| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: habe auch den BKA-TrojanaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.08.2011, 14:24
| #1 |
| |  habe auch den BKA-Trojana Hallo, meine Laptop ist auch vom BKA-Trojana befallen. Ich habe bereits wenige beschriebene Schritte gemacht, bei der Eingabe "start srep.exe" kam aber folgende Fehlermeldung: AutoIt Error Line 9671 (File "F:\srep.exe"): Error: Variable used without being declared Was muss ich jetzt machen? Schonmal vielen Dank für die Hilfe!! |
|
14.08.2011, 07:05
| #2 | ||
| /// Helfer-Team    | habe auch den BKA-Trojana Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
kira
__________________ |
|
22.08.2011, 15:25
| #3 |
| | habe auch den BKA-Trojana Hallo,
__________________hier die Ergebnisse vom Scan. Da ich keine Internetverbindung hatte, konnte ich keine Update machen. Ergenisse nach dem Update poste ich auch gleich Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Datenbank Version: 7035
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
22.08.2011 15:59:45
mbam-log-2011-08-22 (15-59-45).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159360
Laufzeit: 3 Minute(n), 37 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avupdate (Trojan.Agent) -> Value: avupdate -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Lena\AppData\Roaming\jashla.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\0.12571312866766615.exe (Exploit.Dropper) -> Quarantined and deleted successfully.
Geändert von Lena87 (22.08.2011 um 16:20 Uhr) |
|
22.08.2011, 15:26
| #4 |
| | habe auch den BKA-Trojana Hier der Rest nach Update: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Datenbank Version: 7535
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
22.08.2011 16:24:45
mbam-log-2011-08-22 (16-24-45).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169006
Laufzeit: 10 Minute(n), 7 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Lena\AppData\Local\Temp\jar_cache568606284310826743.tmp (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
Geändert von Lena87 (22.08.2011 um 16:20 Uhr) |
|
22.08.2011, 16:11
| #5 |
| | habe auch den BKA-Trojana Hier der OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.08.2011 16:36:20 - Run 1 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lena\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 61,32% Memory free 5,71 Gb Paging File | 4,54 Gb Available in Paging File | 79,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 51,48 Gb Free Space | 44,21% Space Free | Partition Type: NTFS Drive D: | 106,68 Gb Total Space | 25,04 Gb Free Space | 23,47% Space Free | Partition Type: NTFS Drive E: | 9,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LENA-PC | User Name: Lena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lena\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100) PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe () PRC - C:\Program Files\ATK Hotkey\WDC.exe () PRC - C:\Program Files\ATK Hotkey\HControlUser.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe () PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ASUS\ATK Media\GPSWATCH.EXE ( ) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (No Company Name) ========== MOD - C:\Users\Lena\AppData\Local\Google\Chrome\Application\13.0.782.112\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Lena\AppData\Local\Google\Chrome\Application\13.0.782.112\pdf.dll () MOD - C:\Users\Lena\AppData\Local\Google\Chrome\Application\13.0.782.112\avutil-50.dll () MOD - C:\Users\Lena\AppData\Local\Google\Chrome\Application\13.0.782.112\avformat-52.dll () MOD - C:\Users\Lena\AppData\Local\Google\Chrome\Application\13.0.782.112\avcodec-52.dll () MOD - C:\Users\Lena\AppData\Local\Google\Chrome\Application\13.0.782.112\gcswf32.dll () MOD - C:\Users\Lena\AppData\Local\Google\Chrome\APPLIC~1\130782~1.112\gcswf32.dll () MOD - C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll () MOD - C:\Program Files\ICQ7.1\MDb.dll () MOD - C:\Program Files\Uniblue\RegistryBooster\cache.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files\ATKOSD2\ATKOSD2.exe () MOD - C:\Program Files\ATK Hotkey\HControlUser.exe () MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files\ATK Hotkey\MsgTran.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (Symantec Core LC) -- C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe () SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (cpuz132) -- C:\Users\Lena\AppData\Local\Temp\cpuz132\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090127.025\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090127.025\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090120.002\IDSvix86.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation) DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys () DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr-nb&p=" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3 FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.9&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lena\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lena\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.29 14:05:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.29 14:05:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.08 11:49:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.04 14:30:36 | 000,000,000 | ---D | M] [2010.08.30 18:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Extensions [2010.08.30 18:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.08.02 17:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions [2009.09.02 15:42:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.30 19:55:04 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2011.07.30 19:56:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.02 15:41:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.10.06 14:40:06 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions\ChoiceGuard@Microsoft [2011.02.19 17:56:12 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions\engine@conduit.com [2011.08.02 17:10:58 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions\plugin@yontoo.com [2010.09.13 19:15:02 | 000,002,385 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\askcom.xml [2009.10.06 14:48:43 | 000,002,163 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\bing.xml [2010.12.22 17:23:04 | 000,000,941 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\conduit.xml [2011.08.02 15:43:10 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-1.xml [2010.05.03 18:07:21 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-10.xml [2011.07.30 19:32:02 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-11.xml [2011.08.02 15:41:10 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-12.xml [2009.09.15 00:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-2.xml [2009.11.02 08:58:25 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-3.xml [2009.12.20 21:21:14 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-4.xml [2010.01.12 09:43:27 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-5.xml [2010.02.16 17:39:35 | 000,000,961 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-6.xml [2010.03.13 13:28:33 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-7.xml [2010.04.01 09:56:05 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-8.xml [2010.04.03 17:41:19 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-9.xml [2011.06.19 17:24:00 | 000,000,168 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin.gif [2011.06.19 17:24:00 | 000,000,618 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin.src [2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin.xml [2011.07.29 14:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009.01.19 21:20:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.03.31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [MAGIXautostart] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [PCFix] File not found O4 - HKCU..\Run: [playmb] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Lena\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Lena\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{15b88716-9941-11de-b1ff-00235456f275}\Shell\AutoRun\command - "" = F:\Start.htm O33 - MountPoints2\{5786923e-c431-11de-a6b8-00235456f275}\Shell - "" = AutoRun O33 - MountPoints2\{5786923e-c431-11de-a6b8-00235456f275}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{57869264-c431-11de-a6b8-00235456f275}\Shell - "" = AutoRun O33 - MountPoints2\{57869264-c431-11de-a6b8-00235456f275}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{57869274-c431-11de-a6b8-f1c1462cda3a}\Shell - "" = AutoRun O33 - MountPoints2\{57869274-c431-11de-a6b8-f1c1462cda3a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{578692c4-c431-11de-a6b8-00235456f275}\Shell - "" = AutoRun O33 - MountPoints2\{578692c4-c431-11de-a6b8-00235456f275}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{578692c7-c431-11de-a6b8-00235456f275}\Shell - "" = AutoRun O33 - MountPoints2\{578692c7-c431-11de-a6b8-00235456f275}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{578692e2-c431-11de-a6b8-884566132081}\Shell - "" = AutoRun O33 - MountPoints2\{578692e2-c431-11de-a6b8-884566132081}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{578692e4-c431-11de-a6b8-884566132081}\Shell - "" = AutoRun O33 - MountPoints2\{578692e4-c431-11de-a6b8-884566132081}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d4ce5e01-ff09-11de-9034-e9cd8191ce7f}\Shell - "" = AutoRun O33 - MountPoints2\{d4ce5e01-ff09-11de-9034-e9cd8191ce7f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d4ce5e02-ff09-11de-9034-e9cd8191ce7f}\Shell - "" = AutoRun O33 - MountPoints2\{d4ce5e02-ff09-11de-9034-e9cd8191ce7f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.22 16:33:23 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Lena\Desktop\OTL.exe [2011.08.22 15:49:53 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Malwarebytes [2011.08.22 15:49:48 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.22 15:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.22 15:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.22 15:49:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.22 15:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.11 03:10:29 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.11 03:10:17 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.11 03:10:16 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.11 03:10:15 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.08.11 03:10:15 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.08.11 03:10:14 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.08.11 03:10:14 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.08.11 03:10:14 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.08.11 03:08:54 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.11 03:08:54 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.08.02 17:12:39 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Mirillis [2011.08.02 17:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirillis [2011.08.02 17:12:30 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Local\Mirillis [2011.08.02 17:12:16 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mirillis [2011.08.02 17:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mirillis [2011.08.02 17:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime [2011.08.02 17:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2011.07.29 10:47:59 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.07.24 21:52:19 | 000,000,000 | ---D | C] -- C:\Users\Lena\AppData\Roaming\Audacity [2011.07.24 21:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode) [2011.07.24 20:47:29 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LMRTREND.dll [2011.07.24 20:47:28 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\System32\tm20dec.ax [2011.07.24 20:47:27 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft3.dll [2011.07.24 20:47:24 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unam4ie.exe [2011.07.24 20:47:19 | 001,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\danim.dll [2011.07.24 20:47:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz.drv [2011.07.24 20:47:18 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcut.dll [2011.07.24 20:47:16 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w95inf32.dll [2011.07.24 20:47:16 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w95inf16.dll [2011.07.24 20:47:16 | 000,000,000 | ---D | C] -- C:\Windows\~dxmcab~ [2011.07.24 20:46:30 | 000,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe [2011.07.24 20:46:30 | 000,188,416 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll [2011.07.24 20:46:30 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll [2011.07.24 20:46:30 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll [2011.07.24 20:46:30 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll [2011.07.24 20:46:30 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll [2011.07.24 20:46:30 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll [2011.07.24 20:46:29 | 000,163,840 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll [2011.07.24 20:46:29 | 000,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll [2011.07.24 20:46:29 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll [2011.07.24 20:46:29 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll [2011.07.24 20:46:29 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll [2011.07.24 20:46:29 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll [2011.07.24 20:46:29 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll [2011.07.24 20:46:29 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll [2011.07.24 20:46:29 | 000,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll [2011.07.24 20:46:29 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll [2011.07.24 20:46:29 | 000,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll [2011.07.24 20:46:29 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll [2011.07.24 20:46:29 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll [2011.07.24 20:46:29 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll [2011.07.24 20:46:29 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll [2011.07.24 20:46:28 | 000,462,848 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll [2011.07.24 20:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared [2011.07.24 20:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.07.24 20:44:47 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\Windows\System32\ROBOEX32.DLL [2011.07.24 20:44:47 | 000,085,504 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\HtmlWH.dll [2011.07.24 20:44:47 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\INETWH32.dll [2011.07.24 20:44:47 | 000,000,000 | ---D | C] -- C:\MAGIX [2011.07.24 20:44:20 | 000,626,688 | ---- | C] (MAGIX AG) -- C:\Windows\System32\mgxoschk.dll [2011.07.24 20:44:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\MAGIX [2011.07.23 18:10:34 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.23 18:10:24 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.08.22 16:43:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3296497871-3204600602-4166676122-1000UA.job [2011.08.22 16:35:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.22 16:35:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.22 16:35:34 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.22 16:35:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.22 16:33:47 | 000,054,932 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.08.22 16:33:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Lena\Desktop\OTL.exe [2011.08.22 16:28:55 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.08.22 16:28:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.22 16:28:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.22 16:28:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.22 16:28:36 | 2951,897,088 | -HS- | M] () -- C:\hiberfil.sys [2011.08.22 16:05:27 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{88B6D7CC-2168-41CD-AF29-0441FD2920FB}.job [2011.08.22 16:04:04 | 000,054,932 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.08.22 16:03:38 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.08.22 15:49:48 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.18 15:32:04 | 000,008,268 | ---- | M] () -- C:\Users\Lena\AppData\Local\d3d9caps.dat [2011.08.14 14:18:36 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Lena.job [2011.08.13 12:13:28 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3296497871-3204600602-4166676122-1000Core.job [2011.08.10 01:48:32 | 000,002,082 | ---- | M] () -- C:\Users\Lena\Desktop\Google Chrome.lnk [2011.08.09 17:14:25 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.08.08 22:45:07 | 000,000,580 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Lena.job [2011.08.08 19:54:11 | 000,012,026 | ---- | M] () -- C:\Users\Lena\Desktop\276996_235583776481624_5458966_n.jpg [2011.08.02 17:12:17 | 000,002,017 | ---- | M] () -- C:\Users\Lena\Desktop\Splash Lite.lnk [2011.08.02 17:10:44 | 013,377,240 | ---- | M] () -- C:\Users\Lena\Desktop\splash_lite_1_6_1_setup.exe [2011.07.31 10:18:35 | 000,330,849 | ---- | M] () -- C:\Users\Lena\Desktop\Xchange-Formular_D_2011.pdf [2011.07.29 14:05:23 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.07.27 23:27:49 | 000,000,157 | ---- | M] () -- C:\Windows\MusicMaker.INI [2011.07.27 22:27:50 | 000,435,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.27 16:54:01 | 000,000,396 | ---- | M] () -- C:\Windows\BeatBox.INI [2011.07.25 14:43:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.25 14:43:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.24 21:52:09 | 000,000,948 | ---- | M] () -- C:\Users\Lena\Desktop\Audacity 1.3 Beta (Unicode).lnk [2011.07.24 20:47:16 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w95inf32.dll [2011.07.24 20:47:16 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\w95inf16.dll [2011.07.24 20:46:59 | 000,000,739 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Online Druck Service.lnk [2011.07.24 20:46:24 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker Schulversion.lnk ========== Files Created - No Company Name ========== [2011.08.22 16:03:15 | 2951,897,088 | -HS- | C] () -- C:\hiberfil.sys [2011.08.22 15:49:48 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.08 19:54:05 | 000,012,026 | ---- | C] () -- C:\Users\Lena\Desktop\276996_235583776481624_5458966_n.jpg [2011.08.08 11:49:47 | 000,001,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.08.02 17:12:17 | 000,002,017 | ---- | C] () -- C:\Users\Lena\Desktop\Splash