| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU und BSI TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.10.2012, 20:55
| #1 |
| |  GVU und BSI Trojaner Hallo zusammen, so - nun hat es mich erwischt! Gestern Abend erschien eine der berüchtigten Sperrungen die nur durch die Bezahlung von 100EUR aufgehoben wird.....  Ich habe die ersten Schritte mal erledigt und OTL als auch MWB laufen lassen. OTL txt anbei (hoffentlich - ich machs zum 1.Mal...) MWB screenshot ebenso, wobei ich weiter noch nichts gestartet habe. Wenn ich den PC im User Modus starte kommt sofort der Sperrbildschirm, wenn ich mich als Admin anmelde läuft er und lässt mich momentan alle Programme installieren bzw. laufen. Screenshot des Sperrbildschirms auch im Anhang Anhang 44847 Anhang 44848   Ich hoffe ich habe mal die groben Daten gesammelt. Bitte um Hilfe! Wie gehts nun weiter - was soll ich tun. Im Voraus schon mal Danke! Gruß Frank |
|
11.10.2012, 22:17
| #2 |
| | GVU und BSI Trojaner Sorry - hier die Logs als Box: OTL Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.10.2012 20:15:24 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,04% Memory free 6,00 Gb Paging File | 5,05 Gb Available in Paging File | 84,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 63,66 Gb Free Space | 54,67% Space Free | Partition Type: NTFS Drive D: | 116,44 Gb Total Space | 105,40 Gb Free Space | 90,52% Space Free | Partition Type: NTFS Drive J: | 465,76 Gb Total Space | 309,83 Gb Free Space | 66,52% Space Free | Partition Type: NTFS Drive L: | 1,86 Gb Total Space | 0,40 Gb Free Space | 21,70% Space Free | Partition Type: FAT Computer Name: FRANK1 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - D:\Programme\WinRar\RarExt.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3615.38717__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3615.38596__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3615.38616__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3615.38610__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3615.38605__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3615.38699__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3615.38699__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3615.38703__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3615.38699__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3615.38713__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3615.38641__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3615.38698__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3615.38617__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3615.38687__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3615.38662__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3615.38654__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3615.38616__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3615.38641__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3615.38654__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3615.38646__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3615.38697__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3615.38667__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3615.38605__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3615.38688__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3615.38653__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3615.38649__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3615.38639__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3615.38646__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3615.38621__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3615.38717__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3615.38711__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3615.38676__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3615.38610__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3615.38640__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3615.38635__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3615.23245__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3615.38682__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3615.23236__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3615.38680__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3615.23260__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3615.38640__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3615.23274__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3615.23256__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3615.23273__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3615.23256__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3615.23263__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3615.38692__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3615.23241__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3615.23267__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3615.23252__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3615.23259__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3615.38640__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3615.23239__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3615.38647__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3615.23232__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3615.23235__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3615.23288__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3615.23264__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3615.23268__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3615.23250__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3615.23255__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3615.23249__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3615.23260__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3615.23247__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3615.23259__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3615.23252__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3615.23243__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3615.23267__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3615.23254__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3615.23259__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3615.23253__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3615.23247__