| |
| |||||||
Log-Analyse und Auswertung: Windows blockiert und Zahlungsaufforderung zum FreischaltenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.12.2011, 18:11
| #1 |
 |  Windows blockiert und Zahlungsaufforderung zum Freischalten Hi ich habe jetzt auch den BKA Virus. Ich hab mir bereits andere Beiträge angeschaut und hab mir OTL geladen und einen Scan ausgeführt. Hier die Logfiles: OTL.txt: OTL logfile created on: 16.12.2011 17:49:34 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Franzi & Falko\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,14% Memory free 6,23 Gb Paging File | 5,50 Gb Available in Paging File | 88,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 318,41 Gb Free Space | 69,83% Space Free | Partition Type: NTFS Computer Name: ACERASPIRE7735 | User Name: Franzi & Falko | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Franzi & Falko\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Emsisoft Anti-Malware\a2wizard.exe (Emsi Software GmbH) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Trojancheck 6\tcguard.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Trojancheck 6\tcguard.exe () ========== Win32 Services (SafeList) ========== SRV - (MSK80Service) -- File not found SRV - (MpfService) -- File not found SRV - (McSysmon) -- File not found SRV - (McShield) -- File not found SRV - (McProxy) -- File not found SRV - (McODS) -- File not found SRV - (McNASvc) -- File not found SRV - (mcmscsvc) -- File not found SRV - (GoogleDesktopManager-093009-130223) -- File not found SRV - (avg8wd) -- File not found SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (NTI IScheduleSvc) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (VOBID) -- C:\Windows\system32\DRIVERS\vobid.sys (Pinnacle Systems) DRV - (ASAPIW2K) -- C:\Windows\System32\drivers\asapiW2k.sys (VOB Computersysteme GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: unplug@compunach:2.047 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2 FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 20:24:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 19:00:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011.01.25 17:23:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011.06.19 16:15:33 | 000,000,000 | ---D | M] [2009.08.10 19:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Extensions [2011.12.12 12:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions [2011.10.07 16:08:10 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.04.27 15:14:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.27 11:25:32 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.11.11 14:53:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Franzi & Falko\AppData\Roaming\mozilla\Firefox\Profiles\b4bc6umb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.07 10:35:43 | 000,002,354 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\searchplugins\aol-web-search.xml [2009.10.31 15:27:46 | 000,002,255 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\searchplugins\askcom.xml [2011.12.12 12:05:39 | 000,000,944 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\searchplugins\icqplugin.xml [2011.01.25 17:22:20 | 000,003,915 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\searchplugins\sweetim.xml [2011.07.24 10:51:24 | 000,005,508 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\searchplugins\webde-suche.xml [2011.11.11 20:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.08.10 19:30:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} () (No name found) -- C:\USERS\FRANZI & FALKO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B4BC6UMB.DEFAULT\EXTENSIONS\UNPLUG@COMPUNACH.XPI [2011.11.11 20:24:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll [2011.10.07 16:07:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.11 20:24:56 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - Reg Error: Value error. File not found O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found. O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [Anti-Trojan-Watch] C:\Program Files\Anti-Trojan-55\ATWatch.exe (Anti-Trojan Network) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\Windows\System32\PSDrvCheck.exe () O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Trojancheck 6 Guard] C:\Program Files\Trojancheck 6\tcguard.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [firefox.exe] C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\firefox.exe () O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{022CC1B9-D4AC-4ED3-9CF2-BA1AB31FDE08}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E8A1739-AB62-4317-BBA0-70F0D35041FF}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (AVGRSSTX.DLL) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Franzi & Falko\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Franzi & Falko\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1846fbba-6d56-11df-b9a8-001f16b1abb9}\Shell - "" = AutoRun O33 - MountPoints2\{1846fbba-6d56-11df-b9a8-001f16b1abb9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{92494283-ac13-11de-a033-001f16b1abb9}\Shell - "" = AutoRun O33 - MountPoints2\{92494283-ac13-11de-a033-001f16b1abb9}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1 O33 - MountPoints2\{fef2dde0-d775-11de-a8d5-001f16b1abb9}\Shell - "" = AutoRun O33 - MountPoints2\{fef2dde0-d775-11de-a8d5-001f16b1abb9}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.16 17:48:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Franzi & Falko\Desktop\OTL.exe [2011.12.16 16:39:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.12.16 16:36:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6 [2011.12.16 16:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6 [2011.12.16 16:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2011.12.16 16:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2011.12.16 16:35:17 | 000,000,000 | ---D | C] -- C:\Users\Franzi & Falko\Documents\Anti-Malware [2011.12.16 16:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Trojan [2011.12.16 16:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Trojan-55 [2011.12.16 16:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.12 18:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.12.12 18:18:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.12.12 18:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.12.12 10:59:34 | 000,000,000 | ---D | C] -- C:\Users\Franzi & Falko\Desktop\102_FUJI [2011.11.29 18:23:12 | 000,000,000 | ---D | C] -- C:\Users\Franzi & Falko\AppData\Local\Solid State Networks [2011.11.19 15:18:30 | 000,000,000 | ---D | C] -- C:\Users\Franzi & Falko\Desktop\Aushilfsgangster [2011.11.19 11:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2009.07.19 19:53:11 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.12.16 17:48:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi & Falko\Desktop\OTL.exe [2011.12.16 16:39:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.16 16:38:51 | 222,117,888 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.16 16:35:36 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2011.12.16 16:22:28 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AF2CD976-D037-4616-97C4-4BF40B1B55DC}.job [2011.12.16 16:20:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.16 16:20:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.16 16:20:15 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.16 16:05:32 | 000,125,952 | ---- | M] () -- C:\Users\Franzi & Falko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.16 15:45:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.15 19:45:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.15 19:45:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.15 19:45:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.15 19:45:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.12 18:19:11 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.12.12 17:54:00 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2011.12.16 16:38:50 | 222,117,888 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.12.16 16:35:36 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2011.12.12 18:19:11 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.10.20 18:09:11 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011.08.05 12:00:22 | 000,144,167 | ---- | C] () -- C:\Windows\hpoins36.dat.temp [2011.08.05 12:00:22 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp [2011.08.04 00:42:47 | 000,143,743 | ---- | C] () -- C:\Windows\hpoins36.dat [2011.08.04 00:42:47 | 000,000,578 | ---- | C] () -- C:\Windows\hpomdl36.dat [2011.08.03 20:52:05 | 000,147,863 | ---- | C] () -- C:\Windows\hpiins06.dat [2011.08.03 20:52:05 | 000,000,000 | ---- | C] () -- C:\Windows\hpimdl06.dat [2010.08.29 15:26:42 | 000,159,888 | ---- | C] () -- C:\Windows\hpoins14.dat [2010.06.13 16:02:21 | 000,159,941 | ---- | C] () -- C:\Windows\hpoins14.dat.temp [2010.06.13 16:02:21 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat.temp [2010.05.24 11:51:08 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.12.06 17:06:46 | 008,676,883 | ---- | C] () -- C:\Windows\System32\NCMedia2.dll [2009.12.06 17:06:46 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.12.06 17:06:46 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.10.15 15:23:35 | 000,019,574 | ---- | C] () -- C:\Windows\hpqins13.dat [2009.09.24 17:13:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 17:13:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.28 17:23:41 | 000,000,408 | ---- | C] () -- C:\Users\Franzi & Falko\AppData\Roaming\wklnhst.dat [2009.08.17 13:44:17 | 000,119,475 | ---- | C] () -- C:\Windows\hpqins00.dat [2009.08.13 11:50:36 | 000,006,836 | ---- | C] () -- C:\Users\Franzi & Falko\AppData\Local\d3d9caps.dat [2009.08.11 18:28:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.10 19:38:43 | 000,125,952 | ---- | C] () -- C:\Users\Franzi & Falko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.19 19:40:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.07.19 19:40:42 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2009.07.19 19:40:41 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.07.19 19:40:41 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.07.19 19:40:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009.07.19 19:40:41 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009.07.19 11:25:56 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.07.19 11:11:05 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.07.19 11:11:05 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.07.19 11:11:05 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.07.19 11:11:05 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.19 11:07:54 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.07.19 11:07:54 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.07.19 11:07:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.07.19 11:07:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.07.19 