Lite.lnk [2011.08.02 17:10:25 | 013,377,240 | ---- | C] () -- C:\Users\Lena\Desktop\splash_lite_1_6_1_setup.exe [2011.07.31 10:18:35 | 000,330,849 | ---- | C] () -- C:\Users\Lena\Desktop\Xchange-Formular_D_2011.pdf [2011.07.29 14:05:23 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.07.29 10:48:04 | 000,002,082 | ---- | C] () -- C:\Users\Lena\Desktop\Google Chrome.lnk [2011.07.29 10:46:49 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3296497871-3204600602-4166676122-1000UA.job [2011.07.29 10:46:47 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3296497871-3204600602-4166676122-1000Core.job [2011.07.25 00:21:02 | 000,000,157 | ---- | C] () -- C:\Windows\MusicMaker.INI [2011.07.24 23:28:43 | 000,000,396 | ---- | C] () -- C:\Windows\BeatBox.INI [2011.07.24 21:52:09 | 000,000,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk [2011.07.24 21:52:09 | 000,000,948 | ---- | C] () -- C:\Users\Lena\Desktop\Audacity 1.3 Beta (Unicode).lnk [2011.07.24 20:47:19 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2011.07.24 20:47:19 | 000,005,672 | ---- | C] () -- C:\Windows\System32\quartz.vxd [2011.07.24 20:46:59 | 000,000,739 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Online Druck Service.lnk [2011.07.24 20:46:30 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll [2011.07.24 20:46:29 | 000,014,182 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib [2011.07.24 20:46:24 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker Schulversion.lnk [2011.07.24 20:44:20 | 000,004,345 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.08.25 23:34:05 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat [2010.03.07 16:56:10 | 000,008,268 | ---- | C] () -- C:\Users\Lena\AppData\Local\d3d9caps.dat [2009.12.20 23:21:06 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe [2009.09.01 06:31:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll [2009.08.05 00:04:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.05 00:04:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.01.19 21:38:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2008.11.09 21:51:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.11.09 20:43:18 | 000,054,932 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.11.09 18:09:47 | 000,054,932 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.11.04 18:26:18 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2008.11.03 21:48:32 | 000,138,752 | ---- | C] () -- C:\Users\Lena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.15 04:52:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2008.10.15 04:48:08 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2008.10.15 04:29:42 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.10.15 03:45:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.16 13:11:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 13:11:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,435,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll < End of report > [Code] |
|
22.08.2011, 16:16
| #6 |
| | habe auch den BKA-Trojana Und der Extras.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.08.2011 16:36:20 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Lena\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 61,32% Memory free
5,71 Gb Paging File | 4,54 Gb Available in Paging File | 79,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 51,48 Gb Free Space | 44,21% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 25,04 Gb Free Space | 23,47% Space Free | Partition Type: NTFS
Drive E: | 9,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: LENA-PC | User Name: Lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD35FAB-14C6-4CEF-A81A-7109FEC9577E}" = lport=139 | protocol=6 | dir=in | app=system |
"{410FA958-16FB-4D32-94BE-0595178385BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4E8245FC-E1FD-4B3B-8033-9C4A9D53F930}" = lport=445 | protocol=6 | dir=in | app=system |
"{5158E70C-762A-4FA9-9274-F999AA8DFD26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5DA06C04-1023-45B9-BDD2-60E36B9403DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{671DDBAD-4E10-4640-81AD-800E872108F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F49EB83-2BA5-4B42-895E-9A4C48CE1EE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8AD7CC60-028C-4607-B26B-A274C8D7185A}" = rport=139 | protocol=6 | dir=out | app=system |
"{963F7AA1-1F5A-4669-BAA3-00B91625E44D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9BADD786-FD00-4048-B9F4-57F5AF15E454}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8A755B0-BFB4-4483-B109-447E0E75AEF1}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAC76E44-34AB-4A8E-91F4-44B31B63092B}" = rport=138 | protocol=17 | dir=out | app=system |
"{F9A2EAC6-0A1E-4F04-ADDC-B3C2F5824927}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0547DBCC-04C6-4F47-8C0D-37C56CB35BA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0724E1E2-0967-4785-A358-D545AE9C67E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{082F9AEE-FC5F-44B7-BB8E-8D2F101A0512}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{08C4C9E1-9031-4988-862E-234483BED0E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D4D874B-8137-4751-80FE-96A98C06C95D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{242B8FDA-C3A2-429E-8330-043D272B4588}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2557E8CF-4802-4119-8740-AFA8EDFBA806}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2795AC94-6738-43C1-B6CD-6121674639D0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{2CA76998-6F25-44FF-8FAA-214C3245CBED}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{34E1311B-1613-4C2A-A24C-96CCCA90F50A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35C0860C-E7B0-4577-B44B-C2E89BE58C56}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{363FE157-383C-435D-9335-1EE95AAE774B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3687F6AB-C239-417E-B794-B83174D67CAB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{37B2631B-51AF-4C99-AA4F-615E17F103D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3CF84CB3-9E27-42B1-97D9-81E4D05D1B54}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FA0AC6B-E093-4C61-8C61-A55515494686}