Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA-Trojaner - Der Computer ist gesperrt!

BKA-Trojaner - Der Computer ist gesperrt!


Log-Analyse und Auswertung: BKA-Trojaner - Der Computer ist gesperrt!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 03.08.2012, 17:46   #1
sonic-war
 
BKA-Trojaner - Der Computer ist gesperrt! - Standard

BKA-Trojaner - Der Computer ist gesperrt!


Hallo an alle Experten,

heute Morgen hat mich mein "Vordergrund-Bildschirm" etwas überrascht.

Überschrift das der Bundesregierung nachempfundenen Bundes Trojaners:

"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert"
ist halt nicht so ganz Deutsch aber so steht's da, nach etwas Suche bin ich hier auf das Forum aufmerksam geworden und hab auch direkt einen Scan mit "MALWAREBYTES" durchgeführt, hier ist die Logdatei:
(danach werde ich den Rechner neu starten und mit OTL by OldTimer durchforsten und das Ergebnis auch hier posten!)


(ok Logfile poste ich gleich, muss erst neu starten!)

Vielen Dank
Sascha

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.03.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
sonic-warrior :: SW_LAPTOP [Administrator]

Schutz: Deaktiviert

03.08.2012 12:55:44
mbam-log-2012-08-03 (12-55-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 457226
Laufzeit: 1 Stunde(n), 58 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iqpy.exe (Trojan.Apppatch) -> Daten: C:\Users\sonic-warrior\AppData\Roaming\Xakeyq\iqpy.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wmcodecdspps (Trojan.Cridex) -> Daten: C:\Users\sonic-warrior\AppData\Local\Microsoft\Windows\420\wmcodecdspps.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Time (Trojan.Agent) -> Daten: rundll32.exe "C:\ProgramData\OwxidbeSfazm.dll",EntryPoint -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 10
C:\Users\sonic-warrior\AppData\Roaming\Xakeyq\iqpy.exe (Trojan.Apppatch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sonic-warrior\AppData\Local\Microsoft\Windows\420\wmcodecdspps.exe (Trojan.Cridex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\downloads\MPLSetup(1).exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sonic-warrior\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sonic-warrior\AppData\Local\Temp\33866288.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sonic-warrior\AppData\Local\Temp\33869330.exe (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\n (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\sonic-warrior\Documents\Downloads\asterisk\astlog\astlog.exe (HackTool.Asterisk) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\OwxidbeSfazm.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OLT.txt
Code:
ATTFilter
OTL logfile created on: 03.08.2012 19:03:53 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\sonic-warrior\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,84% Memory free
6,18 Gb Paging File | 4,71 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 4,88 Gb Free Space | 3,39% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 122,18 Gb Free Space | 84,85% Space Free | Partition Type: NTFS
 
Computer Name: SW_LAPTOP | User Name: sonic-warrior | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\sonic-warrior\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
PRC - C:\Programme\1&1 Surf-Stick\AssistantServices.exe ()
PRC - C:\Programme\1&1 Surf-Stick\UIExec.exe ()
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll ()
MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll ()
MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll ()
MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ()
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Programme\Orbitdownloader\wtlctrl.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
MOD - C:\Programme\1&1 Surf-Stick\UIExec.exe ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll ()
MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater11.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (UI Assistant Service) -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{1B5FD3EB-9BC6-4E67-98FB-3B418CAE7E73}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={56D040F4-40CC-4887-9BD4-75F0E028FE96}&mid=b60486c4e7bb47d0a3d7d16b2f36a22a-482a46353c7a6e0c2ad6bba4d6884df62370fbb1&lang=de&ds=od011&pr=sa&d=2012-06-08 22:28:14&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\sonic-warrior\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\sonic-warrior\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\sonic-warrior\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sonic-warrior\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sonic-warrior\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.12 21:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.12 21:44:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.03.08 11:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 13:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 14:30:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 23:23:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.31 10:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 14:30:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 23:23:59 | 000,000,000 | ---D | M]
 
