Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Österreich Polizei Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.08.2012, 19:49   #1
dingler
 
Österreich Polizei Virus - Standard

Österreich Polizei Virus



Hallo

Mich hat der Österreichische Polizei Virus erwischt.
Anbei habe ich den OTL Code.

Bitte um Hilfe

Vielen Dank

Code:
ATTFilter
OTL logfile created on: 8/21/2012 7:24:45 PM - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Moss\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.42% Memory free
3.49 Gb Paging File | 2.54 Gb Available in Paging File | 72.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 91.64 Gb Free Space | 69.55% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: MOSS2-HP | User Name: Moss | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/21 19:24:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Moss\Desktop\OTL.exe
PRC - [2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/05/09 00:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/08/05 01:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/30 05:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/04/05 20:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/17 14:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/08 20:07:16 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/02/04 20:48:28 | 000,199,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2012/08/21 19:14:57 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 14:48:42 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe -- (STacSV)
SRV - [2010/03/06 23:39:08 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/03/01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/02/17 22:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2009/08/07 18:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/09 00:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/03/03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe -- (AESTFilters)
SRV - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/06 11:50:50 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/11 18:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/08/05 01:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/05 00:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/05/21 05:06:38 | 000,096,384 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010/05/04 00:44:02 | 000,331,880 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/19 12:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/17 14:48:42 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/03/09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/08 20:07:16 | 000,527,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,280,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,121,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,094,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 23:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE:64bit: - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKCU\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/16 15:07:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/08 16:48:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/05/08 16:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moss\AppData\Roaming\mozilla\Extensions
[2012/07/17 20:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moss\AppData\Roaming\mozilla\Firefox\Profiles\8vbdnpn3.default\extensions
[2012/05/08 16:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/17 20:52:38 | 000,271,056 | ---- | M] () (No name found) -- C:\USERS\MOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8VBDNPN3.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2012/04/21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908045406.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100908045406.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [rcgasedspzncuze] C:\ProgramData\rcgaseds.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3593413D-60C5-4957-BF7F-12CF118AB05C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{632BC8D1-0B6F-4CE3-B569-0EA03F0A68CC}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\myrm - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{80bfbeef-6215-11e0-a244-e02a824e1741}\Shell - "" = AutoRun
O33 - MountPoints2\{80bfbeef-6215-11e0-a244-e02a824e1741}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/21 19:24:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Moss\Desktop\OTL.exe
[2012/08/21 19:21:35 | 000,000,000 | ---D | C] -- C:\Users\Moss\AppData\Local\ElevatedDiagnostics
[2012/07/24 22:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\qpaiarlapugffvz
 
========== Files - Modified Within 30 Days ==========
 
[2012/08/21 19:24:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Moss\Desktop\OTL.exe
[2012/08/21 19:22:29 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/21 19:22:23 | 1875,443,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/21 19:15:22 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 19:15:22 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 19:15:18 | 000,007,569 | ---- | M] () -- C:\windows\SysNative\Config.MPF
[2012/08/21 19:14:59 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/21 19:14:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/08/21 19:14:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/21 19:14:27 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForMoss.job
[2012/07/24 22:03:39 | 000,000,051 | ---- | M] () -- C:\ProgramData\thwztwjfhlpgash
[2012/07/24 22:03:28 | 000,057,344 | ---- | M] () -- C:\ProgramData\rcgaseds.exe
[2012/07/24 22:03:28 | 000,057,344 | ---- | M] () -- C:\Users\Moss\0.7548391957719223.exe
 
========== Files Created - No Company Name ==========
 
[2012/07/24 22:03:39 | 000,057,344 | ---- | C] () -- C:\ProgramData\rcgaseds.exe
[2012/07/24 22:03:30 | 000,000,051 | ---- | C] () -- C:\ProgramData\thwztwjfhlpgash
[2012/07/24 22:03:28 | 000,057,344 | ---- | C] () -- C:\Users\Moss\0.7548391957719223.exe
[2011/12/11 08:57:41 | 000,004,608 | ---- | C] () -- C:\Users\Moss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 11:44:28 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/08 13:29:46 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini

< End of report >
         
Extras

Code:
ATTFilter
OTL Extras logfile created on: 8/21/2012 7:24:45 PM - Run 1
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Moss\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 43.42% Memory free
3.49 Gb Paging File | 2.54 Gb Available in Paging File | 72.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 91.64 Gb Free Space | 69.55% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: MOSS2-HP | User Name: Moss | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{160B346A-AAA0-46CC-ADAD-962E1206A47A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1CD9CAA5-453B-4D01-BA94-18B4DF6A9A3F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{32FB3C24-6380-4F0A-A9D0-CBFD11319C51}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3739C4CF-26AF-49FC-B0E9-F4E76F24AF12}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55277F79-6F99-4216-ABF8-2C220E69B0BD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5539B526-20E1-4840-89F7-9554471F1B2C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5E68E449-18DF-4C62-AA53-BDD0CB5B5CFC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{615A9D76-29F2-4E70-8233-52E465356131}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6BE5D545-16D1-436E-879E-5CE7386DE717}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{753823D7-D3E1-4594-9F2B-03D36B852693}" = lport=138 | protocol=17 | dir=in | app=system | 
"{77558441-61A0-41C3-888E-9075832343F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{777F5E8C-6FDC-4525-9B0A-FE8D0C2FE40F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{974A3B86-EAA2-4F89-B7C9-9A9772AE51E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99381EF8-2E37-47C4-B626-9FABAAF8E26B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{9E7E36FD-A16D-436D-9DFA-E2E8EE9EA436}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BF524E26-8C5F-40D1-91F4-26EDCB164D70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D20B8D16-EB63-40AE-9F90-085FDBB97F44}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D34C966F-86B5-4904-B7BE-2BAA81C23602}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D52BC2AE-6417-468B-846E-C1C2D5062062}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D7245607-B72F-4215-A017-CA63424737F5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7F75797-0001-474F-AE54-2B387DF36A79}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E1308023-1F3C-423C-87E8-C815D806EA11}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F0CB93A-D276-448E-ADFE-2F85AB07B703}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{19C9F640-3779-4839-90CD-52AAE3B8FAAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{26F08E30-C29F-4B50-BAEF-CFD2D9FBA028}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2893197F-AD08-42BE-83FE-9EB44B04BA98}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4653A390-3E20-424B-B411-26FFA6E6F65D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49C0489B-C575-45E8-83DC-6045375CFAF6}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{538B206E-FB58-4BC7-822D-9932C8C6F39D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55CEDFBF-0FC0-48E5-8176-7473568687A6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5CC44960-4A24-4E95-AC4B-33DF544934D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6564AF11-44AE-4EFD-BC33-E242326AB6F0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6C6C28E9-07D4-4877-9178-F2BAC87CAA56}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{713F304C-5ABB-49A7-BDE7-7DD96D15720D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{783089EC-2418-404F-B5E6-6C93F4AD4F8C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{7C560072-798A-4CC1-AE2E-3251F2464705}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{917D08F1-1BFB-49C9-B100-B94376FBB449}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{95551A75-864C-46C0-9871-AAF438FF0168}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{96CF263D-A1D5-445B-9D3D-6372B927D251}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{9E8C1643-ADFA-4514-8E40-B230A562AAA7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B9F681DA-B343-4A99-B357-218580E35135}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CF4E70BA-5289-4C4E-ADB3-37B9D4720179}" = protocol=6 | dir=out | app=system | 
"{CFB5E330-0DB6-4CE3-ABF4-6B2447C29E58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CFE0571A-2F87-4132-A200-5934675E9B36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3A64E14-938F-44A7-AD3D-1F662E54AF4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D4688574-26CC-4C00-AC60-D93E937876BD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D49E0E7B-02E9-4389-9FEF-37E807A68328}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D529B974-758B-4A65-B7B4-A0599311F603}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D90A2B3B-88AA-4006-9A17-E8AC0C6AB4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{E46AD028-FAD5-4FC0-AB68-A3D2780FE514}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B2187A6-8ACC-4012-9817-9221211EF407}" = Corel Home Office - IPM
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A1E33D2-9824-454A-B8CB-50072118635A}" = Corel Home Office - CS Templates
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1D11E96F-0405-4B99-8356-5750B1D9FAE9}" = Corel Home Office - JP Templates
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26D19512-874B-4EDA-B7F1-779850B2AD5A}" = Corel Home Office - CT Templates
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5746E4F9-77C6-47E8-A737-A5975A57B4AA}" = Corel Home Office - KR Templates
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D5C1E5E2-11A5-4905-ACC6-6DDD5E3B7705}" = Visual C++ 8.0 x64 Runtime Setup Package
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E684A226-D7B1-4B14-9778-44AD48A654F0}" = Corel Home Office
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F45048A1-12C4-4B08-A3EB-32D88033368A}" = Corel Home Office - Templates RU
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"1180-6883-2514-0226-wansino-PROD" = Wansino
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MVS" = McAfee Virus and Spyware Protection Service
"PDF Complete" = PDF Complete Special Edition
"VLC media player" = VLC media player 2.0.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Club 7 Poker" = Club 7 Poker
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/16/2011 12:17:27 PM | Computer Name = Moss2-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/16/2011 12:18:41 PM | Computer Name = Moss2-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/16/2011 12:18:41 PM | Computer Name = Moss2-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/16/2011 12:19:40 PM | Computer Name = Moss2-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/16/2011 12:19:41 PM | Computer Name = Moss2-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/16/2011 12:21:00 PM | Computer Name = Moss2-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/16/2011 12:21:00 PM | Computer Name = Moss2-HP | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\windows\system32\conhost.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 8/16/2011 12:24:11 PM | Computer Name = Moss2-HP | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 9/4/2011 12:13:40 PM | Computer Name = Moss2-HP | Source = Application Hang | ID = 1002
Description = Programm HPSF.exe, Version 5.0.14.2 kann nicht mehr unter Windows 
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1144    Startzeit:
 01cc6b1a38953f18    Endzeit: 292    Anwendungspfad: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\HPSF.exe    Berichts-ID: cff86d07-d710-11e0-a28c-e02a824e1741  
 
