Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.12.2012, 14:40   #1
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Liebes Trojaner-Board.

Ich hoffe dass ihr mir hier helfen könnt.

Vor ein paar Tagen rief meine Freundin an. Während dem Surfen hatte sie plötzlich ne Meldung von der Bundespolizei (Österreich) am Bildschirm, sie soll 100€ zahlen oder ihr Computer wird gesperrt - danach hat er sich runtergefahren und wieder gebootet.

Ein bisschen recherche hat mich hierher geführt. Ein Quickscan mit Malwarebytes Anti-Malware zeigte den Trojan.fakeMS an - habe aber noch nix in quarantäne geschickt oder gelöscht, sondern erst mal die Punkte 1-3 im "Für alle Hilfesuchenden" - Thread durchgeführt. Am Rechner läuft Windows Vista

De-Fogger hab ich ausgeführt.

OTL:
Code:
ATTFilter
OTL logfile created on: 30.12.2012 13:48:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\verena\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,59% Memory free
6,18 Gb Paging File | 4,69 Gb Available in Paging File | 75,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 32,24 Gb Free Space | 34,24% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 107,94 Gb Free Space | 55,31% Space Free | Partition Type: NTFS
 
Computer Name: VERENA-PC | User Name: verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.30 13:45:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
PRC - [2012.09.07 20:46:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.07 20:43:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 20:40:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.07 20:40:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.31 01:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.08.31 01:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.03.25 02:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.05.19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.28 12:40:28 | 000,020,480 | ---- | M] ( ) -- C:\Programme\Google\Google EULA\GoogleEULALauncher.exe
PRC - [2008.04.28 16:21:56 | 000,374,784 | ---- | M] (ODM) -- C:\Programme\OEM\OSD_1.12\osd.exe
PRC - [2008.04.25 07:25:52 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Programme\OEM\OSD_1.12\OsdService.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.02.22 17:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2007.01.18 13:18:44 | 000,143,360 | ---- | M] () -- C:\Programme\DVBT\DetectTray.exe
PRC - [2006.09.18 13:12:06 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.21 20:04:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f4458d63e51a43c856942ea40dda3a9\System.ServiceProcess.ni.dll
MOD - [2011.06.21 20:02:21 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\45af364b6f9480c42c4c57ea46f384f6\System.Xaml.ni.dll
MOD - [2011.06.21 20:00:49 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011.06.21 14:15:37 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.21 14:15:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.21 14:14:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.21 14:14:33 | 017,673,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e1118f4cb54334d606d47fd4e1bcc09e\PresentationFramework.ni.dll
MOD - [2011.06.21 14:14:18 | 011,106,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ee99ffeb7b1ab53f394e0e1bf8759ce\PresentationCore.ni.dll
MOD - [2011.06.21 14:14:06 | 003,798,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c8482ea964f3031763d12f0a1c38d4ce\WindowsBase.ni.dll
MOD - [2011.06.21 14:13:55 | 007,053,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8a8bc7cc941913983b0dec8c65102629\System.Core.ni.dll
MOD - [2011.06.21 14:13:54 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\912daeab3595b7987f79bc58a93190eb\System.Xml.ni.dll
MOD - [2011.06.21 14:13:48 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d5bd0e884402abff8c9fa924ffd7375f\System.Configuration.ni.dll
MOD - [2011.06.21 14:13:47 | 009,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\77dc32bfb24f92096395d259733ba80b\System.ni.dll
MOD - [2011.06.21 14:12:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.06.21 14:09:38 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fd30bb8e36e4d03126abb3c20a3d9c40\mscorlib.ni.dll
MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.01.18 13:18:44 | 000,143,360 | ---- | M] () -- C:\Programme\DVBT\DetectTray.exe
MOD - [2005.07.30 20:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\System32\OdiOlDVR.dll
MOD - [2004.06.21 09:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\System32\OdiAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.22 16:34:44 | 000,194,936 | ---- | M] (Корпорация Майкрософт) [Auto | Stopped] -- C:\Users\verena\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012.12.06 20:26:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.07 20:46:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.07 20:40:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.02.22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Programme\OEM\OSD_1.12\OsdService.exe -- (OsdService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.09.07 20:47:19 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.07 20:47:18 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.07 20:47:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.07 20:47:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 06:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.12.21 06:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.09.10 19:30:03 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2008.05.22 23:59:00 | 007,494,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.01 07:35:54 | 003,660,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.31 11:02:34 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2007.12.28 18:21:54 | 000,104,448 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.12.19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.11.21 09:31:26 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2007.11.02 12:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic)
DRV - [2007.11.02 12:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt)
DRV - [2007.11.02 12:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 12:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5)
DRV - [2007.11.02 12:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 12:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus)
DRV - [2007.11.02 12:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.09.11 14:20:00 | 000,087,296 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EC168BDA.sys -- (EC168BDA)
DRV - [2006.04.07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=9rw1p_wd0ydVINcsbonNbvmB7Ek?q={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://mail.yahoo.de/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:26:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.10.05 11:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2012.10.16 18:38:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:26:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:26:21 | 000,000,000 | ---D | M]
 