11:07:54 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.07.19 11:07:54 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.07.19 11:02:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.03.12 11:47:51 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.12 11:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.12 11:47:51 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.12 11:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.12 11:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 03:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 21:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.04.08 13:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat [2007.06.06 00:07:34 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,379,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003.09.19 14:02:26 | 000,406,016 | ---- | C] () -- C:\Windows\System32\PSDrvCheck.exe [2000.09.12 12:58:26 | 000,160,256 | ---- | C] () -- C:\Windows\System32\ShrLk21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp  CAF903C@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728 < End of report > Extras.txt: OTL Extras logfile created on: 16.12.2011 17:49:34 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Franzi & Falko\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,14% Memory free 6,23 Gb Paging File | 5,50 Gb Available in Paging File | 88,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 318,41 Gb Free Space | 69,83% Space Free | Partition Type: NTFS Computer Name: ACERASPIRE7735 | User Name: Franzi & Falko | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1479AF62-49BF-4168-B976-EBBBD8FE588A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{99C2450F-E428-40FE-9DEC-9DC3729ED491}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{EB066731-22CC-4520-803F-A34E50F4130C}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02897A8F-2D69-4962-BF6F-E1867797F064}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{0A965AC4-649E-4A69-8D16-B2CEB8128D16}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0B3C14D3-AF80-47DD-98A1-4BED7F9F276B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{15C9F74C-FF9E-481C-8485-9E0EA73603D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{17E5049F-4436-4B6B-834A-6081630451A6}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{2741086F-7BC5-470F-830B-AC7B2BA2D473}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{2DFEFF6A-1387-40B1-82A7-CFDA66858877}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{39E9C18C-6F7A-4038-B0CE-D8C3B6BD6D39}" = dir=in | app=c:\program files\itunes\itunes.exe | "{4402DD63-92A1-4298-B39C-DF3856A5C25E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{45E00E6C-E661-4DF4-B2D3-A48F0093EBF4}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{460C5418-FB9C-46C1-AB88-26D1C9F5B3E4}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{4E726570-72E9-4A19-8F24-D99AC2718C3E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{53A704D0-5252-406E-9BAA-9003198DFE24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{576B2E4B-A77E-4077-B721-1C7A92A7CB48}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{590C0619-0518-4595-8DDF-19EF077A6A17}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{763F5E67-36E2-44FA-B037-B18A2F7547F6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{84ECF586-C479-4489-A0B5-EE04DFFC8CB3}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{857368E2-8E6D-4565-AA2C-362D28795254}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{85CBFA0B-0750-435A-90C0-DCEA1B436655}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{A4F49724-995D-4ACC-BC80-1AD002F72F2B}" = protocol=17 | dir=in | app=c:\users\franzi & falko\desktop\sweetimsetup.exe | "{A875C519-792D-4E3D-9D30-1E4E32E74B09}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{A88386A1-3281-48F2-AA1A-2550109A8341}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{A90B3B11-76A8-4549-90A0-E5D94F32DDBD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{AFD5E7D4-C27F-42A2-A1EC-6E8CA51C7DC8}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{B2505599-B3A1-4435-92A9-1F8EBFE464DC}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{B3A4304D-89B7-4A3C-92D8-634C424AE6A4}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{BEBE2C2E-72DA-4CA4-A449-75B9DF29F771}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{C093D642-6678-43B9-8D9F-BB02F1536EA0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C4D35C3E-C8DD-42B1-B858-96D8F95E284B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{C4E8459E-8CEE-4B91-8D86-B90704A97FD3}" = protocol=6 | dir=in | app=c:\users\franzi & falko\desktop\sweetimsetup.exe | "{CA1E2589-A738-447E-BB5F-D7BC341C40BF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{CDB48B75-E921-4329-8A3B-69B96DC29FDC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{D2CBD28A-DE62-4DF4-A75F-588822ACC873}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{D5528C60-3101-4BC0-8B73-1774ACB3F2DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{DE2C5382-A54B-40B0-804F-A156417BE06B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{E04D4BEB-DE18-41F0-8708-2D33D887FBA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{E0B1CA0E-2A8B-49E7-A48D-9D74D65CD210}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{F00854D6-EC6A-4D55-AAE0-48519A52CAE5}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{F3F70404-ED7D-4239-8336-CB3EA695EEAB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "TCP Query