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3615.23254__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3615.23269__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3615.23253__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3615.23265__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3615.23256__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3615.23254__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3615.23256__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3615.23275__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3615.23270__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3615.23258__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3615.23269__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3615.38593__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3615.38601__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3615.38594__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3615.38592__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3615.38595__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3615.23257__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3615.38593__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3615.23250__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3615.23257__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3615.23261__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3615.38681__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (nmserial) -- C:\Windows\system32\DRIVERS\nmserial.sys File not found DRV - (NmPar) -- C:\Windows\system32\DRIVERS\NmPar.sys File not found DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (nvamacpi) -- C:\Windows\System32\drivers\nvamacpi.sys (NVIDIA Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (PciIsaSerial) -- C:\Windows\System32\drivers\PciIsaSerial.sys (Windows (R) Codename Longhorn DDK provider) DRV - (PciPPorts) -- C:\Windows\System32\drivers\PciPPorts.sys () DRV - (PciSPorts) -- C:\Windows\System32\drivers\PciSPorts.sys () DRV - (SPorts) -- C:\Windows\System32\drivers\SPorts.sys () DRV - (PPorts) -- C:\Windows\System32\drivers\PPorts.sys () DRV - (ISASerial) -- C:\Windows\System32\drivers\ISASerial.sys (Windows (R) Codename Longhorn DDK provider) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101113172556\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101113172556\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-220262162-1232268133-366704090-500\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=g31krYMspXjWQOF1mG1RCUppOEs?q={searchTerms} IE - HKU\S-1-5-21-220262162-1232268133-366704090-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa 3.6\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla\components [2012.09.07 15:32:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2012.09.07 15:32:14 | 000,000,000 | ---D | M] [2011.08.24 15:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2011.08.24 15:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\1zp5pv7p.default\extensions File not found (No name found) -- C:\PROGRAM FILES\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101113172556\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\xyz\AppData\Roaming\toolplugin\toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-220262162-1232268133-366704090-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\Office\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Programme\ICQ7\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-220262162-1232268133-366704090-500\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-220262162-1232268133-366704090-500\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E55253-D2F5-477F-BA7B-E30BA2CCD93D}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 19:59:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012.10.10 23:54:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.10.09 22:56:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.09 22:56:35 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.09 22:56:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.09 22:56:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.09 22:56:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.09 22:56:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.09 22:56:34 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.09 22:56:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.09 22:56:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.09 22:56:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.09 22:56:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.09 22:56:34 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.09 22:56:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.09 22:56:23 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.09 22:56:23 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.09.23 03:00:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.23 03:00:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.23 03:00:43 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.23 03:00:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.23 03:00:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.23 03:00:42 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.23 03:00:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.23 03:00:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.14 03:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.14 03:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.13 20:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2012.09.13 20:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2012.09.13 20:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixum Fotobuch [2012.09.12 14:33:38 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll ========== Files - Modified Within 30 Days ========== [2012.10.11 19:59:58 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.11 19:59:58 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.11 19:59:58 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.11 19:59:58 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.11 19:56:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012.10.11 19:43:53 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 19:43:53 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.11 19:36:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.11 19:36:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.11 19:36:38 | 2415,271,936 | -HS- | M] () -- C:\hiberfil.sys [2012.10.11 19:34:31 | 083,023,306 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.10.10 23:54:17 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012.10.10 23:22:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.14 20:30:38 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.09.14 03:01:25 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.13 20:44:53 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Pixum Fotobuch.lnk [2012.09.13 20:44:53 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\Fotoschau.lnk ========== Files Created - No Company Name ========== [2012.10.10 23:54:18 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.09.13 20:44:53 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Pixum Fotobuch.lnk [2012.09.13 20:44:53 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Fotoschau.lnk [2011.08.24 15:43:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.12 19:22:28 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.03.12 19:22:28 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.01.01 12:50:48 | 000,003,272 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Musepack Codec.dat [2011.01.01 12:45:05 | 000,593,272 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2011.01.01 12:45:05 | 000,017,755 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2009.12.29 20:16:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.08.24 15:41:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Overlook [2011.08.24 16:31:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite [2011.01.28 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\CrypTool [2012.04.07 01:47:57 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\DVDVideoSoft [2012.04.07 01:47:51 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.29 17:38:00 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\elsterformular [2009.12.31 21:17:37 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\EurekaLog [2012.06.25 22:21:36 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\GARMIN [2010.01.11 00:55:48 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\GSAK_762 [2012.06.17 17:17:02 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\gtk-2.0 [2011.07.21 16:01:56 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\ICQ [2012.09.17 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\korAccount [2011.02.03 01:47:52 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Mopsos [2011.08.24 15:06:53 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Overlook [2011.03.12 19:36:08 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\PC Suite [2011.01.15 01:20:22 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\PC-FAX TX [2010.12.14 01:51:01 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\PhotoScape [2011.12.25 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\RavensburgerTipToi [2011.03.12 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Samsung [2012.08.31 00:38:48 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Songbird2 [2012.04.24 22:41:48 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\Subsembly [2012.01.26 23:24:25 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\TagScanner [2011.12.15 23:54:46 | 000,000,000 | ---D | M] -- C:\Users\xyz\AppData\Roaming\toolplugin ========== Purity Check ========== < End of report > --- --- --- OTL Extra Log: OTL Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.10.2012 20:15:25 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,04% Memory free
6,00 Gb Paging File | 5,05 Gb Available in Paging File | 84,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 63,66 Gb Free Space | 54,67% Space Free | Partition Type: NTFS
Drive D: | 116,44 Gb Total Space | 105,40 Gb Free Space | 90,52% Space Free | Partition Type: NTFS
Drive J: | 465,76 Gb Total Space | 309,83 Gb Free Space | 66,52% Space Free | Partition Type: NTFS
Drive L: | 1,86 Gb Total Space | 0,40 Gb Free Space | 21,70% Space Free | Partition Type: FAT
Computer Name: FRANK1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-220262162-1232268133-366704090-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programme\Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "D:\Programme\Irfan_View_425\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "D:\Programme\Pixum_Fotobuch\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "D:\Programme\Pixum_Fotobuch\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049ADAC5-5A80-47CA-AE46-DD429ADD7AD0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1062B0DA-34AE-444F-9F2B-90CD4D0B9074}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{16D1E0D6-48F3-468D-8B77-4433734539AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19DAE892-4B4F-437C-8791-5428A7C85E97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B10C363-01D4-4658-9267-E7F09A232ED7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F09631B-F034-4561-9904-D1AF1491B203}" = lport=445 | protocol=6 | dir=in | app=system |
"{35859912-6645-4E73-8F2B-062704790ED7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61EE9C29-E0BC-40E1-8B13-CFBDE1007F6D}" = rport=137 | protocol=17 | dir=out | app=system |
"{629175E0-C03F-42AE-AAD6-6E61BBE806EE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{69232E09-39FC-44DE-8AFA-4F16E9CD5EFD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{77A8BCD7-069A-432E-B5F7-CA627682F61A}" = rport=445 | protocol=6 | dir=out | app=system |
"{7AD4BA25-21EA-499A-886A-0A54DCB2E8AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81B955A9-0964-4A29-A360-FFCFE64569B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{85F70E3E-F1A4-4A7F-944E-DF005BB566EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{8F8AE6EB-17BB-428A-A1D4-A51F334D79FF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{91D36C8A-FDCA-4B67-B1BF-DFA09044608B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{943537DD-9C44-458A-8FF9-E84258C81030}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9526741D-927F-4718-A83C-56819EAC7975}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9AB6E662-D9E5-4A21-A28F-41122AB64464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B6A5950-510C-4388-A7FA-120D029722D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7AADAF2-23C2-4BB5-85DB-321E9DD35F99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA696A9C-EE44-4A85-B21F-0E0A744B8C3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AF95156A-6A69-4CE4-919E-514CDF048F84}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B12F060C-86E6-494F-93DA-702D6289DE9F}" = rport=138 | protocol=17 | dir=out | app=system |