[2011.05.28 13:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions
[2010.04.28 17:40:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.05 12:59:40 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2009.03.26 20:16:01 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\moveplayer@movenetworks.com
[2009.10.05 11:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Sunbird\Profiles\fllmli6o.default\extensions
[2011.03.23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Users\verena\AppData\Roaming\mozilla\firefox\profiles\4ja7ie9b.default\searchplugins\SearchquWebSearch.xml
[2012.12.06 20:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.06 20:26:25 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 09:54:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DetectTray] C:\Programme\DVBT\DetectTray.exe ()
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\verena\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1A4037D-3BFC-4461-8658-BCCD6363A663}: DhcpNameServer = 192.168.177.200
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Photos\Summertrip_2012\Reykjavik\DSC00451_bearb.jpg
O24 - Desktop BackupWallPaper: D:\Photos\Summertrip_2012\Reykjavik\DSC00451_bearb.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0885e8df-7c32-11de-8d5b-00f1d000f1d0}\Shell\AutoRun\command - "" = RECYCLER\usbassist.exe
O33 - MountPoints2\{0885e8df-7c32-11de-8d5b-00f1d000f1d0}\Shell\opEN\CoMmanD - "" = RECYCLER\usbassist.exe
O33 - MountPoints2\{3fec8387-fa93-11dd-bc49-00030d9dab00}\Shell - "" = AutoRun
O33 - MountPoints2\{3fec8387-fa93-11dd-bc49-00030d9dab00}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{4981fbf2-d06f-11de-968d-00f1d000f1d0}\Shell\AutoRun\command - "" = F:\AutoTransfer.exe
O33 - MountPoints2\{8f991401-b3b1-11dd-ac4b-00030d9dab00}\Shell - "" = AutoRun
O33 - MountPoints2\{8f991401-b3b1-11dd-ac4b-00030d9dab00}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.30 13:45:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
[2012.12.30 13:36:42 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\Malwarebytes
[2012.12.30 13:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.30 13:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.30 13:36:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.30 13:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.22 16:34:44 | 000,194,936 | ---- | C] (Корпорация Майкрософт) -- C:\Users\verena\wgsdgsdgdsgsd.exe
[2012.12.16 20:55:08 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.12.16 20:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.16 20:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.12.06 20:26:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.30 13:45:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
[2012.12.30 13:43:51 | 000,000,000 | ---- | M] () -- C:\Users\verena\defogger_reenable
[2012.12.30 13:42:23 | 000,050,477 | ---- | M] () -- C:\Users\verena\Desktop\Defogger.exe
[2012.12.30 13:36:29 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 13:32:48 | 000,002,487 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
[2012.12.30 13:32:47 | 000,135,766 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.30 13:32:40 | 000,135,766 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.12.30 13:32:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 13:32:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.30 13:31:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.30 13:31:50 | 3215,613,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.22 16:43:19 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.22 16:43:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.22 16:43:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.22 16:43:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.22 16:39:53 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.22 16:34:46 | 000,002,915 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.22 16:34:46 | 000,000,892 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.22 16:34:44 | 000,194,936 | ---- | M] (Корпорация Майкрософт) -- C:\Users\verena\wgsdgsdgdsgsd.exe
[2012.12.22 09:52:52 | 000,002,637 | ---- | M] () -- C:\Users\verena\Desktop\Microsoft Office Word 2003.lnk
[2012.12.16 20:55:08 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.12 23:20:08 | 000,163,423 | ---- | M] () -- C:\Users\verena\Desktop\DSC01764.JPG
[2012.12.12 23:20:01 | 000,158,788 | ---- | M] () -- C:\Users\verena\Desktop\DSC01763.JPG
[2012.12.03 17:57:13 | 000,017,946 | ---- | M] () -- C:\Users\verena\Desktop\spruch.jpg
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.30 13:43:51 | 000,000,000 | ---- | C] () -- C:\Users\verena\defogger_reenable
[2012.12.30 13:42:20 | 000,050,477 | ---- | C] () -- C:\Users\verena\Desktop\Defogger.exe
[2012.12.30 13:36:29 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 16:34:46 | 000,002,915 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.22 16:34:46 | 000,000,892 | ---- | C] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012.12.22 16:34:44 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.12 23:20:07 | 000,163,423 | ---- | C] () -- C:\Users\verena\Desktop\DSC01764.JPG
[2012.12.12 23:20:01 | 000,158,788 | ---- | C] () -- C:\Users\verena\Desktop\DSC01763.JPG
[2012.12.03 17:57:12 | 000,017,946 | ---- | C] () -- C:\Users\verena\Desktop\spruch.jpg
[2011.01.29 16:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 16:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 16:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 16:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 16:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.11.29 22:15:47 | 000,004,096 | -H-- | C] () -- C:\Users\verena\AppData\Local\keyfile3.drm
[2010.10.31 15:45:43 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.14 08:25:41 | 000,000,680 | ---- | C] () -- C:\Users\verena\AppData\Local\d3d9caps.dat
[2008.10.15 13:11:28 | 000,171,629 | ---- | C] () -- C:\Users\verena\Teilnahmebestaetigung_widl.pdf
[2008.09.27 19:49:02 | 000,015,239 | ---- | C] () -- C:\Users\verena\edt_l2_lm_2008_2009_s3.pdf
[2008.09.27 19:48:31 | 000,008,209 | ---- | C] () -- C:\Users\verena\edt_agreg_lm_08_09_s1.pdf
[2008.09.27 19:46:08 | 000,005,745 | ---- | C] () -- C:\Users\verena\reunions_rentree_08_09.pdf
[2008.09.27 19:40:49 | 000,014,594 | ---- | C] () -- C:\Users\verena\edt_l1_lc_2008_2009_s1.pdf
[2008.09.10 19:35:40 | 000,233,472 | ---- | C] () -- C:\Users\verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.03 05:11:42 | 000,135,766 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.03 05:11:42 | 000,135,766 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.09.10 19:33:56 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\ACD Systems
[2011.06.19 21:36:05 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Amazon
[2010.10.31 12:43:36 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Canon
[2009.12.15 13:48:47 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\CD-LabelPrint
[2012.12.30 13:34:39 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Dropbox
[2011.07.03 14:14:58 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\FileZilla
[2011.06.22 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Foxit Software
[2008.09.10 18:48:44 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\funkitron
[2011.06.02 07:41:57 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\go
[2009.06.11 11:42:48 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\REAPER
[2011.04.03 15:40:28 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Samsung
[2012.07.12 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Temp
[2010.08.17 17:34:53 | 000,000,000 | ---D | M] -- C:\Users\verena\AppData\Roaming\Topten Software
 
========== Purity Check ==========
 
 

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 30.12.2012 13:48:53 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\verena\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 55,59% Memory free
6,18 Gb Paging File | 4,69 Gb Available in Paging File | 75,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 32,24 Gb Free Space | 34,24% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 107,94 Gb Free Space | 55,31% Space Free | Partition Type: NTFS
 
Computer Name: VERENA-PC | User Name: verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Users\verena\Desktop\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\verena\Desktop\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0526D508-B578-4288-98AE-70E219C582E4}" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0648BDD1-337D-4A8F-8ACC-E71FA8B05A64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AB5973B-A350-44CB-A205-4E162D46EA65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18E60919-6191-410F-A9BF-A0D93B8BB080}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77420F8E-72B2-40D7-AEDC-18E40676F4B9}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{9F61CC14-3301-4759-B2AD-68D808CB681E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AEEC8CAE-36BB-41E3-80A5-F173E0009B7D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{BAF34C7D-38F9-485D-82D9-B154CD5302B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDB5F8D0-05F2-4046-B5E2-D0EE49F59E41}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C4B76E08-3894-4309-BC9F-37FD27031538}" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{117DAEC2-BC55-4BBE-98F0-7E288D00C10B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{226EE5EF-37DF-4F49-8B67-9F6446F5C393}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{3BF37AF1-1ACA-4E14-BFAB-CA3C3D5364BF}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{44AB24EA-4AB1-437E-933D-AB5A20259E73}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{47344484-FF21-4E08-B4BC-C8C781069DE4}C:\users\verena\desktop\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\users\verena\desktop\vlc\vlc.exe | 
"TCP Query User{666BBFC6-387F-4CFC-B454-967A999C1737}C:\users\verena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{97D3E8DB-D33A-4774-BE10-9706CEEB3CB0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AA6E6B61-6B2E-4A92-8618-2BBF3B9CB74E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AF9E711E-58D5-4CBB-94A1-621EF6736287}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{ECF3E530-59E7-4ED0-BA71-93A880FEFC7D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{F6791980-CCA5-4606-8737-759E10F16D99}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0041C3B3-E292-4A55-AB21-BE19B2090B64}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{14237D78-083A-4384-AF92-CD8D12A71FE0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{2207F600-E638-4348-A3F1-2B23AC36F900}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{38864E06-E8FA-4385-A149-DF5E6CA60FDF}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{54CC3212-D434-400F-80A6-70AF8B98E2F1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5C480BA6-C83C-4F6D-991B-D4D7565E7F81}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6E1D3991-A582-43EF-9F80-1491BDC1290F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{722F09FE-A550-44CC-B21F-1A7D192B1F8A}C:\users\verena\desktop\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\users\verena\desktop\vlc\vlc.exe | 
"UDP Query User{C832622D-1C41-4920-B514-232A157BEE1F}C:\users\verena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E0C1C88C-F8B5-4339-B039-76B535AE9782}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{EAC715E0-0DE6-46A0-8DB5-9BBC93860679}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{18012051-2586-4DD5-80AB-8F2358CB78C9}" = Brother HL-4040CN
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}" = DVBT
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Cantabile 2.0 Lite" = Cantabile 2.0 Lite
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Standard)
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Desktop" = Google Desktop
"HyperSnap 6" = HyperSnap 6
"InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.12.2012 19:21:08 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.12.2012 19:21:10 | Computer Name = verena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.12.2012 04:45:50 | Computer Name = verena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.12.2012 04:46:30 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.12.2012 08:09:42 | Computer Name = verena-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung ACDSee11.exe, Version 11.0.108.0, Zeitstempel
 0x4939da4f, fehlerhaftes Modul ACDSee11.exe, Version 11.0.108.0, Zeitstempel 0x4939da4f,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00624b51,  Prozess-ID 0xbf0, Anwendungsstartzeit
 01cde03c4e95b2a7.
 
