ========== DRV - (PcdrNdisuio) -- system32\DRIVERS\pcdrndisuio.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (motandroidusb) -- C:\Windows\System32\drivers\motoandroid.sys (Motorola) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {307E6955-6CF9-4791-A645-558FBCD6A46B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.* IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\..\SearchScopes\{307E6955-6CF9-4791-A645-558FBCD6A46B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox10\components [2012.05.03 09:08:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox10\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox 13\components [2012.06.10 11:21:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox 13\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 20:35:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.11 08:41:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\Firefox7\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\Firefox7\plugins [2008.09.02 12:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Extensions [2012.02.29 13:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions [2010.06.24 15:25:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\chronos\AppData\Roaming\mozilla\Firefox\Profiles\wqnn3mjf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.17 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.10 11:21:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions [2012.06.10 11:21:55 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox 13\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.04.23 22:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Firefox10\extensions [2012.05.03 09:08:31 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\Firefox10\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.02.29 13:05:57 | 000,773,933 | ---- | M] () (No name found) -- C:\USERS\CHRONOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WQNN3MJF.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.03.05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.04.10 17:10:06 | 000,312,259 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10751 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (TBSB03603 Class) - {5C9BE6C7-015B-4C06-BDB8-205163FA5F2C} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Programme\Copernic\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000..\Run: [Vidalia] C:\Program Files\Hilfsprogramme\vidaliaBundle\Vidalia Bundle\Vidalia\vidalia.exe () O4 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004..\Run: [RfxSrvTray] "C:\Program Files\RadioFX\Tobit Radio.fx\Client\rfx-tray.exe" File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes\161\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found O4 - Startup: C:\Users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = File not found O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9 - Extra Button: Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Amazon Toolbar - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - Reg Error: Value error. File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-3775535589-2243066446-450567175-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24DD98CD-B228-4DFA-91EA-1A3FEB3250F2}: NameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.08 21:39:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.06.14 15:12:55 | 000,182,852 | ---- | M] () - X:\autokosten betriebsausgabe test.pdf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: phonostarTimer - hkey= - key= - C:\Programme\Phonostar-Player\phonostar-Player\phonostarTimer.exe () MsConfig - StartUpReg: Vidalia - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 180 Days ========== [2012.07.12 03:06:05 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.12 03:02:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.12 03:02:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.12 03:02:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.12 03:02:57 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.12 03:02:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.12 03:02:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.12 03:02:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 20:23:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.10 11:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.07.05 10:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012.06.22 08:23:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.22 08:23:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.22 08:22:17 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.22 08:22:17 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.22 08:22:17 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.22 08:21:26 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.22 08:21:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.05.30 18:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.05.30 18:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.05.30 16:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Elster Formular [2012.05.10 14:17:12 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.05.10 14:17:12 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.05.10 14:17:11 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.05.10 14:17:11 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.05.10 14:17:11 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.05.10 14:17:05 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.05.10 14:17:05 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.05.03 09:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.03 09:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.02 15:57:47 | 000,000,000 | ---D | C] -- C:\Aufnahmen [2012.03.31 06:40:46 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.03.14 12:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.14 08:50:39 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.03.08 11:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2012.03.08 11:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared [2012.03.08 11:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia [2012.03.08 11:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia [2012.03.08 11:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Macromedia [2012.03.05 19:08:55 | 000,000,000 | ---D | C] -- C:\EPSON [2012.03.01 11:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012.03.01 11:42:26 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2012.03.01 11:42:14 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2012.03.01 11:42:14 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2012.03.01 11:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real [2012.03.01 11:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012.03.01 11:32:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.03.01 11:32:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.03.01 11:32:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.02.29 16:33:55 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Avira [2012.02.29 16:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.29 16:28:12 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.29 16:28:12 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.02.29 16:28:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.02.29 16:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.02.29 14:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\AntiVir2012 [2012.02.29 11:00:47 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Malwarebytes [2012.02.29 11:00:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.28 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Spyware Terminator [2012.02.28 16:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2012.02.28 16:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2012.02.28 16:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2012.02.01 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.02.01 12:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\VLCmediaplayer2 [2012.02.01 12:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip [2012.02.01 12:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\PeaZip [2012.02.01 12:01:34 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\WinRAR [2012.02.01 12:01:34 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.02.01 12:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.02.01 11:50:56 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Tor [2012.02.01 11:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle [2012.02.01 11:50:55 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Vidalia [2012.02.01 11:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.01.29 22:40:15 | 000,000,000 | ---D | C] -- C:\Users\chronos\AppData\Roaming\Auslogics [2012.01.29 22:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [2009.12.03 23:30:22 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vcredist_x86.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 180 Days ========== [2012.07.15 16:55:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job [2012.07.15 15:18:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 15:18:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.15 10:31:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.15 10:31:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.15 09:18:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.15 09:18:36 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys [2012.07.12 03:27:24 | 000,708,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.07.10 17:47:49 | 000,000,000 | ---- | M] () -- C:\Users\chronos\defogger_reenable [2012.07.05 10:36:40 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2012.07.04 16:30:40 | 000,638,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.04 16:30:40 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.04 16:30:40 | 000,130,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.04 