[2011.01.04 15:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Extensions
[2011.01.04 15:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.03 12:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions
[2011.06.28 22:57:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.02 12:23:16 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2011.06.28 22:57:46 | 000,000,000 | ---D | M] (CheckFox) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
[2009.08.18 13:42:06 | 000,000,000 | ---D | M] (CheckBoxMate) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{dc0fa143-3db3-73ee-e852-912722c852fd}
[2012.08.03 12:40:35 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.30 10:50:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(23)
[2011.09.25 19:04:56 | 000,000,000 | ---D | M] (preisspion.de) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\finder@meingutscheincode.de
[2011.06.07 01:58:53 | 000,000,000 | ---D | M] (WKW Stuff) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\WKW_Stuff@mozdev.org
[2012.04.25 19:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.18 14:30:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.15 22:33:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.17 15:37:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 13:02:55 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.17 15:37:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 15:37:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 15:37:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 15:37:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 15:37:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://isearch.avg.com/?cid={56D040F4-40CC-4887-9BD4-75F0E028FE96}&mid=b60486c4e7bb47d0a3d7d16b2f36a22a-482a46353c7a6e0c2ad6bba4d6884df62370fbb1&lang=de&ds=od011&pr=sa&d=2012-06-08 22:28:14&v=11.1.0.7&sap=hp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://isearch.avg.com/?cid={56D040F4-40CC-4887-9BD4-75F0E028FE96}&mid=b60486c4e7bb47d0a3d7d16b2f36a22a-482a46353c7a6e0c2ad6bba4d6884df62370fbb1&lang=de&ds=od011&pr=sa&d=2012-06-08 22:28:14&v=11.1.0.7&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\sonic-warrior\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\sonic-warrior\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\sonic-warrior\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: XJZ Survey Remover = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghbpbbbdbdcljgdhfpfhkpknlaefjhl\3.1.2_0\
CHR - Extension: Google-Suche = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SEO Site Tools = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\diahigjngdnkdgajdbpjdeomopbpkjjc\2.91_0\
CHR - Extension: Stream Downloader = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\eojhdpnbgmkklikppknobdghfdfcligf\1.0_0\
CHR - Extension: Uncircle Uncirclers+ = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnckobddbbbgfabnhogmncmghngohflh\1.5_0\
CHR - Extension: DivX HiQ = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Videos = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpgkkflofmonpakbihlnlloompbfald\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Social Fixer = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.741_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: SEO for Chrome = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: Google Mail = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003..\Run: [Facebook Update] C:\Users\sonic-warrior\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003..\Run: [iqpy.exe] C:\Users\sonic-warrior\AppData\Roaming\Xakeyq\iqpy.exe File not found
O4 - Startup: C:\Users\sonic-warrior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ABBBC40-5F9B-4C7C-9BFA-57B09F350444}: DhcpNameServer = 212.39.90.42 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62D1E93-79F4-4A31-B03C-1571B9347C39}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c83c3e5-03d4-11df-a8d6-002269d24bd9}\Shell - "" = AutoRun
O33 - MountPoints2\{0c83c3e5-03d4-11df-a8d6-002269d24bd9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{7a2d78fb-a6a0-11de-895d-002269d24bd9}\Shell - "" = AutoRun
O33 - MountPoints2\{7a2d78fb-a6a0-11de-895d-002269d24bd9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a2d7922-a6a0-11de-895d-002269d24bd9}\Shell - "" = AutoRun
O33 - MountPoints2\{7a2d7922-a6a0-11de-895d-002269d24bd9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.03 13:32:11 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\sonic-warrior\Desktop\OTL.exe
[2012.08.03 12:54:44 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\Malwarebytes
[2012.08.03 12:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.03 12:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.03 12:54:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.03 12:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.02 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\hellomoto
[2012.07.30 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\TEST
[2012.07.23 14:25:20 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\FOTOS
[2012.07.19 18:57:37 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\ebay
[2012.07.18 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\Artisteer
[2012.07.18 20:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2012.07.18 20:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 3
[2012.07.18 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\joomla
[2012.07.16 20:55:36 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\Xakeyq
[2012.07.16 20:55:36 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\Fazi
[2012.07.12 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\closing
[2012.07.12 03:07:57 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 03:02:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 03:02:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 03:02:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 03:02:44 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 03:02:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 03:02:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 03:02:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 17:33:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.07 12:44:00 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.07.07 12:43:59 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.07.07 12:43:59 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.07.07 12:43:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.07.07 12:43:59 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.07.07 12:43:36 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.07.07 12:43:36 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.03 18:48:36 | 000,071,749 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.03 18:48:30 | 000,071,749 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.03 18:48:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.03 18:48:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 18:48:20 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.03 18:48:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.03 18:47:15 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.03 18:44:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 18:14:21 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003UA.job
[2012.08.03 18:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.03 17:12:01 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003UA.job
[2012.08.03 14:13:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.03 14:13:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.01 23:12:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003Core.job
[2012.08.01 10:14:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003Core.job
[2012.07.29 22:06:19 | 000,047,903 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\u60311.jpg
[2012.07.28 10:16:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\sonic-warrior\Desktop\OTL.exe
[2012.07.26 22:27:01 | 000,040,717 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\markus.jpg
[2012.07.20 11:36:27 | 000,210,095 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\HI_mousepad.JPG
[2012.07.16 12:04:14 | 000,010,885 | ---- | M] () -- C:\Users\sonic-warrior\.recently-used.xbel
[2012.07.13 17:09:15 | 000,239,796 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\P1013134.jpg
[2012.07.12 03:26:20 | 000,400,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.07 20:17:35 | 000,026,924 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\Anmeldungen.ods
 