Error - 22.12.2012 11:26:05 | Computer Name = verena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.12.2012 11:27:14 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.12.2012 11:39:26 | Computer Name = verena-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.12.2012 11:39:40 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.12.2012 12:44:26 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.12.2012 08:33:17 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 21.12.2012 19:19:55 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.12.2012 04:44:13 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.12.2012 11:24:26 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.12.2012 11:38:38 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 25.12.2012 12:40:22 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 25.12.2012 12:44:08 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.12.2012 12:45:09 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.12.2012 08:31:59 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 30.12.2012 08:33:33 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.12.2012 08:36:28 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Gmer:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-12-30 14:36:38
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: q9bywqiq.exe; Driver: C:\Users\verena\AppData\Local\Temp\awliypow.sys


---- System - GMER 1.0.15 ----

SSDT            8D1EC6D6                                  ZwCreateSection
SSDT            8D1EC6E0                                  ZwRequestWaitReplyPort
SSDT            8D1EC6DB                                  ZwSetContextThread
SSDT            8D1EC6E5                                  ZwSetSecurityObject
SSDT            8D1EC6EA                                  ZwSystemDebugControl
SSDT            8D1EC677                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 448           828C4A6C 4 Bytes  [D6, C6, 1E, 8D]
.text           ntkrnlpa.exe!KeSetTimerEx + 76C           828C4D90 4 Bytes  [E0, C6, 1E, 8D]
.text           ntkrnlpa.exe!KeSetTimerEx + 7A0           828C4DC4 4 Bytes  [DB, C6, 1E, 8D]
.text           ntkrnlpa.exe!KeSetTimerEx + 804           828C4E28 4 Bytes  [E5, C6, 1E, 8D]
.text           ntkrnlpa.exe!KeSetTimerEx + 84C           828C4E70 4 Bytes  [EA, C6, 1E, 8D]
.text           ...                                       
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys  section is writeable [0x8E40C320, 0x3E4E87, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0   kbfiltr.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1   kbfiltr.sys
AttachedDevice  \FileSystem\fastfat \Fat                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
Würde mich über Unterstützung freuen!

Alt 30.12.2012, 18:06   #2
aharonov
/// TB-Ausbilder
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld.
__________________

__________________

Alt 30.12.2012, 18:07   #3
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Vielen Dank, aharonov!
__________________

Alt 30.12.2012, 22:57   #4
aharonov
/// TB-Ausbilder
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Hallo ht-tom und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.


Bevor wir loslegen - Hinweise zum Ablauf:
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
    • .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • .. installiere oder deinstalliere während der Bereinigung keine Software.
    • .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).
  • Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
    • Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
    • Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.
Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.




Schritt 1

Malware mit Combofix beseitigen
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
__________________
cheers,
Leo

Alt 31.12.2012, 10:22   #5
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Vielen Dank, Leo!

Hier der Combofix-Log:
Code:
ATTFilter
ComboFix 12-12-31.01 - verena 31.12.2012  10:05:17.2.2 - x86
ausgeführt von:: c:\users\verena\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\verena\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
c:\users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\4ja7ie9b.default\searchplugins\SearchquWebSearch.xml
c:\users\verena\wgsdgsdgdsgsd.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-28 bis 2012-12-31  ))))))))))))))))))))))))))))))
.
.
2012-12-31 09:11 . 2012-12-31 09:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-30 12:36 . 2012-12-30 12:36	--------	d-----w-	c:\users\verena\AppData\Roaming\Malwarebytes
2012-12-30 12:36 . 2012-12-30 12:36	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-30 12:36 . 2012-12-30 12:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-30 12:36 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-22 15:34 . 2012-12-22 15:34	2915	----a-w-	c:\programdata\dsgsdgdsgdsgw.js
2012-12-16 19:55 . 2012-12-16 19:55	--------	d-----w-	c:\program files\Common Files\Skype
2012-12-16 19:55 . 2012-12-16 19:55	--------	d-----r-	c:\program files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2012-12-06 19:26	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-12-06 19:26	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-12-06 19:26 . 2012-12-06 19:26	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-23 05:04 . 2012-12-06 19:26	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DetectTray"="c:\program files\DVBT\DetectTray.exe" [2007-01-18 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-23 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2006-09-18 503808]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2008-05-29 381200]
.
c:\users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\verena\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OSD.lnk - c:\users\verena\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe [2008-9-4 21630]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-2-16 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - c:\users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\4ja7ie9b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.de/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - ExtSQL: !HIDDEN! 2009-08-09 11:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (S-1-5-21-94412540-4286086940-4256644811-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-94412540-4286086940-4256644811-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-94412540-4286086940-4256644811-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2200)
c:\users\verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\OEM\OSD_1.12\OsdService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-31  10:17:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-12-31 09:17
.
Vor Suchlauf: 17 Verzeichnis(se), 40.681.918.464 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 41.906.475.008 Bytes frei
.
- - End Of File - - 05D4BC468E00F1083AA3D19C01406910
         
Der Pc wurde zwischendurch wieder von dem Virus gesperrt, musste also, während Combofix lief, den Lappy neustarten. Hab dann nochmal Combofix ausgeführt und beim zweiten Mal hat's dann auch geklappt.


Alt 02.01.2013, 12:13   #6
aharonov
/// TB-Ausbilder
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Ok soweit, wir müssen noch einen beschädigten Dienst reparieren und Resten wegräumen.


Schritt 1

Downloade dir bitte ESET services repair von hier und speichere es auf den Desktop.
  • Öffne das Tool mit einem Doppelklick auf ServicesRepair.exe.
  • Wenn Hinweise angezeigt werden, drücke auf weiter und bestätige die Ausführung des Tools.
  • Nachdem das Tool durchgelaufen ist, wird ein Neustart verlangt. Drücke auf Yes, um diesen auszuführen.



Schritt 2

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschliesslich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
    Code:
    ATTFilter
    File::
    c:\programdata\dsgsdgdsgdsgw.js
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schliesse alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort ein.



Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
__________________
--> Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.

Geändert von Larusso (02.01.2013 um 12:19 Uhr)

Alt 02.01.2013, 17:06   #7
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Vielen Dank!

Das zip hab ich hochgeladen, es gab allerdings das Problem das der Zugriff auf das Unterverzeichnis BackEnv verweigert wurde.

Hier das Log von Combifix:
Code:
ATTFilter
ComboFix 13-01-02.01 - verena 02.01.2013  16:45:06.3.2 - x86
ausgeführt von:: c:\users\verena\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\verena\Desktop\CFScript.txt
.
FILE ::
"c:\programdata\dsgsdgdsgdsgw.js"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.js
c:\users\verena\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-02 bis 2013-01-02  ))))))))))))))))))))))))))))))
.
.
2013-01-02 15:49 . 2013-01-02 15:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-31 09:17 . 2013-01-02 15:54	--------	d-----w-	c:\users\verena\AppData\Local\temp
2012-12-30 12:36 . 2012-12-30 12:36	--------	d-----w-	c:\users\verena\AppData\Roaming\Malwarebytes
2012-12-30 12:36 . 2012-12-30 12:36	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-30 12:36 . 2012-12-30 12:36	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-30 12:36 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-16 19:55 . 2012-12-16 19:55	--------	d-----w-	c:\program files\Common Files\Skype
2012-12-16 19:55 . 2012-12-16 19:55	--------	d-----r-	c:\program files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 15:37 . 2013-01-02 15:36	1929944	----a-w-	C:\Qoobox.zip
2009-05-01 21:02 . 2012-12-06 19:26	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2012-12-06 19:26	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-12-06 19:26 . 2012-12-06 19:26	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-23 05:04 . 2012-12-06 19:26	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DetectTray"="c:\program files\DVBT\DetectTray.exe" [2007-01-18 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-23 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"pdfFactory Pro Dispatcher v3"="c:\windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2006-09-18 503808]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2008-05-29 381200]
.
c:\users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\verena\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OSD.lnk - c:\users\verena\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe [2008-9-4 21630]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-2-16 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
FF - ProfilePath - c:\users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\4ja7ie9b.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.de/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - ExtSQL: !HIDDEN! 2009-08-09 11:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-02 16:54
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CR2\UserChoice]
@Denied: (2) (S-1-5-21-94412540-4286086940-4256644811-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-94412540-4286086940-4256644811-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-94412540-4286086940-4256644811-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-94412540-4286086940-4256644811-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1604)
c:\users\verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\OEM\OSD_1.12\OsdService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-02  16:58:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-02 15:58
ComboFix2.txt  2012-12-31 09:17
.
Vor Suchlauf: 20 Verzeichnis(se), 41.611.046.912 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 41.678.311.424 Bytes frei
.
- - End Of File - - 539773708E12174EB9DE22102555FB92
         

Alt 02.01.2013, 18:33   #8
aharonov
/// TB-Ausbilder
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Der betroffene Dienst läuft immer noch nicht wie gewünscht.
Hast du ESET services repair ausgeführt wie im letzten Post angegeben?
Versuchen wir was anderes:


Schritt 1
  • Öffne die Windows-Suche (im Startmenü) und suche nach cmd.
  • Mach einen Rechtsklick auf die cmd.exe und wähle Als Administrator ausführen.
  • Gib dann folgenden Befehl in die Kommandozeile ein:
    Code:
    ATTFilter
    regsvr32 wmisvc.dll
             
  • Wenn keine Fehlermeldung erscheint, gib noch folgenden Befehl ein:
    Code:
    ATTFilter
    net start winmgmt
             
  • Wenn keine Fehlermeldung erscheint, starte den Rechner neu auf und führe Schritt 2 durch.
    Sollten Fehler auftreten, brich ab und melde das hier.



Schritt 2

Downloade dir bitte Farbars Service Scanner und speichere es auf den Desktop.
  • Starte das Tool mit Doppelklick auf FSS.exe.
  • Gehe sicher, dass folgende Optionen angehakt sind:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt auf dem Desktop erstellen.
Poste bitte dessen Inhalt hier.



Bitte poste in deiner nächsten Antwort:
  • ev. Log von FSS
__________________
cheers,
Leo

Alt 02.01.2013, 19:45   #9
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Hi!

ESET hab ich ausgeführt und lief ohne Probleme durch.

Zu Schritt 1:
- Zuerst hat cmd.exe nicht funktioniert, nach einem Neustart ging es dann.
- Der regsvr32 Befehl hat funktioniert.
- Beim net start Befehl gabs dann aber die Fehlermeldung:
"Systemfehler 126 ist aufgetreten. Das angegebene Modul wurde nicht gefunden.
- Nach einem neuerlichen Neustart hab ich wieder den net start Befehl eingegeben und jetzt kommt die Meldung "Der angeforderte Dienst wurde bereits gestartet".

Danach meldete Antivir dass unter Qoobox\Quarantine\....\wgsdgsdgdsgsd.exe.vir der Torjaner TR/Drop.Injector.gtgb gefunden wurde. (Dies ist nur fürs Protokoll, ich nehme an eines der anderen Programme hat die verseuchten Viren in das Verzeichnis getan, heißt ja nicht umsonst Quarantine).
P.S: Ich schalte den Virenscanner immer aus bevor ich deine Schritte durchführe, nur nach dem Neustarten ist er halt immer wieder aktiv. (Auch nur fürs Protokoll)

Hier der Log von FSS:
Code:
ATTFilter
Farbar Service Scanner Version: 23-12-2012
Ran by verena (administrator) on 02-01-2013 at 19:43:17
Running from "C:\Users\verena\Desktop"
Windows Vista (TM) Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-17 06:59] - [2011-04-21 14:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-11 19:18] - [2010-06-16 16:59] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-15 23:30] - [2011-03-02 15:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-21 03:24] - [2008-01-21 03:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-21 03:23] - [2008-01-21 03:23] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 03:23] - [2008-01-21 03:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-21 03:23] - [2008-01-21 03:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 03:24] - [2008-01-21 03:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 03:25] - [2008-01-21 03:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2008-09-19 18:20] - [2008-04-18 06:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-21 03:24] - [2008-01-21 03:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-14 21:41] - [2010-02-18 15:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-15 12:12] - [2009-03-03 05:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****
         

Alt 03.01.2013, 00:32   #10
aharonov
/// TB-Ausbilder
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Hi!

Genau, Avira hat nur etwas gefunden, das bereits sicher in der Quarantäne aufgehoben ist, kein Grund zur Sorge.
Hast du während des FSS-Scans die Internetverbindung getrennt gehabt?


Schritt 1

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
ATTFilter
>look.txt (
for %%g in (
winmgmt
) do ( 
sc qc %%g
sc query %%g
reg query HKLM\System\CurrentControlSet\Services\%%g /s
)
)
notepad look.txt
         
  • Wähle Datei --> Speichern unter
  • Dateiname: reglook.bat
  • Dateityp: Wähle Alle Dateien (*.*)
  • Speichere die Datei auf deinem Desktop.