16:30:40 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.13 15:40:21 | 002,047,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.02 10:33:25 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.06.02 10:25:03 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.06.02 10:23:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.06.02 10:21:51 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.06.02 10:20:33 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.06.02 10:16:52 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.06.02 10:14:19 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.06.02 02:03:42 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.05.08 15:50:55 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.08 15:50:55 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.04.15 10:02:29 | 000,000,806 | ---- | M] () -- C:\CClea.lnk [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.03 10:16:12 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.04.03 10:16:11 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.03.01 16:46:01 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.03.01 16:46:01 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.03.01 11:42:26 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2012.03.01 11:42:14 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2012.03.01 11:42:14 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2012.03.01 11:42:13 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2012.03.01 11:31:52 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.03.01 11:31:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.03.01 11:31:52 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.03.01 11:31:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.02.29 16:28:31 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.29 16:08:47 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.02.29 15:44:50 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.02.29 15:41:40 | 001,069,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.02.29 14:28:53 | 000,001,898 | ---- | M] () -- C:\Users\chronos\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.29 14:28:53 | 000,001,827 | ---- | M] () -- C:\Users\chronos\Desktop\Avira DE-Cleaner.lnk [2012.02.23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.02.01 12:47:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.02.01 12:23:58 | 000,001,058 | ---- | M] () -- C:\Users\chronos\Desktop\PeaZip.lnk [2012.01.29 22:40:12 | 000,001,217 | ---- | M] () -- C:\Users\chronos\Desktop\Auslogics Disk Defrag.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.10 17:47:49 | 000,000,000 | ---- | C] () -- C:\Users\chronos\defogger_reenable [2012.07.05 10:35:43 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2012.06.10 11:21:59 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.04.15 10:02:29 | 000,000,806 | ---- | C] () -- C:\CClea.lnk [2012.02.29 16:28:31 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.29 14:28:53 | 000,001,898 | ---- | C] () -- C:\Users\chronos\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.02.29 14:28:53 | 000,001,827 | ---- | C] () -- C:\Users\chronos\Desktop\Avira DE-Cleaner.lnk [2012.02.28 17:05:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.02.28 15:46:53 | 2145,968,128 | -HS- | C] () -- C:\hiberfil.sys [2012.02.01 12:47:49 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.02.01 12:14:20 | 000,001,058 | ---- | C] () -- C:\Users\chronos\Desktop\PeaZip.lnk [2012.01.29 22:40:12 | 000,001,217 | ---- | C] () -- C:\Users\chronos\Desktop\Auslogics Disk Defrag.lnk [2010.09.06 20:26:43 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.02.17 21:59:15 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.02.17 21:59:06 | 000,064,702 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.16 13:00:32 | 000,001,074 | RH-- | C] () -- C:\Users\chronos\XrxWm.ini [2008.10.16 13:00:31 | 000,000,522 | RH-- | C] () -- C:\Users\chronos\xw45cpdy.dyc [2007.08.11 21:41:08 | 000,000,086 | ---- | C] () -- C:\Users\chronos\AppData\Roaming\wklnhst.dat [2007.08.10 20:03:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.08.09 18:36:21 | 000,000,680 | RHS- | C] () -- C:\Users\chronos\ntuser.pol [2007.08.09 15:23:34 | 000,007,680 | ---- | C] () -- C:\Users\chronos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.08 16:00:41 | 000,000,095 | ---- | C] () -- C:\Users\chronos\AppData\Local\fusioncache.dat ========== LOP Check ========== [2007.09.08 15:04:33 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ACD Systems [2007.08.09 15:53:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Acronis [2008.11.11 11:23:06 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Alien Skin [2008.01.08 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\ASCOMP Software [2012.01.29 22:40:15 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Auslogics [2009.02.04 10:18:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Copernic [2007.08.08 16:07:55 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DataDesign [2010.06.25 09:37:13 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\DeepBurner [2010.07.13 08:33:56 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\JAM Software [2008.03.31 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\McNeel [2010.03.14 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\OpenOffice.org [2011.01.13 23:21:29 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar GmbH [2009.10.02 10:38:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\phonostar-Player [2012.02.28 16:43:28 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Spyware Terminator [2007.08.11 21:41:08 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Template [2011.05.31 16:13:45 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\Tobit [2008.05.16 08:20:44 | 000,000,000 | ---D | M] -- C:\Users\chronos\AppData\Roaming\WinBatch [2007.09.08 22:15:37 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\ACD Systems [2012.02.01 18:51:18 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Auslogics [2012.07.15 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Canon [2008.10.16 15:31:00 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\CDZilla [2009.02.04 10:17:44 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Copernic [2007.08.15 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DataDesign [2009.06.11 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\DeepBurner [2012.05.30 18:12:50 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\elsterformular [2010.07.13 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\JAM Software [2010.03.27 01:24:06 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\McNeel [2011.03.30 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia [2011.03.30 11:16:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Nokia Ovi Suite [2009.10.15 13:49:24 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Octoshape [2010.02.10 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\OpenOffice.org [2011.03.29 11:37:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PC Suite [2012.02.01 12:18:11 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\PeaZip [2009.10.02 10:50:59 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar GmbH [2012.06.17 15:36:01 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\phonostar-Player [2007.10.20 19:54:52 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Template [2010.09.06 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\RAUM_1\AppData\Roaming\Tobit [2012.07.10 17:52:00 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012.07.14 22:43:33 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.15 16:55:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.05.13 14:24:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.05.02 15:57:47 | 000,000,000 | ---D | M] -- C:\Aufnahmen [2012.02.27 23:50:42 | 000,000,000 | ---D | M] -- C:\Aufnahmen von LwX [2010.02.17 22:47:15 | 000,000,000 | -HSD | M] -- C:\Boot [2008.02.22 20:02:28 | 000,000,000 | -H-D | M] -- C:\CanoScan [2010.05.24 12:59:59 | 000,000,000 | ---D | M] -- C:\Diverses -aus Ordner C verschoben [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.08.08 13:24:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.03.05 19:14:40 | 000,000,000 | ---D | M] -- C:\EPSON [2009.12.31 20:15:36 | 000,000,000 | -H-D | M] -- C:\hp [2007.08.18 18:56:59 | 000,000,000 | ---D | M] -- C:\Lexware [2010.11.14 14:28:16 | 000,000,000 | ---D | M] -- C:\löschen [2007.06.08 21:43:12 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.03.01 12:13:34 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.07.08 18:12:22 | 000,000,000 | R--D | M] -- C:\Program Files [2012.05.30 18:11:25 | 000,000,000 | -H-D | M] -- C:\ProgramData [2007.08.08 13:24:59 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.29 00:34:48 | 000,000,000 | ---D | M] -- C:\SicherungIstAufDVD [2012.07.15 16:57:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.02.21 23:39:35 | 000,000,000 | R--D | M] -- C:\Users [2010.11.05 22:37:50 | 000,000,000 | ---D | M] -- C:\vonLaCie [2012.07.12 03:25:15 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2009.12.03 23:29:34 | 004,485,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\vcredist_x86.