========== Files Created - No Company Name ==========
 
[2012.07.29 22:06:19 | 000,047,903 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\u60311.jpg
[2012.07.26 22:27:01 | 000,040,717 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\markus.jpg
[2012.07.21 12:46:28 | 000,013,312 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\U\80000000.@
[2012.07.21 12:46:28 | 000,001,712 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\U\00000001.@
[2012.07.20 09:36:10 | 000,210,095 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\HI_mousepad.JPG
[2012.07.16 12:04:14 | 000,010,885 | ---- | C] () -- C:\Users\sonic-warrior\.recently-used.xbel
[2012.07.13 17:07:51 | 000,239,796 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\P1013134.jpg
[2012.07.12 21:42:31 | 004,619,648 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\P1013123.JPG
[2012.07.12 21:35:50 | 004,588,281 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\P1013117.JPG
[2012.07.07 20:10:38 | 000,026,924 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\Anmeldungen.ods
[2012.06.10 01:06:46 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll
[2012.04.11 21:59:37 | 000,000,194 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2012.01.24 08:49:41 | 000,002,048 | -HS- | C] () -- C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\@
[2011.12.09 22:24:59 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.02.18 19:45:26 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.02.18 19:45:08 | 000,010,805 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Roaming\SmarThruOptions.xml
[2011.02.18 19:44:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011.02.18 19:44:13 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2011.02.18 19:44:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll
[2011.02.18 19:44:04 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2011.02.18 19:44:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2011.02.18 19:40:21 | 000,110,592 | R--- | C] () -- C:\Windows\Wiainst.exe
[2011.02.18 19:39:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2011.02.18 19:39:02 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011.02.18 19:39:02 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011.02.18 19:39:02 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011.02.18 16:13:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll
[2011.01.24 21:05:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.01.24 21:05:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.01.24 21:05:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.01.12 18:13:27 | 000,000,600 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\PUTTY.RND
[2010.10.29 02:43:56 | 000,063,488 | ---- | C] () -- C:\Windows\System32\CDASpl.dll
[2010.03.07 17:15:17 | 000,007,592 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\d3d9caps.dat
[2010.02.20 22:15:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.10 15:05:13 | 000,092,160 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.25 07:36:36 | 000,071,749 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.25 07:36:12 | 000,071,749 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== LOP Check ==========
 