    Es sollte nun ungefähr so aussehen
  • Starte die reglook.bat.
    Vista und Win7 User: Mit Rechtsklick "als Administrator starten"
  • Es wird sich ein Notepadfenster öffnen. Kopieren dessen gesamten Inhalt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log des bat-Skripts
__________________
cheers,
Leo

Alt 03.01.2013, 07:50   #11
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Guten Morgen!

Internet/Wlan ist nicht verbunden, auch während des FSS Scans war es aus.

Hier das Log des bat-scripts:
Code:
ATTFilter
C:\Windows\system32>(
sc qc winmgmt  
 sc query winmgmt  
 reg query HKLM\System\CurrentControlSet\Services\winmgmt /s 
) 
[SC] QueryServiceConfig ERFOLG

SERVICE_NAME: winmgmt
        TYPE               : 20  WIN32_SHARE_PROCESS 
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 0   IGNORE
        BINARY_PATH_NAME   : C:\Windows\system32\svchost.exe -k netsvcs
        LOAD_ORDER_GROUP   : 
        TAG                : 0
        DISPLAY_NAME       : Windows-Verwaltungsinstrumentation
        DEPENDENCIES       : RPCSS
        SERVICE_START_NAME : localSystem

SERVICE_NAME: winmgmt 
        TYPE               : 20  WIN32_SHARE_PROCESS  
        STATE              : 4  RUNNING 
                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt
    DisplayName    REG_SZ    Windows-Verwaltungsinstrumentation
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k netsvcs
    Description    REG_SZ    Bietet eine standardm„áige Schnittstelle und Objektmodell zum Zugreifen auf Verwaltungsinformationen ber das Betriebssystem, Ger„te, Anwendungen und Dienste. Die meiste Windows-basierte Software kann nicht ordnungsgem„á ausgefhrt werden, falls dieser Dienst beendet wird. Falls dieser Dienst deaktiviert wird, k”nnen die Dienste, die von diesem Dienst ausschlieálich abh„ngig sind, nicht mehr gestartet werden.
    ObjectName    REG_SZ    localSystem
    ErrorControl    REG_DWORD    0x0
    Start    REG_DWORD    0x2
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    RPCSS
    ServiceSidType    REG_DWORD    0x1
    FailureActions    REG_BINARY    80510100000000000000000002000000140000000100000060EA00000100000060EA0000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winmgmt\Parameters
    ServiceDllUnloadOnStop    REG_DWORD    0x1
    ServiceDll    REG_EXPAND_SZ    %SystemRoot%\system32\wbem\WMIsvc.dll
    ServiceMain    REG_SZ    ServiceMain
         
Die nächsten Schritte werde ich erst am Samstag durchführen können.

LG,
Tom

Alt 03.01.2013, 13:33   #12
aharonov
/// TB-Ausbilder
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Hi Tom,
der betroffene Dienst scheint repariert zu sein, wir können weiter machen.


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:AdwCleaner[S1].txt. (x = fortlaufende Nummer)



Schritt 2
  • Öffne das Programm Malwarebytes.
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von MBAM
  • Log von ESET
__________________
cheers,
Leo

Alt 05.01.2013, 20:33   #13
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



ADWCleaner-Log:
Code:
ATTFilter
# AdwCleaner v2.104 - Datei am 05/01/2013 um 18:36:13 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : verena - VERENA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\verena\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\verena\AppData\Local\Ilivid Player

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18639

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\verena\AppData\Roaming\Mozilla\Firefox\Profiles\4ja7ie9b.default\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.order.1", "Web Search");
Gelöscht : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=");

*************************

AdwCleaner[S1].txt - [3609 octets] - [05/01/2013 18:36:13]

########## EOF - C:\AdwCleaner[S1].txt - [3669 octets] ##########
         
MBMA-Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.05.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
verena :: VERENA-PC [Administrator]

05.01.2013 18:40:55
mbam-log-2013-01-05 (18-40-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206518
Laufzeit: 6 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\verena\Downloads\SoftonicDownloader_fuer_stickies.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
ESET-Log:
Code:
ATTFilter
C:\$RECYCLE.BIN\S-1-5-21-94412540-4286086940-4256644811-1000\$R6CRH61.zip	Win32/Reveton.N trojan
C:\Qoobox\Quarantine\C\ProgramData\dsgsdgdsgdsgw.js.vir	JS/Agent.NID trojan
C:\Qoobox\Quarantine\C\Users\verena\wgsdgsdgdsgsd.exe.vir	Win32/Reveton.N trojan
C:\Users\verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\1d5c26ca-1f496d41	a variant of Java/Exploit.CVE-2012-1723.FG trojan
C:\Users\verena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\1fbca89c-69b3e954	Win32/Reveton.N trojan
         
Vielen Dank!

Alt 06.01.2013, 02:16   #14
aharonov
/// TB-Ausbilder
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Prima, da wurde nichts Schlimmes mehr gefunden. Wir kümmern uns noch darum.
Jetzt kommt aber noch ein wichtiger Schritt: Auf deinem System fehlen zahlreiche Updates. Das sind gravierende Sicherheitslücken, die wir schliessen müssen.


Schritt 1

Bei deinem Betriebssystem Windows Vista fehlt das Service Pack 2. Und auch der Internet Explorer ist veraltet.
  • Drücke auf Start --> Alle Programme --> Windows Update.
  • Klicke dann links auf Nach Updates suchen.
  • Installiere gefundene Updates mit einem Klick auf Updates installieren.
  • Wiederhole diese Schritte, bis keine neuen Updates mehr angeboten werden.



Schritt 2

Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier.
  • Speichere die jxpiinstall.exe
  • Schliesse alle laufenden Programme, speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 10) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde, gehe zu
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu, sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher, dass überall ein Haken gesetzt ist, und klicke OK.
  • Klicke erneut OK.
Schneller Plugin-Test zur Überpüfung ob alles aktuell ist: PluginCheck



Schritt 3

Dein Flashplayer ist veraltet. Installiere folgendermassen die aktuelle Version:
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.



Schritt 4

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software --> Adobe Reader
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.



Schritt 5

Starte bitte die OTL.exe.
  • Unter Extra Registry, wähle Use SafeList.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Logs von OTL
__________________
cheers,
Leo

Alt 06.01.2013, 16:35   #15
ht-tom
 
Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Standard

Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.



Hallo!

Die Updates haben alle funktioniert.