"{B99AAC2A-C0ED-482A-AAEE-0841F5B0558D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE2CB8C2-45FA-490B-98CC-F6BE2895AFF1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2F8B934-4344-42CC-9EA1-CB063B379137}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA1D57AB-10D9-4364-A14C-B0E7EA46DE1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D75CC6C0-5602-4571-A401-82C24541F29E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E07F59FE-415B-4111-8B5E-B3F91781509C}" = lport=137 | protocol=17 | dir=in | app=system |
"{E82DA970-D811-4FC6-9591-8C44F0983960}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F74B7722-5DC3-4E1C-A911-2197E19315F0}" = lport=138 | protocol=17 | dir=in | app=system |
"{FD60D489-6690-4ACF-9E34-22173A203F12}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032DA237-AEBF-479D-9130-91AFCDDAB0C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05FF3B4B-FA9A-4A83-974B-A631DBABDF06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0A95A583-704A-4B5C-A6CC-87CBF389321C}" = protocol=17 | dir=in | app=d:\programme\office\office14\onenote.exe |
"{129DCF2D-DADB-418A-8746-70A970EA12F4}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe |
"{12F461FA-609E-4F31-A2C3-E538092787BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{187D8981-9956-4B7A-A098-9BCD15CD2005}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D6C47BD-B17A-4430-9421-9773D921DB92}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{24BE7AF4-0A58-4751-AB99-6CADF11AA612}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{254D0F19-B116-4313-9901-753BB7921A77}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{379502DA-0C07-4991-B708-3FDED6624192}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38A42436-F0A5-42CF-BAC6-34D2930D79DC}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe |
"{3C134DF6-8D92-4371-B5C0-3011C0FA46CE}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe |
"{432AE1EF-9354-4CF4-87CC-4C8BFFD05CA2}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{44DAF950-CAD7-4381-A9D4-9B7C98DFBCCF}" = protocol=17 | dir=in | app=d:\programme\samsung\npsvsvr.exe |
"{4B42B115-BDCA-4080-B238-D5B6EBD36D43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52F73E3A-5BC1-4AFF-BE71-3E3E7160395C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{55F71F75-0F6D-4AAC-91F3-7F30F0AB838B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{64F06D42-262D-4E0E-90EC-6EEE6E3A0E58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{789C289D-93F4-42C3-B21A-69388C104E52}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{78F7D0BF-3DB3-4B57-86C4-644DEE53D8FA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E83DA21-BA66-4CC8-9603-C66E2CD67D91}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{813AEA20-4967-49D3-BBB8-6A434534B6A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{84694E6B-7BDA-4EA6-9DEE-9D93C86A9334}" = protocol=6 | dir=in | app=d:\programme\office\office14\onenote.exe |
"{8B8CED76-BA63-41B3-B389-E1AC4CA6FEA0}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe |
"{903FD1E8-A85E-474A-AB10-D83EB5C1AF73}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E5FB4DE-2613-474B-BC7F-AFDD6F075302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F422517-389A-4349-A8F9-E6E399F70C59}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A087451D-A818-423A-893B-02806415CAF9}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe |
"{A736D783-E7D3-499C-83E7-864F98F6AF53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AACA9E3E-87F7-4AD4-BBE2-BABE60ADCF4C}" = protocol=17 | dir=in | app=d:\programme\samsung\npsasvr.exe |
"{B31532ED-83C2-464D-81F6-023EA357E703}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe |
"{B5A1F7D7-2787-438D-ADB1-E9F0B810A73F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B5F563CA-F5FA-4EA5-82D2-D8A441B394DE}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe |
"{BBDE777A-F9AB-4FAA-8BFE-D68CC2E9E213}" = protocol=6 | dir=in | app=d:\programme\samsung\npsasvr.exe |
"{BFECBE2D-401C-47B9-97A7-F338B04ADFA2}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe |
"{C2AB9873-7894-4F0D-BB62-7EFA978465AE}" = protocol=6 | dir=in | app=d:\programme\samsung\npsvsvr.exe |
"{C3C38173-072D-4E8B-82C0-3B5EB63588E4}" = protocol=6 | dir=out | app=system |
"{D1483348-B058-492E-9FD0-DA808E45266E}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe |
"{D749DC98-676F-405F-9DCD-E828F84D27EC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFFA0999-30CD-44DF-814E-C04407862135}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{E2E083F5-6B6D-44C6-9A6E-B8C6DA0F1736}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\aolload.exe |
"{E414671B-7334-43A6-A82E-77984DB8C11B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{E666CB5D-69F8-4350-AE75-27CB90CF61B6}" = protocol=17 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe |
"{E83AA9B3-6A3B-4DAB-AD05-F9365A309521}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{ED3FB4B4-696E-44C8-8CCD-79DED133C98A}" = protocol=6 | dir=in | app=d:\programme\icq7\icq7.0\icq.exe |
"{F429EF8A-DCEB-4557-A32F-A1882C1B84F8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{F5403F35-7E8F-44FB-BFE5-9131B61BC152}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F614486B-4F91-403D-9697-39D50BBC020C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{FBED0A5B-B08C-439A-8A54-A0BDA8E36F55}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{2BB3B8FC-7DBA-4AEB-834F-A911F22AB9E8}D:\programme\fing\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=d:\programme\fing\winpcap\rpcapd.exe |
"TCP Query User{3F506B68-FCA0-4455-9B4B-C017A329F7BC}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{727069C5-F6A8-496D-8418-BAC9CD7FC44A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9656E32E-B377-4B5E-8D28-C9DFD073A52B}D:\programme\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programme\vlc\vlc.exe |
"TCP Query User{9B29AECE-1B72-40F7-B53E-6AD74BD7834E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{BCAF5C1B-1A08-4B6A-90B5-E2F61ECA7509}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{05C50FA1-A434-4CE5-9DAD-8439E4DE1A5D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{1813A2A0-6C83-4149-B4AC-182DD4F0F3B2}D:\programme\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programme\vlc\vlc.exe |