Error - 3/1/2012 2:49:08 AM | Computer Name = Moss2-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqwmiex.exe, Version: 4.0.51.1, 
Zeitstempel: 0x4c3b7c76  Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7600.16872,
 Zeitstempel: 0x4e5873c1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004660  ID des fehlerhaften
 Prozesses: 0xdc0  Startzeit der fehlerhaften Anwendung: 0x01ccf7775a9ab856  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
Pfad
 des fehlerhaften Moduls: C:\windows\syswow64\OLEAUT32.dll  Berichtskennung: a4947fbe-636a-11e1-8ee1-e02a824e1741
 
[ Hewlett-Packard Events ]
Error - 8/5/2011 10:46:12 AM | Computer Name = Moss2-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Eine Ausnahme vom Typ "System.Exception" wurde ausgelöst. Configurator

   bei Configurator.ConfiguratorClass.loadXML()     bei Configurator.ConfiguratorClass..ctor(Boolean
 loadxml)     bei HPSFConfigReader.ConfigHelper..ctor()     bei HPAssistant.csSettings.loadApplicationResources(Boolean
 isOnAppLoad) 
 
Error - 11/25/2011 1:00:54 AM | Computer Name = Moss2-HP | Source = Hewlett-Packard | ID = 0
Description = 
 
[ HP Wireless Assistant Events ]
Error - 12/6/2010 5:42:45 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 12/6/2010 5:42:45 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION    at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
 handler)     at HPPA_Service.CurrentConfiguration..ctor()
 
Error - 12/6/2010 5:42:48 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597    at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
 calibration)     at HPPA_Service.HPPA_Service.ServiceWorkerMethod()
 
Error - 9/7/2011 4:32:54 AM | Computer Name = Moss2-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
 abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     bei System.Management.ManagementScope.InitializeGuts(Object
 o)     bei System.Management.ManagementScope.Initialize()     bei System.Management.ManagementObjectSearcher.Initialize()

   bei System.Management.ManagementObjectSearcher.Get()     bei HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     bei HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
 radio)     bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext()     bei 
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()     bei HPPA_Service.CurrentConfiguration.ApplyFriendlyNames()

   bei HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
[ System Events ]
Error - 2/11/2012 12:23:37 PM | Computer Name = Moss2-HP | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 2/11/2012 12:23:37 PM | Computer Name = Moss2-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 3/1/2012 2:49:12 AM | Computer Name = Moss2-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 5/8/2012 3:29:05 AM | Computer Name = Moss2-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 5/8/2012 8:51:32 AM | Computer Name = Moss2-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?05.?2012 um 14:47:43 unerwartet heruntergefahren.
 
Error - 7/14/2012 4:04:43 PM | Computer Name = Moss2-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?05.?2012 um 20:47:09 unerwartet heruntergefahren.
 
Error - 7/14/2012 4:05:00 PM | Computer Name = Moss2-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
Error - 7/14/2012 6:03:53 PM | Computer Name = Moss2-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 7/15/2012 6:31:21 PM | Computer Name = Moss2-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 7/16/2012 4:35:11 PM | Computer Name = Moss2-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
 