Hier die OTL Logs:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 06.01.2013 15:44:20 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\verena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,90% Memory free
6,18 Gb Paging File | 4,61 Gb Available in Paging File | 74,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 50,73 Gb Free Space | 53,87% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 112,81 Gb Free Space | 57,81% Space Free | Partition Type: NTFS
 
Computer Name: VERENA-PC | User Name: verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.06 15:43:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
PRC - [2013.01.06 11:57:35 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\verena\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.06 20:26:25 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 20:46:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.07 20:43:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 20:40:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.07 20:40:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.31 01:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.08.31 01:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.08.31 01:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.03.25 02:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.05.19 17:11:52 | 000,136,544 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.28 12:40:28 | 000,020,480 | ---- | M] ( ) -- C:\Programme\Google\Google EULA\GoogleEULALauncher.exe
PRC - [2008.04.28 16:21:56 | 000,374,784 | ---- | M] (ODM) -- C:\Programme\OEM\OSD_1.12\osd.exe
PRC - [2008.04.25 07:25:52 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Programme\OEM\OSD_1.12\OsdService.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:24:43 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
PRC - [2007.02.22 17:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2007.01.18 13:18:44 | 000,143,360 | ---- | M] () -- C:\Programme\DVBT\DetectTray.exe
PRC - [2006.09.18 13:12:06 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\Windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.06 11:57:34 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2013.01.02 19:26:00 | 000,115,137 | ---- | M] () -- C:\Users\verena\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
MOD - [2012.12.06 20:26:25 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.08.31 01:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.06.21 20:04:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f4458d63e51a43c856942ea40dda3a9\System.ServiceProcess.ni.dll
MOD - [2011.06.21 20:04:02 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\1e57fb2f24821b515044195fd65b2932\System.Management.ni.dll
MOD - [2011.06.21 20:02:29 | 000,762,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\147d80d48b7fc72c4689fc23f891be2e\System.Runtime.Remoting.ni.dll
MOD - [2011.06.21 20:02:21 | 001,781,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\45af364b6f9480c42c4c57ea46f384f6\System.Xaml.ni.dll
MOD - [2011.06.21 14:14:33 | 017,673,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e1118f4cb54334d606d47fd4e1bcc09e\PresentationFramework.ni.dll
MOD - [2011.06.21 14:14:26 | 013,137,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0913ecd628fbe0f64451d85fa1d7b3e2\System.Windows.Forms.ni.dll
MOD - [2011.06.21 14:14:18 | 011,106,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0ee99ffeb7b1ab53f394e0e1bf8759ce\PresentationCore.ni.dll
MOD - [2011.06.21 14:14:16 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ee45e20c2c4ce557fba419edec412c48\System.Drawing.ni.dll
MOD - [2011.06.21 14:14:14 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f0f2f6a930ca9154cf7880473442ac6a\PresentationFramework.Aero.ni.dll
MOD - [2011.06.21 14:14:06 | 003,798,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c8482ea964f3031763d12f0a1c38d4ce\WindowsBase.ni.dll
MOD - [2011.06.21 14:13:55 | 007,053,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8a8bc7cc941913983b0dec8c65102629\System.Core.ni.dll
MOD - [2011.06.21 14:13:54 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\912daeab3595b7987f79bc58a93190eb\System.Xml.ni.dll
MOD - [2011.06.21 14:13:48 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d5bd0e884402abff8c9fa924ffd7375f\System.Configuration.ni.dll
MOD - [2011.06.21 14:13:47 | 009,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\77dc32bfb24f92096395d259733ba80b\System.ni.dll
MOD - [2011.06.21 14:09:38 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fd30bb8e36e4d03126abb3c20a3d9c40\mscorlib.ni.dll
MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2009.03.30 05:42:19 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2009.03.30 05:42:18 | 003,149,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2009.03.30 05:42:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009.03.30 05:42:14 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2009.03.30 05:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009.03.30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2007.01.18 13:18:44 | 000,143,360 | ---- | M] () -- C:\Programme\DVBT\DetectTray.exe
MOD - [2005.07.30 20:00:40 | 000,114,688 | ---- | M] () -- C:\Windows\System32\OdiOlDVR.dll
MOD - [2004.06.21 09:14:54 | 000,053,248 | ---- | M] () -- C:\Windows\System32\OdiAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.06 11:57:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.06 20:26:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.07 20:46:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.07 20:40:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.02.22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Programme\OEM\OSD_1.12\OsdService.exe -- (OsdService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.09.07 20:47:19 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.07 20:47:18 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.07 20:47:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.07 20:47:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 06:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010.12.21 06:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.09.01 07:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.09.10 19:30:03 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2008.05.01 07:35:54 | 003,660,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.04.03 13:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2008.03.31 11:02:34 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2007.12.19 18:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007.11.21 09:31:26 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2007.11.02 12:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic)
DRV - [2007.11.02 12:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt)
DRV - [2007.11.02 12:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
DRV - [2007.11.02 12:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5)
DRV - [2007.11.02 12:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 12:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus)
DRV - [2007.11.02 12:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.09.11 14:20:00 | 000,087,296 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EC168BDA.sys -- (EC168BDA)
DRV - [2006.04.07 16:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VNUSB.sys -- (VNUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=9rw1p_wd0ydVINcsbonNbvmB7Ek?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://mail.yahoo.de/"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {723AAF16-AF1F-4404-A5D7-0BFE39766605}:0.3.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:26:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.06 12:02:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.10.05 11:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2013.01.06 12:02:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:26:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.06 12:02:50 | 000,000,000 | ---D | M]
 