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48DA9B56-B6A1-4CB7-972B-DBC8A0BC9563}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4F91F0C4-987E-48C7-8DBD-644B849A25FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5015D77B-2954-4CFF-B2FC-825B15262A53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{53D71190-2CD4-4CBA-90D3-8C9BE43D3A1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59B5C315-6827-476B-A87C-AA351BFFAEB9}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{610E9587-0831-4FE2-BD6D-633A98FAB46E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64098E2F-37D0-4AB9-B394-98A70FDDC13A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A657C84-99AF-473E-833F-64FA2B683B9D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6FC1A795-EE1C-4282-A7B9-12905AB74762}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75190CC7-A579-46DC-9231-05E19894A11B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81E1BF74-F332-4570-AFC2-D1DB41D11266}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{88F4BE79-997D-43F5-A08E-36F68112B8E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B671B2F-9ACA-41B5-B38E-1D964AEF9E59}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{916ABA9C-D45B-4757-9C26-9D4CF9305723}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96A2602D-7335-4CCA-B919-47E6A637D443}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A1019D77-A6EF-4ED3-B8FF-98E9C3A77451}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A715D4EB-CCCD-4F39-83EE-4E17A39AADC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8931878-0806-47AD-BD3F-E9F71873E75F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9BDA513-28DC-4562-AB60-F2FFFA7F686E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC4A2D4D-962D-464B-8C1C-E36F8185647E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B03CB145-6536-4D36-9AA1-131743195CD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B35E7B59-A230-48D9-9C6C-630FBA976AFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B571E19A-4280-43B8-B8CA-A87DA7C80B4F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{C07BEC9B-B809-4109-9A56-B19F27A60BB8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{C2336102-9EEA-4DE5-996C-488596C23DDC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"{CFFB01CA-A453-4004-A7CF-11720084E37B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DC7B6369-3C29-400C-9EA0-BED6F905EED0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCFF2FAD-1881-4E12-8574-764C04352A65}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E051E043-8F34-46DA-B85F-B4E41AC917C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1B247D9-2389-4B0E-B562-4A8A1DCF68C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1EBEA06-2718-4957-BB58-5BAD35AB61D5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe |
"{E49CB503-939F-414C-8ACB-C11F54748181}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE8B5DAB-7777-4B87-971E-A4AD5AD343C9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FA95D3DE-B6E5-4841-8462-7A91785FF75F}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1EE3E00F-A62B-4EE7-8EDB-1E53FD3158E3}" = SymNet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{58B269E7-5D66-4425-89C8-7EA0FDCD70C2}" = Splash Lite
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8530BC7E-BA2B-44FB-A9D9-6EEF01C084F2}" = capella 2008
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A23E5590-6799-437B-9723-2627BA800B6F}" = Dolby Control Center
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALUpdate_is1" = ALTools Update
"ALZip_is1" = ALZip
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"MAGIX Music Maker Schulversion D" = MAGIX Music Maker Schulversion (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.10
"VMidi" = vanBasco's Karaoke Player
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.08.2011 18:47:34 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10935
Error - 10.08.2011 18:47:36 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.08.2011 18:47:36 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11981
Error - 10.08.2011 18:47:36 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11981
Error - 10.08.2011 18:47:38 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.08.2011 18:47:38 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14258
Error - 10.08.2011 18:47:38 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14258
Error - 10.08.2011 21:00:50 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.08.2011 21:00:50 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8006392
Error - 10.08.2011 21:00:50 | Computer Name = Lena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8006392
[ Media Center Events ]
Error - 31.12.2008 22:01:06 | Computer Name = Lena-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
Error - 12.02.2009 13:45:58 | Computer Name = Lena-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
Error - 21.05.2009 17:18:02 | Computer Name = Lena-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 16.08.2009 16:34:34 | Computer Name = Lena-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 09.10.2009 10:04:51 | Computer Name = Lena-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 22.08.2011 09:47:50 | Computer Name = Lena-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 22.08.2011 09:47:50 | Computer Name = Lena-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 22.08.2011 09:47:50 | Computer Name = Lena-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 22.08.2011 09:47:51 | Computer Name = Lena-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 22.08.2011 10:04:30 | Computer Name = Lena-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 22.08.2011 10:06:15 | Computer Name = Lena-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 22.08.2011 10:07:55 | Computer Name = Lena-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 22.08.2011 10:07:55 | Computer Name = Lena-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 22.08.2011 10:29:24 | Computer Name = Lena-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 22.08.2011 10:30:18 | Computer Name = Lena-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
[Code] |
|
23.08.2011, 05:58
| #7 |
| /// Helfer-Team | habe auch den BKA-Trojana Punkt 3. fehlt noch!