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.13 20:52:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.13 20:52:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.02.13 20:52:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.14 14:23:05 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.14 14:23:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.03.19 15:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\hp\DRIVERS\NVIDIA_Serial_ATA\nvstor32.sys [2007.03.19 15:58:50 | 000,101,672 | ---- | M] (NVIDIA Corporation) MD5=019054D997F65358DCA63ECAE5103F97 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_1306af02\nvstor32.sys [2007.10.26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=7EBA6C9A0A295B1559EFB9062E701218 -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_0f6358b4\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.06.08 21:19:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.06.08 21:19:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes\161\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.07.10 17:47:49 | 000,000,000 | ---- | M] () -- C:\Users\chronos\defogger_reenable [2012.07.15 16:42:59 | 008,126,464 | -HS- | M] () -- C:\Users\chronos\ntuser.dat [2012.07.15 16:42:59 | 000,262,144 | -H-- | M] () -- C:\Users\chronos\ntuser.dat.LOG1 [2007.08.08 13:30:01 | 000,000,000 | -H-- | M] () -- C:\Users\chronos\ntuser.dat.LOG2 [2008.08.16 12:52:18 | 000,065,536 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{27b814f2-6b30-11dd-bff1-001bfc9b0a0f}.TM.blf [2008.08.16 12:52:18 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{27b814f2-6b30-11dd-bff1-001bfc9b0a0f}.TMContainer00000000000000000001.regtrans-ms [2008.08.16 12:52:18 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{27b814f2-6b30-11dd-bff1-001bfc9b0a0f}.TMContainer00000000000000000002.regtrans-ms [2007.08.08 15:30:39 | 000,065,536 | -HS- | M] () -- C:\Users\chronos\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2007.08.08 15:30:39 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2007.08.08 15:30:39 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2012.07.15 10:31:30 | 000,065,536 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{93aef1f1-3ebe-11de-bb1a-001bfc9b0a0f}.TM.blf [2011.08.15 21:40:08 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{93aef1f1-3ebe-11de-bb1a-001bfc9b0a0f}.TMContainer00000000000000000001.regtrans-ms [2012.07.15 10:31:30 | 000,524,288 | -HS- | M] () -- C:\Users\chronos\ntuser.dat{93aef1f1-3ebe-11de-bb1a-001bfc9b0a0f}.TMContainer00000000000000000002.regtrans-ms [2007.08.08 13:30:02 | 000,000,020 | -HS- | M] () -- C:\Users\chronos\ntuser.ini [2007.08.09 19:18:31 | 000,000,680 | RHS- | M] () -- C:\Users\chronos\ntuser.pol [2008.10.16 13:00:32 | 000,001,074 | RH-- | M] () -- C:\Users\chronos\XrxWm.ini [2008.10.16 13:00:31 | 000,000,522 | RH-- | M] () -- C:\Users\chronos\xw45cpdy.dyc < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.07.2012 16:56:22 - Run 8
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\R***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,26% Memory free
4,23 Gb Paging File | 2,93 Gb Available in Paging File | 69,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 258,05 Gb Total Space | 152,11 Gb Free Space | 58,95% Space Free | Partition Type: NTFS
Drive D: | 7,97 Gb Total Space | 0,97 Gb Free Space | 12,17% Space Free | Partition Type: NTFS
Drive X: | 160,09 Gb Total Space | 53,27 Gb Free Space | 33,27% Space Free | Partition Type: NTFS
Drive Y: | 39,65 Gb Total Space | 10,61 Gb Free Space | 26,77% Space Free | Partition Type: NTFS
Computer Name: 03-** | User Name: ch*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\Firefox10\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\Firefox10\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [Add to .7Z] -- "C:\Program Files\Hilfsprogramme\PeaZip\PeaZip\PEAZIP.EXE" "-add2multi7z" "%1" (Giorgio Tani)
Directory [Add to .ZIP] -- "C:\Program Files\Hilfsprogramme\PeaZip\PeaZip\PEAZIP.EXE" "-add2multizip" "%1" (Giorgio Tani)
Directory [Add to archive] -- "C:\Program Files\Hilfsprogramme\PeaZip\PeaZip\PEAZIP.EXE" "-add2multi" "%1" (Giorgio Tani)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLCmediaplayer2\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse path with PeaZip] -- "C:\Program Files\Hilfsprogramme\PeaZip\PeaZip\PEAZIP.EXE" "-ext2browsepath" "%1" (Giorgio Tani)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLCmediaplayer2\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DD161-1AB9-46B2-988C-6578B853306C}" = lport=138 | protocol=17 | dir=in | app=system |
"{15D42E30-C642-4ECE-8C6A-9C6EC32929FF}" = lport=445 | protocol=6 | dir=in | app=system |
"{4DDEEB1F-FEEB-42C3-B21D-582A136A42AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{98B53ECB-0A0F-4ECD-B2CC-E86509A86ECB}" = lport=139 | protocol=6 | dir=in | app=system |
"{B20790D5-6FFA-456D-949F-91B2A17CC94B}" = rport=138 | protocol=17 | dir=out | app=system |
"{C4AF2C06-E198-45D0-BB83-7178387B273D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CA3CF832-11B0-4608-BC6E-40A988EFD170}" = lport=137 | protocol=17 | dir=in | app=system |
"{D4282888-1259-4D22-B5EB-2FA601699BD0}" = rport=139 | protocol=6 | dir=out | app=system |
"{DF44EAA3-AC20-4C25-8DBD-1B3CF5631C62}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA8CE3BA-2DBA-46E3-8344-FAEADF6F75A0}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1394D289-A1ED-4FBD-95DC-0E0AA637B2DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{27A9DA49-DEF1-4890-B4AC-67770FFF556F}" = protocol=6 | dir=in | app=c:\program files\radiofx\tobit radio.fx\client\rfx-client.exe |