[2012.08.01 23:12:00 | 000,001,148 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003Core.job
[2012.08.03 17:12:01 | 000,001,170 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003UA.job
[2012.08.03 18:47:15 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 03.08.2012 19:03:53 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\sonic-warrior\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,84% Memory free
6,18 Gb Paging File | 4,71 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 4,88 Gb Free Space | 3,39% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 122,18 Gb Free Space | 84,85% Space Free | Partition Type: NTFS
 
Computer Name: SW_LAPTOP | User Name: sonic-warrior | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera_new\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8A82E3-FB25-467E-B5A7-30BE3D0DC581}" = lport=138 | protocol=17 | dir=in | app=system | 
"{13EA71DE-862B-4A74-BD2E-D53528D06230}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2C661C94-A73C-4682-93F7-E6C0F9A26A1B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{32DDD508-5184-4D9A-9121-D4E6C8228179}" = rport=137 | protocol=17 | dir=out | app=system | 
"{37D23100-90D5-482D-892A-A8D21970D893}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3FBB5024-8DB4-4FCF-9C98-4356637138C4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4DD3C196-063D-4D69-A1E6-E727130F9532}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{584342B5-BC81-409A-B236-17278483CD02}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5F36338E-5E66-436B-9965-E642A3395866}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6D2BDDC7-5B37-4E60-95BC-921F2BDA2081}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9C14D0BB-C30D-4B37-9328-1FDF851F5A8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9F85A3D1-30BD-43B9-92D2-7DD30AD9DD9E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A75C3297-EC91-4445-BDAC-B0500CEF650E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AA31B417-EE46-4EFF-8885-12524BD02158}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C72611AF-2000-49D5-B768-91B00989F67D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D8103230-24F6-4581-9FD6-433EDD985BC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D8AC4681-D0AD-47B1-8D2F-A2C27617607C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DCAB2756-7503-4795-A1B6-FF834279B9B5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E6681B1D-D4FE-4440-BD4E-5378193C738C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F40EB487-BC14-43AB-84BA-E8ADF8011404}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F58D86-44A0-45C7-940E-4F60B0A292A3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{072BEAD4-F23F-4B94-8916-07681F41AB09}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{0B2C75CE-D27D-4CF6-A2B7-6A8FFD11038B}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{1E6DB577-F35C-4A70-8994-514CFEFBE700}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{245E3E57-BA0E-4BBC-B669-22910E64C443}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2D3345F1-1DC7-4343-96B0-75001FEAACF4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{2E02E03E-FCDB-42C6-B05A-554958841D4B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{2E4C29DA-2E14-4846-9CBF-659DBF5963C9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{316874E4-01E8-499D-8FA4-6CBF67065BB4}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{35840F05-D87F-4E77-97FE-A5E8CC03AA01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{393DBBF1-D762-4C4C-8F0C-191D4B61B4E0}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe | 
"{3C1D51EF-C78C-4E1B-9794-116EB5C22F2E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3FCE4DCF-2464-45AD-87EA-20638ED03A0C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{412F1F9B-60E8-474F-8150-F191CBA94B3B}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{445749A4-9740-4F97-97A0-30B63B13257B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{47ECA27F-8D15-4B1D-9688-E6D19FD8827F}" = protocol=17 | dir=in | app=c:\program files\opera_new\opera.exe | 
"{4A6A3898-B9AA-4043-9676-76A9592FA5BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4FEAB0AB-C834-4351-9592-94F6B846DFA3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{56AC680A-E249-4CDF-ACD4-74C3D54D7A73}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{60F81639-3395-4394-AD37-1AE2BD52F76A}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | 
"{6979CE7F-0896-4C98-8E45-A9AF534C4A79}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{706B8824-035A-4952-AB13-95D7B3E5BA4F}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe | 
"{70B8D58A-330C-42E1-ADF0-019C68F8C640}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7217C6B6-372B-463C-A3F1-E12C05CB66B3}" = dir=in | app=c:\users\sonic-warrior\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{7B1F9957-70C9-4A15-8DAA-556DFE5199D1}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | 
"{88185038-9093-4EE9-A362-2DE060D5DC8D}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | 
"{95E3D332-21A7-4793-862A-AE21348B1FF8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9D08E2A5-CE69-4589-90D0-62E83761494D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9E13EDE3-E63A-45F5-8E11-E97F5C66EF11}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A1FCABE7-61AD-4FE0-9FB5-2EAE1C889AE2}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{A7627FB3-CD0F-4696-8648-A2E5BFA4BD3D}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{AF1286B2-5FA4-40BC-A705-59CE1DCB9F63}" = protocol=17 | dir=in | app=c:\program files\opera_new\pluginwrapper\opera_plugin_wrapper.exe | 