User{00F3AB48-271A-4F4B-97CC-036BA2344C09}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{989DDA33-FD3C-4C28-9DA7-1BE825032F6B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{AAEFF29D-C78C-46F5-A16D-946893B8B53D}C:\program files\secretcity 3dchat\utherverse vww client\utherverse.exe" = protocol=6 | dir=in | app=c:\program files\secretcity 3dchat\utherverse vww client\utherverse.exe | "TCP Query User{B898C555-6419-4161-AB8A-7E7C286D8FFF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{DB2CFD7B-4FE1-4C1C-B8F6-9111B90A6D29}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | "UDP Query User{2EB835A2-BB0C-4996-8B51-035CCDD0297B}C:\program files\secretcity 3dchat\utherverse vww client\utherverse.exe" = protocol=17 | dir=in | app=c:\program files\secretcity 3dchat\utherverse vww client\utherverse.exe | "UDP Query User{6409C945-E1E7-4773-95A3-1541D566ABED}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{8BCD1783-40A6-4016-BE55-BC61B5F5E808}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{D1C632A0-97A0-4780-AC21-14AC9407130C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{F12AED37-6E2F-4654-83D8-CA550E0884E8}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min "{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0 "{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver 14.0 Rel. 5 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{212D202D-487D-49C4-8A76-4D3BB91B8471}" = BOINC "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III "{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish "{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes "{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3ED585A4-C0F7-4125-8EC7-3056F9936A44}" = InstantCopy "{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder "{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4EE2B017-D82C-4B12-B071-5CF1B23D1A42}" = SweetIM for Messenger 3.4 "{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional "{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian "{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German "{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese "{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static "{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All "{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish "{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Language Pack 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish "{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish "{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins "{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help "{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100 "{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software "{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}" = HP Photosmart Kameras 9.0 "{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian "{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd "{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update "{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0 "{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III "{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CD961214-93C9-44FE-9A38-BBE647E98AE9}" = CameraReadme "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing "{D7E6CA4D-E79E-41A8-A633-8FB9BE3DB67C}" = FlashPoint Pro "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DEF9CA03-7317-4a01-8111-06996235128E}" = CameraDrivers "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers "{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish "{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Ahnenblatt_is1" = Ahnenblatt 2.62 "Alldj DVD To AVI Converter_is1" = Alldj DVD To AVI Converter 2.7 "Anti-Trojan 5.5_is1" = Anti-Trojan 5.5 "AnyDVD" = AnyDVD "Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2 "Audacity 1.3 Beta_is1" = Audacity 1.3.12 "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "DVD To MPEG Converter_is1" = DVD To MPEG Converter 1.10 "DVD2one V2" = DVD2one V2.4.1 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.0 "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter "GenealogyJ 6592" = GenealogyJ 6592 "GNU Aspell_is1" = GNU Aspell 0.50-3 "Google Desktop" = Google Desktop "GridVista" = Acer GridVista "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen) "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HPOCR" = HP OCR Software 9.0 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun "LManager" = Launch Manager "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "Picasa 3" = Picasa 3 "PriceGong" = PriceGong 2.1.0 "Secret City" = Secret City "SoftwareUpdUtility" = Download Updater (AOL LLC) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Trojancheck_is1" = Trojancheck 6 "Vista Boot Logo Generator_is1" = Vista Boot Logo Generator v1.2 "VLC media player" = VLC media player 1.0.1 "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in "Winamp Toolbar" = Winamp Toolbar ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Vielen Dank schonmal für deine/eure Hilfe. |
|
16.12.2011, 18:14
| #2 |
| /// Malware-holic   | Windows blockiert und Zahlungsaufforderung zum Freischalten hi
__________________achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [firefox.exe] C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
:Files
C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
16.12.2011, 18:34
| #3 |
| | Windows blockiert und Zahlungsaufforderung zum Freischalten Danke erstmal für die schnelle Antwort.