"UDP Query User{6B760E0E-1E71-4523-BD44-D31217B45C04}D:\programme\fing\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=d:\programme\fing\winpcap\rpcapd.exe |
"UDP Query User{73F4CA02-B7F3-4D14-85C0-A52CE4EFC74C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{797EB26E-D08B-422B-871E-AB9D1D1EFD2D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{EF72DA60-8437-4EB8-B0F0-455265033E32}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BB72566-0D4C-7200-2CE7-02F298B49C88}" = CCC Help English
"{110AD51E-D0E0-49B1-52FD-291373BA62EA}" = Catalyst Control Center Graphics Full New
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2fdb32b5-59cb-4c66-b7aa-1395f3b9b53e}" = Nero 9 Essentials
"{31557F4F-7D10-D32E-4B70-237A09FCC31B}" = Catalyst Control Center Graphics Previews Common
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3C175604-F026-5D79-BBD8-F626AE10B3EF}" = Catalyst Control Center Graphics Full Existing
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4243454B-41D0-4CC1-8E03-46AA8C22BAA2}" = GCTool
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-5490CN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D6B0C7D-CCB5-4192-9FEA-4B5EE04AAED1}" = Topo Deutschland v2 (Süd)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62C2067E-5851-BD4C-98E0-5C4D5E155A5B}" = Catalyst Control Center Core Implementation
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ABEEC21-B23C-4610-B57A-BE94345D4096}" = Audials
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{934528B2-09B3-C6E5-288A-4E554E6DF2B9}" = ATI Catalyst Install Manager
"{93F22EEC-DAD6-1D0D-E208-03FDA1B58F01}" = Catalyst Control Center InstallProxy
"{944B9BCC-0499-47E0-A1D7-941DC2732612}" = korAccount 3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982CAC7C-71EF-4DC5-996F-B74EA57E2EFC}" = Baden-Württemberg Nord 2.0
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A292C05C-840A-9D47-5350-EF39ECC7629E}" = Catalyst Control Center HydraVision Full
"{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AD17676C-5065-E427-130B-21CE713F93E7}" = Catalyst Control Center Graphics Light
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B970700B-E49F-ECEF-4ADB-0F3E1AFEDE91}" = ccc-core-static
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFFE230A-8520-423D-8A22-DB82C9922925}" = Das Interaktive Kartenwerk. Deutschland
"{C24C3F25-CC7F-41D5-B03D-24F8059BABAD}" = Garmin USB Drivers
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D28FDA7D-15C6-48A2-9868-6BCB28BE6254}" = Microsoft Picture It! Foto 2001
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9726DDC-D7B5-BF1F-5626-EA467FEEBC52}" = ccc-utility
"{F9F13FEA-D51E-A1C3-4EDC-D04A91B62C93}" = Catalyst Control Center Graphics Previews Vista
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"CrypTool" = CrypTool 1.4.30
"dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"Google Desktop" = Google Desktop
"GPS-Track-Analyse.NET 6.0_is1" = GPS-Track-Analyse.NET 6.0
"GSAK_is1" = GSAK 7.7.3.53 (Final)
"ICQToolbar" = ICQ Toolbar
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"KoenigDickBauchMopsos_is1" = Mopsos 1.0.112 26.11.2010
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineTimer Pro_is1" = OnlineTimer Pro - Deinstallation
"Overlook Fing 1.4" = Overlook Fing
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pixum Fotobuch" = Pixum Fotobuch
"Playlist Creator 3.6.2" = Playlist Creator 3.6.2
"Ravensburger tiptoi" = Ravensburger tiptoi
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"Songbird-release-2311" = Songbird 2.0.0 (Build 2311)
"TagScanner_is1" = TagScanner 5.1.608
"toolplugin" = toolplugin
"TrickfilmCam" = Trickfilm Cam
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"winpcap-overlook" = winpcap-overlook 4.02
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.09.2011 12:53:27 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/09 18:53:27.687]: [00001988]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 09.09.2011 14:22:48 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/09 20:22:48.461]: [00001988]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 09.09.2011 17:50:50 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/09 23:50:50.653]: [00001988]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 10.09.2011 03:54:55 | Computer Name = Frank1 | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 10.09.2011 04:28:52 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/10 10:28:52.760]: [00001956]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 10.09.2011 05:44:00 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/10 11:44:00.640]: [00001956]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 10.09.2011 06:33:49 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/10 12:33:49.243]: [00001956]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 10.09.2011 08:40:25 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/10 14:40:25.578]: [00001956]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 10.09.2011 09:58:35 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/10 15:58:35.281]: [00001956]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
Error - 10.09.2011 18:45:55 | Computer Name = Frank1 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2011/09/11 00:45:55.749]: [00001956]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 5
[ System Events ]
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "NetIO-Legacy-TDI-Supporttreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.10.2012 13:35:44 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 11.10.2012 13:35:45 | Computer Name = Frank1 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
< End of report >
--- --- --- MWB Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.11.12 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Administrator :: FRANK1 [Administrator] 11.10.2012 20:37:32 mbam-log-2012-10-11 (22-05-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 219646 Laufzeit: 4 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\xyz\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom) -> Keine Aktion durchgeführt. C:\Users\xyz\Downloads\SoftonicDownloader_fuer_i300-i320-java-installer.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt. C:\Users\xyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt. (Ende) Danke Frank |
|
12.10.2012, 22:05
| #3 |
| | GVU und BSI Trojaner ?????