[2011.05.28 13:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Extensions
[2012.10.23 19:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions
[2010.04.28 17:40:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.05 12:59:40 | 000,000,000 | ---D | M] (Copy Plain Text) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\{723AAF16-AF1F-4404-A5D7-0BFE39766605}
[2009.03.26 20:16:01 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\verena\AppData\Roaming\mozilla\Firefox\Profiles\4ja7ie9b.default\extensions\moveplayer@movenetworks.com
[2009.10.05 11:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\verena\AppData\Roaming\mozilla\Sunbird\Profiles\fllmli6o.default\extensions
[2012.12.06 20:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.06 20:26:25 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.01 09:54:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.02 16:49:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\Windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DetectTray] C:\Programme\DVBT\DetectTray.exe ()
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\verena\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk = C:\Users\verena\AppData\Roaming\Microsoft\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_4D3FC276DECE661B01DFEC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Photos\Summertrip_2012\Reykjavik\DSC00451_bearb.jpg
O24 - Desktop BackupWallPaper: D:\Photos\Summertrip_2012\Reykjavik\DSC00451_bearb.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.06 15:43:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
[2013.01.06 15:38:55 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013.01.06 15:21:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013.01.06 15:21:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013.01.06 15:21:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013.01.06 13:13:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.01.06 12:03:43 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Local\Macromedia
[2013.01.06 12:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.01.06 12:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.01.06 11:57:35 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.06 11:09:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.06 11:08:29 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.06 11:08:18 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.06 11:08:18 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.06 11:08:18 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.06 11:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.01.06 11:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013.01.06 10:41:05 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.01.06 10:41:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013.01.06 10:41:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.01.06 10:41:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.01.06 10:41:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.01.06 10:41:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.01.06 10:41:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.01.06 10:41:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.01.06 10:41:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.01.06 10:41:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.01.06 10:41:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.01.06 10:41:03 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.01.06 10:41:03 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.01.06 10:41:03 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.01.06 10:41:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.01.06 10:41:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.01.06 10:41:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.01.06 10:38:59 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.01.06 10:38:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013.01.06 10:38:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.01.06 10:38:58 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.01.06 10:38:58 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.01.06 10:38:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013.01.06 10:38:58 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.01.06 10:38:58 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.01.06 10:38:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2013.01.06 10:38:57 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013.01.06 10:38:57 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2013.01.06 10:38:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.01.06 10:38:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013.01.06 10:38:57 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.01.06 10:38:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.01.06 10:38:56 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.01.06 10:38:56 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.01.06 10:38:55 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.01.06 10:38:54 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.01.06 10:38:54 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2013.01.06 10:38:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.01.06 10:38:54 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.01.06 10:38:54 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2013.01.05 18:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.05 18:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.01.02 16:58:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.02 16:58:43 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Local\temp
[2013.01.02 16:54:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.01.02 16:40:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012.12.31 09:48:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.31 09:48:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.31 09:48:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.31 09:47:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.31 09:46:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.30 13:36:42 | 000,000,000 | ---D | C] -- C:\Users\verena\AppData\Roaming\Malwarebytes
[2012.12.30 13:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.30 13:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.30 13:36:27 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.30 13:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.16 20:55:08 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.12.16 20:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.16 20:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.06 15:43:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\verena\Desktop\OTL.exe
[2013.01.06 15:36:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.06 15:36:24 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.06 15:36:24 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.06 15:36:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.06 15:32:30 | 000,154,902 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.01.06 15:32:30 | 000,154,902 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.01.06 15:32:00 | 000,002,487 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk
[2013.01.06 15:30:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.06 15:30:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.06 15:28:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.06 15:27:57 | 000,295,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.06 15:27:02 | 3215,613,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.06 14:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.06 12:02:50 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.01.06 11:57:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.01.06 11:57:35 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.06 11:20:35 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.01.06 11:08:01 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.01.06 11:07:58 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013.01.06 11:07:58 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.01.06 11:07:58 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.01.06 11:07:58 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.01.06 11:07:58 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.01.05 18:41:39 | 000,000,999 | ---- | M] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.02 16:49:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.30 15:39:11 | 000,000,680 | ---- | M] () -- C:\Users\verena\AppData\Local\d3d9caps.dat
[2012.12.30 14:05:34 | 000,302,592 | ---- | M] () -- C:\Users\verena\Desktop\q9bywqiq.exe
[2012.12.30 13:43:51 | 000,000,000 | ---- | M] () -- C:\Users\verena\defogger_reenable
[2012.12.30 13:42:23 | 000,050,477 | ---- | M] () -- C:\Users\verena\Desktop\Defogger.exe
[2012.12.30 13:36:29 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.22 09:52:52 | 000,002,637 | ---- | M] () -- C:\Users\verena\Desktop\Microsoft Office Word 2003.lnk
[2012.12.16 20:55:08 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.12 23:20:08 | 000,163,423 | ---- | M] () -- C:\Users\verena\Desktop\DSC01764.JPG
[2012.12.12 23:20:01 | 000,158,788 | ---- | M] () -- C:\Users\verena\Desktop\DSC01763.JPG
[1 C:\Users\verena\Desktop\*.tmp files -> C:\Users\verena\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.06 15:31:29 | 000,000,921 | ---- | C] () -- C:\Users\verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013.01.06 12:02:50 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.01.06 12:02:50 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.01.06 11:57:36 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.06 10:41:04 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.01.02 16:38:05 | 3215,613,952 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.31 09:48:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.31 09:48:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.31 09:48:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.31 09:48:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.31 09:48:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.30 14:06:50 | 000,302,592 | ---- | C] () -- C:\Users\verena\Desktop\q9bywqiq.exe
[2012.12.30 13:43:51 | 000,000,000 | ---- | C] () -- C:\Users\verena\defogger_reenable
[2012.12.30 13:42:20 | 000,050,477 | ---- | C] () -- C:\Users\verena\Desktop\Defogger.exe
[2012.12.30 13:36:29 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.12 23:20:07 | 000,163,423 | ---- | C] () -- C:\Users\verena\Desktop\DSC01764.JPG
[2012.12.12 23:20:01 | 000,158,788 | ---- | C] () -- C:\Users\verena\Desktop\DSC01763.JPG
[2011.01.29 16:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 16:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 16:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 16:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 16:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.11.29 22:15:47 | 000,004,096 | -H-- | C] () -- C:\Users\verena\AppData\Local\keyfile3.drm
[2010.10.31 15:45:43 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.14 08:25:41 | 000,000,680 | ---- | C] () -- C:\Users\verena\AppData\Local\d3d9caps.dat
[2008.10.15 13:11:28 | 000,171,629 | ---- | C] () -- C:\Users\verena\Teilnahmebestaetigung_widl.pdf
[2008.09.27 19:49:02 | 000,015,239 | ---- | C] () -- C:\Users\verena\edt_l2_lm_2008_2009_s3.pdf
[2008.09.27 19:48:31 | 000,008,209 | ---- | C] () -- C:\Users\verena\edt_agreg_lm_08_09_s1.pdf
[2008.09.27 19:46:08 | 000,005,745 | ---- | C] () -- C:\Users\verena\reunions_rentree_08_09.pdf
[2008.09.27 19:40:49 | 000,014,594 | ---- | C] () -- C:\Users\verena\edt_l1_lc_2008_2009_s1.pdf
[2008.09.10 19:35:40 | 000,233,472 | ---- | C] () -- C:\Users\verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.03 05:11:42 | 000,154,902 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.03 05:11:42 | 000,154,902 | ---- | C] () -- C:\ProgramData\nvModes.001
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 06.01.2013 15:44:20 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\verena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 55,90% Memory free
6,18 Gb Paging File | 4,61 Gb Available in Paging File | 74,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 50,73 Gb Free Space | 53,87% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 112,81 Gb Free Space | 57,81% Space Free | Partition Type: NTFS
 