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
24.08.2011, 10:05
| #8 |
| | habe auch den BKA-Trojana Hallo Kira, hier noch das Ergebnis von Punkt 3. Hatte ich irgendwie übersehen.... Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 18.10.2009 1.114MB 12.0.6425.1000
Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 14.10.2008 13,5MB
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 18.01.2009 10.0.12.36
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 24.02.2010 10.0.45.2
Adobe Reader 8.2.6 Adobe Systems Incorporated 03.04.2011 133,9MB 8.2.6
ALTools Update ESTsoft Corp. 08.02.2010 2,35MB
ALZip ESTsoft Corp. 08.02.2010 11,2MB v7.52
Apple Application Support Apple Inc. 22.08.2010 42,8MB 1.3.0
Apple Mobile Device Support Apple Inc. 22.08.2010 19,9MB 3.1.0.62
Apple Software Update Apple Inc. 08.11.2008 2,16MB 2.1.1.116
ASUS InstantFun ASUS 13.10.2008 14,6MB 1.0.0015
ASUS Live Update ASUS 14.10.2008 0,46MB 2.5.6
ASUS Power4Gear eXtreme ASUS 13.10.2008 7,14MB 1.0.19
ASUS SmartLogon ASUS 13.10.2008 10,7MB 1.0.0005
ASUS Splendid Video Enhancement Technology ASUS 13.10.2008 25,0MB 1.02.0021
Asus_Camera_ScreenSaver ASUS 14.10.2008 2.0.0007
Atheros Client Installation Program Atheros 13.10.2008 10,0MB 7.0
ATK Generic Function Service ATK 13.10.2008 0,45MB 1.00.0008
ATK Hotkey ATK 13.10.2008 6,07MB 1.00.0034
ATK Media 14.10.2008 0,24MB
ATKOSD2 ATK 13.10.2008 7,41MB 6.64.1.8
Audacity 1.3.13 (Unicode) Audacity Team 23.07.2011 42,3MB
Avira AntiVir Personal - Free Antivirus Avira GmbH 09.08.2011 139,3MB 10.2.0.700
Bonjour Apple Inc. 22.08.2010 0,76MB 2.0.2.0
BrotherSoft Extreme Toolbar BrotherSoft Extreme 18.02.2011 3,96MB 6.2.7.3
capella 2008 capella-software 15.11.2010 36,5MB 6.00.9160
CCleaner Piriform 23.08.2011 3,98MB 3.09
Cisco EAP-FAST Module Cisco Systems, Inc. 13.10.2008 1,04MB 2.1.6
Cisco LEAP Module Cisco Systems, Inc. 13.10.2008 1,04MB 1.0.12
Cisco PEAP Module Cisco Systems, Inc. 13.10.2008 0,85MB 1.0.13
Conduit Engine Conduit Ltd. 18.02.2011 3,82MB
CyberLink LabelPrint CyberLink Corp. 14.10.2008 86,4MB 2.0.2908
CyberLink Power2Go CyberLink Corp. 13.10.2008 122,2MB 6.0.1924
DivX Plus DirectShow Filters DivX, Inc. 18.05.2010 1,58MB
Dolby Control Center Dolby 13.10.2008 75,9MB 2.0.0706
Express Gate devicevm 13.10.2008 641MB 0.8.6.0
Free Audio CD Burner version 1.2 DVDVideoSoft Limited. 20.10.2009 2,60MB
Free YouTube to MP3 Converter version 3.2 DVDVideoSoft Limited. 20.10.2009 2,66MB
FreeMind 11.06.2009 10,3MB 0.8.1
GIMP 2.6.11 The GIMP Team 21.06.2011 112,0MB 2.6.11
Google Chrome Google Inc. 28.07.2011 279MB 13.0.782.112
ICQ7.1 ICQ 02.05.2010 45,5MB 7.1
iTunes Apple Inc. 22.08.2010 161,7MB 9.2.1.5
Java(TM) 6 Update 18 Sun Microsystems, Inc. 01.03.2010 97,1MB 6.0.180
Java(TM) 6 Update 3 Sun Microsystems, Inc. 08.11.2008 160,7MB 1.6.0.30
LightScribe System Software 1.14.17.1 LightScribe 13.10.2008 21,0MB 1.14.17.1
LiveUpdate (Symantec Corporation) Symantec Corporation 03.11.2008 16,8MB 3.4.1.232
MAGIX Music Maker Schulversion (D) MAGIX AG 23.07.2011 472MB 11.0.1.3
MAGIX Online Druck Service (D) MAGIX AG 23.07.2011 9,10MB 2.3.2.0
Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 21.08.2011 6,71MB 1.51.1.1800
Messenger Plus! Live Patchou 10.10.2009 12,8MB 4.82.0.368
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 21.08.2009 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 06.08.2009 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 05.10.2009 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.06.2011 0,29MB 8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 05.10.2009 0,19MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 09.05.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 01.03.2010 0,22MB 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.08.2009 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 28.02.2011 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 22.06.2011 0,58MB 9.0.30729.6161