"{B3C5D727-2D1F-4BEB-BAE5-3FBBF06FC7BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BAD98BFC-03F9-4F77-9B6B-A37C9692EE53}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe | 
"{BB0EF20C-D31A-430C-9090-4A2E7DC898D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BF5ADEE4-D752-45ED-8017-422FA5830261}" = protocol=6 | dir=in | app=c:\program files\opera_new\pluginwrapper\opera_plugin_wrapper.exe | 
"{C05F7E11-328E-4260-BDC4-85070CC47DD1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{C2E0684E-B8A1-4AA0-BC0A-4A61BBAEC942}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{C4FAA69D-800E-4809-96C6-2CFC994FC2CD}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | 
"{C9E0A85A-4DDB-4636-BD5E-9406770BDF93}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe | 
"{CA77AB0F-6129-448D-8D7D-71D5EC54014D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CB760512-6183-4E84-AD75-C085DDC75AB9}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe | 
"{D2028EED-E893-4EBD-9EE1-10F14762B881}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D2438BC7-BB4A-4CE4-B1C0-BB97351B3F57}" = protocol=6 | dir=in | app=c:\program files\opera_new\opera.exe | 
"{D661DC00-18D1-4D79-A79F-6E568CE44506}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D7DB2B5C-9716-4BAE-B62D-91C6D730F267}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{DB5B1154-CF67-4713-9516-3C839F8DD4FF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{DB75AB3A-F77B-450E-BAD4-05CFFBE949CF}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe | 
"{DE4EBC95-E075-4C9F-8276-37532ED1ADFD}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{E6E89A1F-B8B2-4308-8EE5-D7F1122FBA18}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | 
"{F9DBD0C6-FA75-4940-8EC2-B703A0A6A4BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE8B93F5-CB0A-45F8-9326-85A3B9E25469}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{1D6C0BBC-F37A-42D5-9570-A6C0F5A17623}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3C151146-FEA0-4144-995F-B521362795CA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{73B26BF9-EB51-495D-9BBE-82B7C3509D6A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{7885B946-8B13-4D56-81EA-A2C8C33821A2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{CBD7E41C-107D-4321-87F0-FBDC3B3ED393}C:\program files\opera_new\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera_new\opera.exe | 
"TCP Query User{D0236F67-3CD1-4C96-866E-95E1E1895849}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{EFBF589F-261E-49E1-88FF-76A907B1E77D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{FD4B65B9-5D97-4E2D-8262-A17334750638}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{050F3E63-8C11-467D-8E81-2C4298F8DF27}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{09BF668F-FA53-47F7-9DB7-8AA593142F41}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{13E36413-985F-419B-839A-CF92156A11E5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{26AC6088-2286-4AB4-91AE-D0DC6C11C334}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{3461E091-B07C-4630-889A-B3AB284ACE78}C:\program files\opera_new\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera_new\opera.exe | 
"UDP Query User{837C89BA-E3A0-432A-BE5B-4BFF9B5418A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A6A383BA-D03C-494A-91DC-612775CA0C0A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{F317EFDB-3B29-451D-B915-A3420DE342E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"%ProgramName%" = picture-shark 1.0
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{82C19692-571C-45D2-BAF2-278225787A35}" = ImageMixer 3 SE
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{DEB23231-0851-4E3E-A2DB-EED8A40B0883}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB52602E-CA90-430F-8BD8-F197CFAB5503}" = Web-Picture-Picker
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Artisteer 3" = Artisteer 3
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.5.0
"FLV Player" = FLV Player 2.0 (build 25)
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 5.0.6.221
"FriendBlasterPro_is1" = FriendBlasterPro
"iLivid" = iLivid
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"LameACM" = LameACM
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 1.0" = Canon MP Navigator 1.0
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.60.1185" = Opera 11.60
"Opera 12.00.1467" = Opera 12.00
"Orbit_is1" = Orbit Downloader
"PremElem70" = Adobe Premiere Elements 7.0
"ProInst" = Intel PROSet Wireless
"Recuva" = Recuva
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-1860 Series" = Samsung ML-1860 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"SmarThru PC Fax" = SmarThru PC Fax
"SuperMailer_is1" = SuperMailer 5.40
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 1.0.1
"Webcam Video Capture_is1" = Webcam Video Capture 4.8.0
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2828624098-4232976946-4174206805-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 23.05.2009 09:47:55 | Computer Name = sw_laptop | Source = avast! | ID = 33554522
Description = 
 