Computer Name: VERENA-PC | User Name: verena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Users\verena\Desktop\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\verena\Desktop\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1489BDD0-DF1D-4F48-AFFE-12CFA1F1A110}" = rport=138 | protocol=17 | dir=out | app=system | 
"{17C806CD-5FC1-42E3-A431-49CCF8E672D1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1CDFDCC5-0521-4F9F-8C5B-BE10560678DC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4C32DA7C-E9CE-4F4A-B4D2-7A6EB4E083D6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{68729F60-42D4-4284-8549-524D68447FC3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6FD67952-4360-4A69-9808-490129409FE6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{702D8B00-0EF6-4BAE-BA6F-4A0F80F8DF5C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{78B71F87-2E0B-47B3-B37A-9A865DF2DF10}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7DA6EC1A-F2A0-4626-8519-34A362E02396}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8DF72FE7-51A7-46F2-BF1E-C109A22FE8D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{92F532B3-E2EB-4873-851A-28D5211022FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9DCC8E06-E822-40C7-8201-7D093AB9F753}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AFA72469-55F0-4439-9E8A-B86E4BF414C3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B0D452D8-E7E4-4C45-919A-D3C681C41033}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B8CAF55C-BB2D-4D3E-8A8A-6D069A42FA82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BA088893-00F0-422A-AA70-170974B7772B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C4C78AEA-F9F4-4F2B-98C4-77C4F397BEB0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F98EDFD2-2CBA-4AEB-9A28-DCCF2BA87DD4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FCC95243-296B-4941-A571-3F4362700239}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FD5AD74C-845D-45EC-AEA0-7E160A4A95BE}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E59267-59B9-42DD-BAFF-D571ACF2FE19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0526D508-B578-4288-98AE-70E219C582E4}" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0648BDD1-337D-4A8F-8ACC-E71FA8B05A64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AB5973B-A350-44CB-A205-4E162D46EA65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{161A7A17-47A3-47C8-9D7B-972D4FAF000E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{18E60919-6191-410F-A9BF-A0D93B8BB080}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B87374D-2236-4352-A545-852A4649B5C7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4D18C4B1-F13E-47E6-AD81-220118921F73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{76562F75-7C67-402A-8138-B003C9579ADA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{77420F8E-72B2-40D7-AEDC-18E40676F4B9}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{9F61CC14-3301-4759-B2AD-68D808CB681E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AEEC8CAE-36BB-41E3-80A5-F173E0009B7D}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{BAF34C7D-38F9-485D-82D9-B154CD5302B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDB5F8D0-05F2-4046-B5E2-D0EE49F59E41}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{C26CDBBD-0A41-448E-82B3-D4BF4F1C3305}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C4B76E08-3894-4309-BC9F-37FD27031538}" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F070F78E-74E1-4E86-ACFA-6687494585B5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC281BF4-61C3-44CF-98E7-D69CDDC48B94}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{117DAEC2-BC55-4BBE-98F0-7E288D00C10B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{226EE5EF-37DF-4F49-8B67-9F6446F5C393}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{3BF37AF1-1ACA-4E14-BFAB-CA3C3D5364BF}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{44AB24EA-4AB1-437E-933D-AB5A20259E73}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{47344484-FF21-4E08-B4BC-C8C781069DE4}C:\users\verena\desktop\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\users\verena\desktop\vlc\vlc.exe | 
"TCP Query User{666BBFC6-387F-4CFC-B454-967A999C1737}C:\users\verena\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{97D3E8DB-D33A-4774-BE10-9706CEEB3CB0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AA6E6B61-6B2E-4A92-8618-2BBF3B9CB74E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{AF9E711E-58D5-4CBB-94A1-621EF6736287}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{ECF3E530-59E7-4ED0-BA71-93A880FEFC7D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{F6791980-CCA5-4606-8737-759E10F16D99}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0041C3B3-E292-4A55-AB21-BE19B2090B64}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{14237D78-083A-4384-AF92-CD8D12A71FE0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{2207F600-E638-4348-A3F1-2B23AC36F900}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{38864E06-E8FA-4385-A149-DF5E6CA60FDF}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{54CC3212-D434-400F-80A6-70AF8B98E2F1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5C480BA6-C83C-4F6D-991B-D4D7565E7F81}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{6E1D3991-A582-43EF-9F80-1491BDC1290F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{722F09FE-A550-44CC-B21F-1A7D192B1F8A}C:\users\verena\desktop\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\users\verena\desktop\vlc\vlc.exe | 
"UDP Query User{C832622D-1C41-4920-B514-232A157BEE1F}C:\users\verena\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E0C1C88C-F8B5-4339-B039-76B535AE9782}C:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\verena\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{EAC715E0-0DE6-46A0-8DB5-9BBC93860679}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{18012051-2586-4DD5-80AB-8F2358CB78C9}" = Brother HL-4040CN
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}" = DVBT
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Cantabile 2.0 Lite" = Cantabile 2.0 Lite
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Standard)
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Desktop" = Google Desktop
"HyperSnap 6" = HyperSnap 6
"InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NVIDIA Drivers" = NVIDIA Drivers
"pdfFactory Pro" = pdfFactory Pro
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2013 10:34:59 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:36:27 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:36:28 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:37:54 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:37:54 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:37:55 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:37:56 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:37:59 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:37:59 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:39:51 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.01.2013 10:39:51 | Computer Name = verena-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 05.01.2013 16:37:03 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.01.2013 05:14:28 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.01.2013 05:51:22 | Computer Name = verena-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 06.01.2013 05:51:22 | Computer Name = verena-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 06.01.2013 05:54:27 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.01.2013 06:20:17 | Computer Name = verena-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.01.2013 07:00:26 | Computer Name = verena-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 06.01.2013 07:00:26 | Computer Name = verena-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 06.01.2013 07:00:26 | Computer Name = verena-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.01.2013 10:15:14 | Computer Name = verena-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Antwort

Themen zu Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.
7-zip, antivir, autorun, avira, bho, bildschirm, computer, excel, flash player, format, google, helper, iexplore.exe, install.exe, intranet, java/exploit.cve-2012-1723.fg, js/agent.nid, logfile, mozilla, norman, olympus, registry, rundll, security, software, trojaner, wgsdgsdgdsgsd.exe, win32/reveton.n, windows



Ähnliche Themen: Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin.


  1. Laptop meiner Freundin
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (13)
  2. Trojan.FakeMS.ED, Trojan.FakeMS, trojware.win32.injector
    Log-Analyse und Auswertung - 03.09.2014 (19)
  3. Der Laptop meiner Freundin hat kein Internet mehr und es wurde bereits viel Malware entdeckt.
    Log-Analyse und Auswertung - 17.06.2014 (17)
  4. Antivirus Security Pro auf Laptop (Freundin schuld :-( )
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (4)
  5. Software.Updater.ui.exe nun auf dem Rechner meiner Freundin nach dem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  6. Trojan.Ransom.ED, Trojan.Agent.ED und Trojan.FakeMS.PRGen auf laptop
    Log-Analyse und Auswertung - 13.04.2013 (9)
  7. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  8. Bublik b.; Trojan.Ransom.ED; Trojan.Agent.ED und Trojan.FakeMS.PRGen in Email?
    Mülltonne - 28.03.2013 (0)
  9. Trojan.FakeMS, Exploit.Drop.GSA, Trojan.Ransom.SUGen
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (18)
  10. Trojan.FakeMS / Trojan.Agent.ck / Exploit.Drop.GSA
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (3)
  11. Trojan.FakeMS, Rechner gesperrt, GVU Trojaner (BSI) Webcam-Fake, Zahlung: PaysafeCard, UKash
    Log-Analyse und Auswertung - 30.11.2012 (1)
  12. PC meiner Freundin wird immer langsamer
    Log-Analyse und Auswertung - 26.02.2012 (4)
  13. Keylogger bei meiner Freundin?
    Überwachung, Datenschutz und Spam - 16.01.2012 (1)
  14. Trojaner Kazy.26024.5 SpyEyes Trojan.FakeMS (hoffentlich) entfernt aber danach viele Probleme
    Plagegeister aller Art und deren Bekämpfung - 23.06.2011 (31)
  15. Benötige hilfe beim PC meiner Freundin
    Log-Analyse und Auswertung - 04.08.2007 (1)
  16. INET20004 hat den PC meiner Freundin befallen! Was tun?
    Plagegeister aller Art und deren Bekämpfung - 24.12.2006 (9)

Zum Thema Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. - Liebes Trojaner-Board. Ich hoffe dass ihr mir hier helfen könnt. Vor ein paar Tagen rief meine Freundin an. Während dem Surfen hatte sie plötzlich ne Meldung von der Bundespolizei (Österreich) - Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin....
Archiv
Du betrachtest: Polizei-100€ Trojaner (trojan.fakeMs) am Laptop meiner Freundin. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.