Motorola SM56 Speakerphone Modem 14.10.2008 1,95MB
Mozilla Firefox 5.0.1 (x86 de) Mozilla 28.07.2011 35,2MB 5.0.1
Mozilla Thunderbird (5.0) Mozilla 07.08.2011 35,1MB 5.0 (de)
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 21.12.2009 35,00KB 4.20.9841.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.12.2009 34,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.12.2009 1,34MB 4.20.9876.0
NB Probe 14.10.2008 2,76MB
Norton Internet Security (Symantec Corporation) Symantec Corporation 14.10.2008 74,5MB 15.5.0.23
Norton Security Scan Symantec Corporation 11.06.2010 11,4MB 2.7.3.34
NVIDIA Drivers 14.10.2008
OpenOffice.org 3.2 OpenOffice.org 05.12.2010 363MB 3.2.9502
QuickTime Apple Inc. 14.04.2010 73,8MB 7.66.71.0
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 13.10.2008 22,2MB 6.0.1.5683
Samsung ML-1640 Series Samsung Electronics CO.,LTD 19.12.2009 67,8MB
SimCity 4 Deluxe 24.08.2010 1.195MB
Skype™ 4.2 Skype Technologies S.A. 16.04.2010 31,8MB 4.2.158
Softonic_Deutsch Toolbar 11.06.2009 1,91MB
Splash Lite Mirillis 01.08.2011 29,9MB 1.6.1
Synaptics Pointing Device Driver Synaptics 14.10.2008 13,6MB 10.0.12.0
Text-To-Speech-Runtime Magix Development GmbH 26.07.2011 0,25MB 1.0.0.0
Uniblue RegistryBooster Uniblue Systems Ltd 06.09.2010 18,2MB
Uninstall 1.0.0.1 20.10.2009 17,7MB
vanBasco's Karaoke Player 05.11.2009 2,08MB
VLC media player 1.1.10 VideoLAN 21.06.2011 788MB 1.1.10
Windows Live Anmelde-Assistent Microsoft Corporation 05.10.2009 1,93MB 5.000.818.5
Windows Live Essentials Microsoft Corporation 05.10.2009 44,1MB 14.0.8089.0726
Windows Live-Uploadtool Microsoft Corporation 05.10.2009 0,22MB 14.0.8014.1029
WinFlash 14.10.2008 1,37MB
Wireless Console 2 ATK 13.10.2008 2,12MB 2.0.10
Yontoo Layers Runtime 1.10.01 Yontoo LLC 01.08.2011 0,19MB 1.10.01
|
|
24.08.2011, 14:03
| #9 | |
| /// Helfer-Team | habe auch den BKA-Trojana 1. Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://de.search.yahoo.com/search?ei=UTF-8&fr=ffbr-nb&p="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.de"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
[2011.02.19 17:56:12 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lena\AppData\Roaming\mozilla\Firefox\Profiles\82smxyn2.default\extensions\engine@conduit.com
[2010.09.13 19:15:02 | 000,002,385 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\askcom.xml
[2009.10.06 14:48:43 | 000,002,163 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\bing.xml
[2010.12.22 17:23:04 | 000,000,941 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\conduit.xml
[2010.05.03 18:07:21 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-10.xml
[2011.07.30 19:32:02 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-11.xml
[2011.08.02 15:41:10 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-12.xml
[2009.09.15 00:04:45 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-2.xml
[2009.11.02 08:58:25 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-3.xml
[2009.12.20 21:21:14 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-4.xml
[2010.01.12 09:43:27 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-5.xml
[2010.02.16 17:39:35 | 000,000,961 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-6.xml
[2010.03.13 13:28:33 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-7.xml
[2010.04.01 09:56:05 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-8.xml
[2010.04.03 17:41:19 | 000,000,950 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin-9.xml
[2011.06.19 17:24:00 | 000,000,168 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin.gif