< End of report >
         

Alt 22.08.2012, 00:34   #2
t'john
/// Helfer-Team
 
Österreich Polizei Virus - Standard

Österreich Polizei Virus





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} 
IE:64bit: - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} 
IE - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox 
IE - HKCU\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839} 
IE - HKCU\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found 
O4 - HKCU..\Run: [rcgasedspzncuze] C:\ProgramData\rcgaseds.exe () 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{80bfbeef-6215-11e0-a244-e02a824e1741}\Shell - "" = AutoRun 
O33 - MountPoints2\{80bfbeef-6215-11e0-a244-e02a824e1741}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a 
[2012/07/24 22:03:28 | 000,057,344 | ---- | M] () -- C:\ProgramData\rcgaseds.exe 
[2012/07/24 22:03:28 | 000,057,344 | ---- | M] () -- C:\Users\Moss\0.7548391957719223.exe 

[2012/08/21 19:15:22 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
[2012/08/21 19:15:22 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 

[2012/07/24 22:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\qpaiarlapugffvz 
[2012/07/24 22:03:39 | 000,000,051 | ---- | M] () -- C:\ProgramData\thwztwjfhlpgash 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 22.08.2012, 19:06   #3
dingler
 
Österreich Polizei Virus - Standard

Österreich Polizei Virus



Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42082122-0C9D-4D19-8D54-D7242094F839}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42082122-0C9D-4D19-8D54-D7242094F839}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42082122-0C9D-4D19-8D54-D7242094F839}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: 0 removed from network.proxy.type
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rcgasedspzncuze deleted successfully.
C:\ProgramData\rcgaseds.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80bfbeef-6215-11e0-a244-e02a824e1741}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80bfbeef-6215-11e0-a244-e02a824e1741}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80bfbeef-6215-11e0-a244-e02a824e1741}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80bfbeef-6215-11e0-a244-e02a824e1741}\ not found.
File D:\LaunchU3.exe -a not found.
File C:\ProgramData\rcgaseds.exe not found.
C:\Users\Moss\0.7548391957719223.exe moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 moved successfully.
C:\ProgramData\qpaiarlapugffvz folder moved successfully.
C:\ProgramData\thwztwjfhlpgash moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Moss\Desktop\cmd.bat deleted successfully.
C:\Users\Moss\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Moss
->Temp folder emptied: 55764077 bytes
->Temporary Internet Files folder emptied: 92909209 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1174688720 bytes
->Flash cache emptied: 64420 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 314391258 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,562.00 mb
 
 
OTL by OldTimer - Version 3.2.58.1 log created on 08222012_185907

Files\Folders moved on Reboot...
C:\Users\Moss\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 22.08.2012, 19:24   #4
t'john
/// Helfer-Team
 
Österreich Polizei Virus - Standard

Österreich Polizei Virus



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.10.2012, 00:54   #5
t'john
/// Helfer-Team
 
Österreich Polizei Virus - Standard

Österreich Polizei Virus



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Österreich Polizei Virus
adobe, autorun, bho, defender, error, failed, fehler, firefox, flash player, format, helper, home, install.exe, logfile, mcafee firewall, mcafee virus, mozilla, office 2007, realtek, registry, rundll, scan, security, siteadvisor, software, svchost.exe, usb, virus, windows



Ähnliche Themen: Österreich Polizei Virus


  1. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (2)
  2. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (24)
  3. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (4)
  4. Polizei Virus Österreich vom 23.10.12
    Log-Analyse und Auswertung - 25.10.2012 (1)
  5. Polizei Virus Österreich
    Log-Analyse und Auswertung - 13.10.2012 (2)
  6. polizei virus österreich
    Log-Analyse und Auswertung - 22.09.2012 (1)
  7. Polizei Virus Österreich
    Log-Analyse und Auswertung - 16.09.2012 (32)
  8. Polizei Virus Österreich
    Log-Analyse und Auswertung - 14.09.2012 (13)
  9. Polizei Virus Österreich
    Log-Analyse und Auswertung - 07.09.2012 (22)
  10. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (3)
  11. Polizei Virus - 100 EUR Österreich
    Log-Analyse und Auswertung - 25.08.2012 (5)
  12. Polizei Virus Österreich
    Log-Analyse und Auswertung - 19.08.2012 (4)
  13. Polizei Virus Österreich
    Log-Analyse und Auswertung - 14.08.2012 (13)
  14. Polizei-Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (26)
  15. Polizei 5.2 Virus Österreich
    Log-Analyse und Auswertung - 27.07.2012 (2)
  16. Polizei Virus Österreich
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  17. Polizei Österreich Virus
    Log-Analyse und Auswertung - 04.07.2012 (1)

Zum Thema Österreich Polizei Virus - Hallo Mich hat der Österreichische Polizei Virus erwischt. Anbei habe ich den OTL Code. Bitte um Hilfe Vielen Dank Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 8/21/2012 7:24:45 - Österreich Polizei Virus...
Archiv
Du betrachtest: Österreich Polizei Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.