__________________Hier das Textdokument: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\firefox.exe deleted successfully. C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\firefox.exe moved successfully. ========== FILES ========== File\Folder C:\Users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\firefox.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 75 bytes User: Default User ->Flash cache emptied: 0 bytes User: Franzi & Falko ->Flash cache emptied: 827 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Franzi & Falko ->Temp folder emptied: 5672682799 bytes ->Temporary Internet Files folder emptied: 56123457 bytes ->Java cache emptied: 4902102 bytes ->FireFox cache emptied: 51897963 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 99650321 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 584374 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 5.613,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12162011_182301 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
17.12.2011, 16:56
| #4 |
| /// Malware-holic | Windows blockiert und Zahlungsaufforderung zum Freischalten danke für den upload. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2011, 20:42
| #5 |
| | Windows blockiert und Zahlungsaufforderung zum Freischalten Hier die combofix.txt Combofix Logfile: Code:
ATTFilter ComboFix 11-12-17.02 - Franzi & Falko 17.12.2011 20:21:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1451 [GMT 1:00]
ausgeführt von:: c:\users\Franzi & Falko\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-17 bis 2011-12-17 ))))))))))))))))))))))))))))))
.
.
2011-12-17 18:56 . 2011-12-17 18:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B672340-635C-42FD-B0E1-9EEA452A011F}\offreg.dll
2011-12-16 17:23 . 2011-12-16 17:51 -------- d-----w- C:\_OTL
2011-12-16 15:36 . 2011-12-16 15:44 -------- d-----w- c:\program files\Trojancheck 6
2011-12-16 15:35 . 2011-12-17 19:08 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-12-16 15:33 . 2011-12-16 15:33 -------- d-----w- c:\program files\Anti-Trojan-55
2011-12-16 14:16 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B672340-635C-42FD-B0E1-9EEA452A011F}\mpengine.dll
2011-12-16 14:06 . 2011-11-03 06:23 638240 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-12-12 17:18 . 2011-12-12 17:18 -------- d-----w- c:\program files\iPod
2011-12-12 17:18 . 2011-12-12 17:19 -------- d-----w- c:\program files\iTunes
2011-11-29 17:23 . 2011-11-29 17:23 -------- d-----w- c:\users\Franzi & Falko\AppData\Local\Solid State Networks
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 17:30 . 2011-10-16 16:59 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-12 16:54 . 2011-06-01 07:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-16 16:59 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-16 16:59 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-09-20 21:02 . 2011-11-09 18:32 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-11 19:24 . 2011-05-06 17:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-28 16:03 . 2009-10-28 16:03 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-10-18 138552]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}]
2011-04-14 04:37 252832 ----a-w- c:\program files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 16:28 1485112 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-09-19 406016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-12-20 111928]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2010-07-01 4862720]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2010-07-01 58112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"Anti-Trojan-Watch"="c:\program files\Anti-Trojan-55\ATWatch.exe" [2002-09-08 26624]
"Trojancheck 6 Guard"="c:\program files\Trojancheck 6\tcguard.exe" [2002-11-14 590336]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2011-11-29 3318672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^web'n'walk Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk
backup=c:\windows\pss\web'n'walk Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Franzi & Falko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Franzi & Falko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Franzi & Falko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Orion.lnk]
path=c:\users\Franzi & Falko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk
backup=c:\windows\pss\Orion.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-01-20 23:41 156968 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-11 17:32 249600 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-01-20 23:41 202024 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2009-05-13 17:39 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-02-24 00:16 870920 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-02 21:39 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2009-05-14 21:03 345384 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-12-26 15:30 173288 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-03-11 00:48 6957600 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-03-11 00:49 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-01-27 19:30 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-12-05 06:54 1410344 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 136176]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
S0 VOBID;VOBID;c:\windows\system32\DRIVERS\vobid.sys [2003-08-01 29239]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-10-03 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-10-03 108552]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-12-09 2996272]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-16 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - A2ACC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 17:24]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-23 17:24]
.