"{294C6094-1FBD-482A-B834-610410ED7A29}" = protocol=17 | dir=in | app=c:\program files\radiofx\tobit radio.fx\server\rfx-server.exe |
"{2E280106-3A94-4DDC-9473-1130C795511E}" = protocol=17 | dir=in | app=c:\program files\radiofx\tobit radio.fx\client\rfx-client.exe |
"{4F97DAED-6A61-417E-B9AD-2F327E049A2B}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{50645A4E-DCFB-4C89-82DB-8DF182FCF15C}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{6D484284-8A9E-4FA2-B07B-63C5C5B535A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7AC0F24D-3695-4A96-A49E-8B45E7F23DA0}" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.exe |
"{7EE3AC9A-355E-48A3-99EB-8D48AD9C15E4}" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\soffice.exe |
"{8563DE22-9512-4E50-A567-4AF0932EDA3D}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{87D548AE-E7BD-45CC-9E45-138D38E82176}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8EA18B35-31B5-4009-8879-1966837700BE}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{8EB6E539-2BF4-4270-94C9-12DFEE00CC8C}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{9E527AA6-3F76-4365-A258-4C80F8EB0AB8}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{A24CE405-B6E2-49AC-8E04-00A4707D35F2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BE8AC7B7-E101-44AA-9C93-F4CB145E9DD1}" = protocol=6 | dir=in | app=c:\program files\radiofx\tobit radio.fx\server\rfx-server.exe |
"TCP Query User{20AB0074-DC27-4DA9-BC4B-FAFA7D7A2D25}C:\program files\hilfsprogramme\phonostar\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\hilfsprogramme\phonostar\phonostar-player\phonostar.exe |
"TCP Query User{28F490B8-5013-4C41-9046-88DBA7DC8F6F}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{3AF61CCE-E505-4CF2-937D-AC45C895FD51}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{4988014D-E5C9-4893-B477-C3999568E81E}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{77D15871-9709-4B89-9C58-A95065A384F4}C:\program files\phonostar-player\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar-player\phonostar.exe |
"TCP Query User{9FE6B6FC-AE21-4686-8356-1B6E32D00423}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{AF2A335B-81A2-4CA4-B356-5333BCE69455}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{CB5D949A-B998-4D8B-9742-742EE7BEAD2D}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{E7109B46-B51A-4613-BFD9-33ECD6ED7460}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F4FE5337-F729-4486-B8C2-AE9ABA9CE05B}C:\program files\hilfsprogramme\phonostar\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\hilfsprogramme\phonostar\phonostar\ps_olect.exe |
"TCP Query User{FF361458-4A36-46CC-9DCD-BD525B609F31}C:\program files\vlc media player\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\vlc media player\vlc\vlc.exe |
"UDP Query User{051B9140-0B2D-4961-A01B-D17F74546DC2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{10093DF9-0786-456B-96FD-68859A786BE7}C:\program files\vlc media player\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\vlc media player\vlc\vlc.exe |
"UDP Query User{588996DA-84B0-4727-B685-BED959EA1F3F}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{69AFF182-E18A-4E20-9F07-6A209BCF6DDE}C:\program files\phonostar-player\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar-player\phonostar.exe |
"UDP Query User{6C8F9A62-D6E0-495C-B1FC-42D00B12F085}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{730D1183-7235-4A67-BD97-662943460710}C:\program files\hilfsprogramme\phonostar\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\hilfsprogramme\phonostar\phonostar-player\phonostar.exe |
"UDP Query User{92BC42B3-D48E-4C12-B9A6-00499CBB314F}C:\program files\hilfsprogramme\phonostar\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\hilfsprogramme\phonostar\phonostar\ps_olect.exe |
"UDP Query User{AA4AC0FC-B5BC-474F-896F-891BC3845F9B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B5C7C4CA-7CCB-4C36-9AAE-5BA6B171B824}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{E085251C-7F18-4F7F-9425-BB202D1D1F31}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{F7C87BAF-1631-499A-A1F6-EFC00296C496}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{180CAD6C-B0ED-42A9-8C4A-CF49C6682A06}_is1" = Free Screen Video Capture by Topviewsoft 1.1.7
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23CDD348-1E02-4D2C-BDF1-AEAFA3D3B9A7}" = QuickBooks Zeiterfassung
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B73B5E7-AA61-43F3-B9F4-D8BB92725B57}" = Lexware Abschreibungsrechner
"{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager
"{2FDCE696-AC14-4046-ABA1-B07071B4DDA7}" = Audials
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B0293FF-A9C4-4A41-A0D5-1302429EF0DE}" = Xara Xtreme Pro
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52067C13-0053-450C-9044-9C5226B0F913}" = Lexware online banking 3.40
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.4