[2011.06.19 17:24:00 | 000,000,618 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin.src
[2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\82smxyn2.default\searchplugins\icqplugin.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKCU..\Run: [PCFix] File not found
O4 - HKCU..\Run: [playmb] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{15b88716-9941-11de-b1ff-00235456f275}\Shell\AutoRun\command - "" = F:\Start.htm
O33 - MountPoints2\{5786923e-c431-11de-a6b8-00235456f275}\Shell - "" = AutoRun
O33 - MountPoints2\{5786923e-c431-11de-a6b8-00235456f275}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{57869264-c431-11de-a6b8-00235456f275}\Shell - "" = AutoRun
O33 - MountPoints2\{57869264-c431-11de-a6b8-00235456f275}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{57869274-c431-11de-a6b8-f1c1462cda3a}\Shell - "" = AutoRun
O33 - MountPoints2\{57869274-c431-11de-a6b8-f1c1462cda3a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{578692c4-c431-11de-a6b8-00235456f275}\Shell - "" = AutoRun
O33 - MountPoints2\{578692c4-c431-11de-a6b8-00235456f275}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{578692c7-c431-11de-a6b8-00235456f275}\Shell - "" = AutoRun
O33 - MountPoints2\{578692c7-c431-11de-a6b8-00235456f275}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{578692e2-c431-11de-a6b8-884566132081}\Shell - "" = AutoRun
O33 - MountPoints2\{578692e2-c431-11de-a6b8-884566132081}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{578692e4-c431-11de-a6b8-884566132081}\Shell - "" = AutoRun
O33 - MountPoints2\{578692e4-c431-11de-a6b8-884566132081}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d4ce5e01-ff09-11de-9034-e9cd8191ce7f}\Shell - "" = AutoRun
O33 - MountPoints2\{d4ce5e01-ff09-11de-9034-e9cd8191ce7f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d4ce5e02-ff09-11de-9034-e9cd8191ce7f}\Shell - "" = AutoRun
O33 - MountPoints2\{d4ce5e02-ff09-11de-9034-e9cd8191ce7f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011.08.22 16:28:55 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
:Commands
[purity]
[emptytemp]
2. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 3. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 4. Code:
ATTFilter Uniblue RegistryBooster
 Eventuell meldet sich regelmäßig mit einem Fenster mit der Aufforderung zur Problembehandlung, was nur beim Kauf des Programms möglich ist! Mit der Kaufversion tritt das Problem komischerweise nicht mehr auf...Ich rate Dir also dringend davon ab solche Tools einzusetzen, die so tief in die Registry eingreifen und "völlig automatisch" versuchen Windows zu optimieren,, da eine winzige Änderung in der Registry (z.B "falsch gelöschte" Einträge) kann fatale Folgen haben! Dann wundert man sich, dass Windows irgendwann lahmt oder Abstürze bringt!- Ich kann mir nicht vorstellen, dass irgendein Programm zwischen nützlichen und unnützen unterscheiden kann und "völlig automatisch" entscheiden kann, was Windows wirklich benötigt und was nicht! Fraglich auch, ob alle zuvor angelegten Sicherungsdateien bei Problemen einfach wiederherstellen kann, wie es der Hersteller versprochen hat? Windows garnix so dumm, wie oft behauptet wird! - Windows mit Eigenmittel zu beschleunigen, bietet an von Hause aus einen ordentlichen Werkzeugkoffer, mit guter Ausstattung für "Heimwerker": ...das Glück liegt darin, da weiß man wenigstens was man tut!  ►
5. reinige dein System mit Ccleaner:
6.
7. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 8. erneut einen Scan mit OTL:
► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme? Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu habe auch den BKA-Trojana |
| bereits, eingabe, fehlermeldung, file, folge, folgende, hilfe!, hilfe!!, laptop, schritte, srep.exe, start, wenige |
.
Linear-Darstellung