__________________Schade - keiner da? zuviel los?? Ich poste hier mal die letzten Scans/Logs in der Hoffnung jemand kann mal reinschauen..... MWB Log (full scan, nach bereinigen) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.12.06 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 xyz :: FRANK1 [Administrator] 12.10.2012 19:33:02 mbam-log-2012-10-12 (19-33-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 584723 Laufzeit: 2 Stunde(n), 40 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 14 D:\Programme\GC_EDIT\Desktop\gcedit_WIN.exe (Backdoor.MSIL.PGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Daten_FF\FromC\Daten\Office\exe\Intellig.exe (Joke.Zappa) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Daten_FF\FromC\Daten\Office\exe\snowdome.exe (JokeApp.EmailCollector) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Monster\aol\aol_dateien_download\download\viagra.exe (Joke.VV) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Monster\daten\movie\madcow.exe (JokeApp.NotFunny) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Newdisk\Daten\jokes\Intellig.exe (Joke.Zappa) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Newdisk\Daten\jokes\Intelligenztest.exe (Joke.Zappa) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Newdisk\Daten\Office\exe\Intellig.exe (Joke.Zappa) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Newdisk\Daten\Office\exe\snowdome.exe (JokeApp.EmailCollector) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Newdisk\Sicherung M+H 26_11_2004\Daten\Office\exe\Intellig.exe (Joke.Zappa) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Newdisk\Sicherung M+H 26_11_2004\Daten\Office\exe\snowdome.exe (JokeApp.EmailCollector) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Newdisk\Sicherung M+H 26_11_2004\Daten\Privat\Intellig.exe (Joke.Zappa) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Silver_Newdisk\Sicherung M+H 26_11_2004\Daten\Privat\madcow.exe (JokeApp.NotFunny) -> Erfolgreich gelöscht und in Quarantäne gestellt. J:\Backup\Backup_Vol2\Sicherung_01_2006\Daten\download\viagra.exe (Joke.VV) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.004 - Datei am 12/10/2012 um 22:54:49 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium (32 bits)
# Benutzer : Frank Führer - FRANK1
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Frank Führer\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\Frank Führer\AppData\Roaming\Mozilla\Firefox\Profiles\kxrjmq1k.default\extensions\welcome@toolmin.com
Ordner Gefunden : C:\Users\Frank Führer\AppData\Roaming\Toolplugin
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-220262162-1232268133-366704090-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\xyz\AppData\Roaming\Mozilla\Firefox\Profiles\kxrjmq1k.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "Search the web");
Gefunden : user_pref("browser.search.order.1", "Search the web");
Gefunden : user_pref("browser.search.selectedEngine", "Search the web");
Profilname : default
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1zp5pv7p.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2458 octets] - [12/10/2012 22:54:49]
########## EOF - C:\AdwCleaner[R1].txt - [2518 octets] ##########
Kann ich noch etwas tun/checken?? Noch mal Danke! Gruß Frank |
|
| Themen zu GVU und BSI Trojaner |
| abend, admin, anbei, bezahlung, daten, erledigt, erwischt, gen, gestartet, hallo zusammen, hoffe, installiere, installieren, laufen, melde, modus, nichts, programme, screenshot, sofort, tan, troja, trojaner, zusammen |
Linear-Darstellung