"{5B9E1A73-6A74-4DAF-AF1C-DDEBD79C942E}" = Rhinoceros 4.0 SR5b
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{647319F7-7697-4B86-BBD2-36E16908EC08}" = Lexware QuickBooks 2006
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6B9DD988-5ECB-4623-BBFF-8A8F2DA3ED16}" = Rhinoceros 4.0 SR6
"{6C9844D6-8384-4217-A80F-887ECB2A3671}" = Rhino 4.0 Aktualisierungshandbuch
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{813C408A-24C4-43E2-A5DF-B683E440234F}" = funScreenScraping Client Version
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8A4DB8A1-47B5-4128-A466-CB737E83D830}" = Lexware QuickBooks PLUS 2006
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}" = Rhinoceros 4.0 SR8
"{97945F04-6009-498E-9015-8FB48437A279}" = Lexware QuickBooks 2006
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A74490C1-5466-4AFA-8E3A-9F4FE1D9CFA6}" = Lexware online banking 3.40
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC849092-6F19-4395-8860-BC3B82CAFE51}" = funScreenScraping Microsoft Systemdateien
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C475527D-AB5C-47D8-8C25-85CA3E42B5A4}" = Flamingo 2.0
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 SR4b
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D57F1897-D0F5-4E5F-99BA-80815B43283A}" = Rhinoceros 4.0 SR4
"{D686199B-882E-4550-92C4-BD99A8C295D0}" = Rhinoceros 4.0 SR5
"{D6F64D4F-B539-448E-A5D7-B57EE89193B8}" = Rhinoceros 4.0
"{D7960C39-E3FD-4B46-8E97-A1E9D128F913}" = Rhinoceros 4.0 SR3
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}" = Rhinoceros 4.0 SR9
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ECC0CADD-0491-4FB0-AAB8-5DC6C371890E}" = Rhinoceros 4.0 SR7
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Anti-Twin 2008-01-08 17.27.48" = Anti-Twin (Installation 17.06.2008)
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Camtasia Studio 3" = Camtasia Studio 3
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Cleaning Suite_is1" = Cleaning Suite v1.0
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Defraggler" = Defraggler
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"FaJo Timetool / Zeiterfassung_is1" = FaJo - TimeTool
"Flamingo 1.1 for Rhino 4.0" = Flamingo 1.1 for Rhino 4.0
"FreePDF_XP" = FreePDF XP (Remove only)
"GanttProject" = GanttProject
"GPL Ghostscript 8.61" = GPL Ghostscript 8.61
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"LastFM_is1" = Last.fm 1.5.4.27091
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"md Design Archiv 2007" = md Design Archiv 2007
"md Design Archiv 2008" = md Design Archiv 2008
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnose Tools
"Penguin 2.0" = Penguin 2.0
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.1
"PhotoStitch" = Canon Utilities PhotoStitch
"Polipo" = Polipo 1.0.4.1
"PowerArchiver" = PowerArchiver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Rhino 4.0 SR7 SDK" = Rhino 4.0 SR7 SDK
"Rhino RDK" = Rhino RDK
"Rhinoceros 3.0" = Rhinoceros 3.0
"SpeedFan" = SpeedFan (remove only)
"SSC Service Utility_is1" = SSC Service Utility v4.30
"SystemRequirementsLab" = System Requirements Lab
"TBSB03603.TBSB03603Toolbar" = Amazon Toolbar
"Tor" = Tor 0.2.2.35
"TreeSize Free_is1" = TreeSize Free V2.4
"Vidalia" = Vidalia 0.2.15
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.0-rc1-20120131-0203
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:26 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15.07.2012 04:49:27 | Computer Name = 03-PC | Source = Windows Search Service | ID = 3013
Description =
[ System Events ]
Error - 13.07.2012 02:38:37 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.07.2012 01:54:25 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.07.2012 01:54:25 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.07.2012 01:54:25 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 14.07.2012 07:28:56 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.07.2012 07:28:56 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.07.2012 07:28:56 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 15.07.2012 03:20:24 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.07.2012 03:20:24 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 15.07.2012 03:20:24 | Computer Name = 03-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
16.07.2012, 16:42
| #6 | |
| /// Malware-holic | TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? hi Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? |
|
16.07.2012, 22:18
| #7 |
| | TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? Hallo, hier ist der logfile von combofix.txt Combofix Logfile: Code:
ATTFilter ComboFix 12-07-16.01 - ch*** 16.07.2012 22:52:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1093 [GMT 2:00]
ausgeführt von:: c:\users\R**\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\Windows2000-KB829558-x86-DEU.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-16 bis 2012-07-16 ))))))))))))))))))))))))))))))
.
.