Error - 18.06.2009 12:50:00 | Computer Name = sw_laptop | Source = avast! | ID = 33554522
Description = 
 
Error - 13.08.2009 09:48:52 | Computer Name = sw_laptop | Source = avast! | ID = 33554522
Description = 
 
Error - 07.04.2010 21:36:43 | Computer Name = sw_laptop | Source = avast! | ID = 33554522
Description = 
 
Error - 09.08.2010 20:37:01 | Computer Name = sw_laptop | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 03.08.2012 06:38:42 | Computer Name = sw_laptop | Source = EventSystem | ID = 4609
Description = 
 
Error - 03.08.2012 06:39:33 | Computer Name = sw_laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2012 06:42:37 | Computer Name = sw_laptop | Source = LoadPerf | ID = 3001
Description = 
 
Error - 03.08.2012 06:50:36 | Computer Name = sw_laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2012 06:57:32 | Computer Name = sw_laptop | Source = LoadPerf | ID = 3001
Description = 
 
Error - 03.08.2012 12:37:13 | Computer Name = sw_laptop | Source = Perflib | ID = 1010
Description = 
 
Error - 03.08.2012 12:37:15 | Computer Name = sw_laptop | Source = Perflib | ID = 1008
Description = 
 
Error - 03.08.2012 12:37:23 | Computer Name = sw_laptop | Source = LoadPerf | ID = 3001
Description = 
 
Error - 03.08.2012 12:48:24 | Computer Name = sw_laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2012 12:54:37 | Computer Name = sw_laptop | Source = LoadPerf | ID = 3001
Description = 
 
[ System Events ]
Error - 03.08.2012 06:50:36 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 03.08.2012 06:51:14 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 03.08.2012 06:51:34 | Computer Name = sw_laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 03.08.2012 06:53:52 | Computer Name = sw_laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 03.08.2012 12:37:26 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 03.08.2012 12:48:24 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.08.2012 12:48:24 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.08.2012 12:48:24 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 03.08.2012 12:49:29 | Computer Name = sw_laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 03.08.2012 12:51:27 | Computer Name = sw_laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
so wenigstens komm ich jetzt endlich wieder auf meinen Rechner drauf, da mein Desktop etwas arg zugemüllt ist, räume ich mal etwas auf ist ein reiner Arbeitsrechner von daher sind die Daten recht wichtig !

Naja dann warte ich jetzt mal ab, was mir die Experten jetzt raten ;-)

Alt 03.08.2012, 18:27   #2
markusg
/// Malware-holic
 
BKA-Trojaner - Der Computer ist gesperrt! - Standard

BKA-Trojaner - Der Computer ist gesperrt!


hi,
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel
wenn dies erledigt ist, bittemelden.
__________________

__________________
Alt 03.08.2012, 18:40   #3
sonic-war
 
BKA-Trojaner - Der Computer ist gesperrt! - Standard

BKA-Trojaner - Der Computer ist gesperrt!