2012-07-16 06:56 . 2012-07-16 06:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{601D1F4D-65AB-4FED-B3FA-0C6FEE256536}\offreg.dll
2012-07-13 09:50 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{601D1F4D-65AB-4FED-B3FA-0C6FEE256536}\mpengine.dll
2012-07-12 01:06 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 18:23 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 18:23 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 18:23 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 18:23 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 18:23 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 18:23 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-22 06:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 06:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 06:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 06:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 06:22 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 06:22 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 06:22 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 06:21 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 06:21 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 08:31 . 2012-03-31 04:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 08:31 . 2011-10-05 20:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 13:50 . 2012-02-29 14:28 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 13:50 . 2012-02-29 14:28 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-01 14:03 . 2012-06-14 06:17 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00 . 2012-06-14 06:18 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 06:18 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 06:18 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2009-12-03 21:29 . 2009-12-03 21:30 4485976 ----a-w- c:\program files\vcredist_x86.exe
2012-06-14 22:19 . 2012-06-17 18:35 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"Vidalia"="c:\program files\Hilfsprogramme\vidaliaBundle\Vidalia Bundle\Vidalia\vidalia.exe" [2011-12-14 5407850]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1189920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1962896]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 3597416]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SpywareTerminatorShield"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480]
"avgnt"="c:\program files\AntiVir2012\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-03-01 296056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes\161\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\RAUM_1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2011-02-10 11:16 40960 ----a-w- c:\program files\Phonostar-Player\phonostar-Player\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-16 c:\windows\Tasks\User_Feed_Synchronization-{37B60842-ECE6-4F88-BD86-0EE41A85C877}.job
- c:\windows\system32\msfeedssync.exe [2011-06-23 09:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = 192.168.*.*
IE: {{0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - {0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} -
LSP: c:\windows\system32\wpclsp.dll
TCP: Interfaces\{24DD98CD-B228-4DFA-91EA-1A3FEB3250F2}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\chronos\AppData\Roaming\Mozilla\Firefox\Profiles\wqnn3mjf.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{5C9BE6C7-015B-4C06-BDB8-205163FA5F2C} - (no file)
Toolbar-{0EE3F0B3-6A98-44E2-BEC4-981E4DE63D62} - (no file)
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
AddRemove-AC3Filter - c:\program files\VLC Media Player\codecs\AC3Filter\uninstall.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
AddRemove-Cleaning Suite_is1 - c:\program files\Hilfsprogramme\Csuite\Cleaning Suite\unins000.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-Mozilla Firefox 7.0.1 (x86 de) - c:\program files\Mozilla Firefox\Firefox7\uninstall\helper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-16 23:00
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bwf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cel"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.flc"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fli"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.kar"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m15"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m1a"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m2a"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m4a"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m4b"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m4p"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m4v"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.m75"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mpv"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pics"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.qcp"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.qtpf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sfil"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sgi"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1000)
"Progid"="ACDSee 9.0.smf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sml"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.swa"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ulw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.vfw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xpm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.m2a"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pics"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.qtpf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.sfil"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-3775535589-2243066446-450567175-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3775535589-2243066446-450567175-1004)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\relog_ap.dll
.
Zeit der Fertigstellung: 2012-07-16 23:03:31
ComboFix-quarantined-files.txt 2012-07-16 21:03
.
Vor Suchlauf: 13 Verzeichnis(se), 155.370.463.232 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 155.524.816.896 Bytes frei
.
- - End Of File - - 49DAB493E435880B33784841C2CF87D7
Gruß und Dank |
|
18.07.2012, 20:21
| #8 |
| /// Malware-holic | TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.07.2012, 15:22
| #9 |
| | TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? Hallo, hier das logfile vom 19.07. darauffolgend das logfile vom 10.7., daß ich der ersten Nachricht angehängt hatte. Die in meiner ersten Nachricht von 11.07.12 beschiebenen Scdlinge befinden sich komplett noch immer in Quarantäene von Malwarebytes und Avira. Können/sollen sie dort entfernt werden? Vor Kurzem habe ich festgestellt, daß sich im Windos-Explorer unter Extras die Ordneroptionen zwar auf "versteckte Dateien und Ordner ausblenden" eingestellt sind, man dies aber trotzdem sehen kann! (...wie z.B. dem Ordner program data) dies war vor dem Durchlauf der Anti-Malwareprogramme nicht der Fall. Was kann ich tun? Dank + Gruss Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.19.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: 03-PC [Administrator] 19.07.2012 12:21:35 mbam-log-2012-07-19 (12-21-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|X:\|Y:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 628847 Laufzeit: 1 Stunde(n), 58 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) - - - Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.10.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 RAUM_1 :: 03-PC [limited] 10.07.2012 12:07:08 mbam-log-2012-07-10 (12-07-08).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 593219 Time elapsed: 5 hour(s), 37 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
| Themen zu TR/Crypt.ZPack.Gen8 aktuell - früher PUM.HiJack.StartMenu in Quarantäne - was jetzt tun ? |
| ad-aware, adobe, antivirus, appl/yabector.gen5, avg, avira, bho, defender, desktop, error, explorer, firefox, format, home, intranet, logfile, malware, nicht sicher, object, plug-in, realtek, registry, scan, schädling, searchscopes, sekunden, software, spyware, symantec, vcredist, vista |
Linear-Darstellung