Hat kurz gedauert, aber die 17MB sind jetzt hochgeladen
__________________
Alt 03.08.2012, 18:58   #4
markusg
/// Malware-holic
 
BKA-Trojaner - Der Computer ist gesperrt! - Standard

BKA-Trojaner - Der Computer ist gesperrt!


ane, 17 mb ist zu groß
File-Upload.net - Ihr kostenloser File Hoster!
dort mal hochladen, link als private nachicht an mich
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.08.2012, 19:32   #5
markusg
/// Malware-holic
 
BKA-Trojaner - Der Computer ist gesperrt! - Standard

BKA-Trojaner - Der Computer ist gesperrt!


danke
wird der pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches genutzt?

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.08.2012, 19:59   #6
sonic-war
 
BKA-Trojaner - Der Computer ist gesperrt! - Standard

BKA-Trojaner - Der Computer ist gesperrt!


ja der Rechner wird eigentlich nur für solche Zwecke genutzt!

Online-Banking, Excel Tabellen Kalkulation und Textverarbeitung!
und sehr viel im Online Bereich (Veranstaltungsmarketing!)

Also ich hab jetzt mal ein Java update gemacht, hab gesehen das war auf einem sehr alten Softwarestand

Alt 08.08.2012, 18:00   #7
markusg
/// Malware-holic
 
BKA-Trojaner - Der Computer ist gesperrt! - Standard

BKA-Trojaner - Der Computer ist gesperrt!


hi
bitte die bank anrufen, onlinebanking sperren lassen
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu BKA-Trojaner - Der Computer ist gesperrt!
800000cb.@, avg secure search, avg security toolbar, blockiert, canon, computer, der computer ist für die verletzung, deutschland, direkt, durchgeführt, ergebnis, experte, experten, forum, gesetze, gesperrt, hacktool.asterisk, install.exe, limited.com/facebook, logdatei, logfile, malwarebytes, microsoft office 2003, morgen, msimg32.dll, neu, office 2007, officejet, plug-in, poste, posten, rechner, recuva, recycle.bin, scan, secure search, starte, starten, suche, troja, trojan.apppatch, trojan.phex.thagen, trojaners, verletzung der gesetze der bundesrepublik deutschland wurde blockiert, vtoolbarupdater, wrapper, zugemüllt


« TR/Dropper.Gen | Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland... »

Ähnliche Themen: BKA-Trojaner - Der Computer ist gesperrt!


  1. GVU Computer gesperrt Trojaner
    Log-Analyse und Auswertung - 19.02.2013 (10)
  2. GVU Ihr Computer ist gesperrt Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (23)
  3. Computer gesperrt GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.01.2013 (28)
  4. GVU-Trojaner (Ihr Computer ist gesperrt)
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (5)
  5. Trojaner /Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 29.12.2012 (17)
  6. Computer gesperrt - Trojaner Eidgenossenschaft
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (1)
  7. GVU Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (15)
  8. Suisa hat den Computer gesperrt - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (2)
  9. GUV-Trojaner - Computer gesperrt - Win 7
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (35)
  10. GVU Trojaner - Computer gesperrt
    Log-Analyse und Auswertung - 21.09.2012 (14)
  11. GVU Trojaner - Computer gesperrt -
    Log-Analyse und Auswertung - 06.09.2012 (13)
  12. AKM/BMI Trojaner: Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (7)
  13. BKA Trojaner Computer wurde gesperrt
    Log-Analyse und Auswertung - 14.08.2012 (6)
  14. Computer von Trojaner gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (19)
  15. GVU Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (17)
  16. AKM / BM.I - Trojaner - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (6)
  17. Auch bei mir: Computer gesperrt - Trojaner
    Log-Analyse und Auswertung - 21.03.2012 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA-Trojaner - Der Computer ist gesperrt! - Hallo an alle Experten, heute Morgen hat mich mein "Vordergrund-Bildschirm" etwas überrascht. Überschrift das der Bundesregierung nachempfundenen Bundes Trojaners: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland - BKA-Trojaner - Der Computer ist gesperrt!...
Archiv
Du betrachtest: BKA-Trojaner - Der Computer ist gesperrt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129