2011-12-17 c:\windows\Tasks\User_Feed_Synchronization-{AF2CD976-D037-4616-97C4-4BF40B1B55DC}.job
- c:\windows\system32\msfeedssync.exe [2011-12-16 04:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Franzi & Falko\AppData\Roaming\Mozilla\Firefox\Profiles\b4bc6umb.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Sidebar - c:\program files\Desktop Sidebar\dsidebar.exe
AddRemove-Google Desktop - c:\program files\Google\Google Desktop Search\GoogleDesktopSetup.exe
AddRemove-HP Imaging Device Functions - c:\program files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe
AddRemove-HPOCR - c:\program files\HP\Digital Imaging\OCR\hpzscr01.exe
AddRemove-Secret City - c:\program files\SecretCity 3DChat\Utherverse VWW Client\Branding\{9ac4338c-cb19-4752-950e-989b0897e345}\uninst.exe
AddRemove-{1E1746EF-F5BF-4677-8F30-04FE399130DA} - c:\program files\HP\Digital Imaging\{1E1746EF-F5BF-4677-8F30-04FE399130DA}\setup\hpzscr01.exe
AddRemove-{706BB40A-4102-4c89-8107-DC68C4EBD19B} - c:\program files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe
AddRemove-{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D} - c:\program files\HP\Digital Imaging\{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}\setup\hpzscr01.exe
AddRemove-{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4} - c:\program files\HP\Digital Imaging\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}\setup\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-17 20:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-17 20:38:46
ComboFix-quarantined-files.txt 2011-12-17 19:38
.
Vor Suchlauf: 7 Verzeichnis(se), 344.291.229.696 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 344.220.180.480 Bytes frei
.
- - End Of File - - C4FF62BC9BAE4790B976C46842DA4061
|
|
18.12.2011, 15:54
| #6 |
| /// Malware-holic | Windows blockiert und Zahlungsaufforderung zum Freischalten VirusTotal - Free Online Virus, Malware and URL Scanner prüfe dort: c:\program files\Internet Explorer\iexplore.exe falls datei bereits analysiert, klicke erneut prüfen kopiere den link aus der adress leiste und poste ihn
__________________ --> Windows blockiert und Zahlungsaufforderung zum Freischalten |
|
18.12.2011, 19:28
| #7 |
| | Windows blockiert und Zahlungsaufforderung zum Freischalten Hier der Link: hxxp://www.virustotal.com/file-scan/report.html?id=03a0828f7de999e65c62d5f50ab5f31165beeee931805b5166fbf4674ff6f902-1324232351 |
|
18.12.2011, 19:43
| #8 |
| /// Malware-holic | Windows blockiert und Zahlungsaufforderung zum Freischalten kannst du die datei mal hochladen? http://www.trojaner-board.de/54791-a...ner-board.html im upload channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.12.2011, 21:41
| #9 |
| /// Malware-holic | Windows blockiert und Zahlungsaufforderung zum Freischalten danke malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2011, 10:50
| #10 |
| | Windows blockiert und Zahlungsaufforderung zum Freischalten Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8395 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19170 19.12.2011 10:49:26 mbam-log-2011-12-19 (10-49-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Durchsuchte Objekte: 325077 Laufzeit: 2 Stunde(n), 31 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\_OTL\movedfiles\12162011_182301\C_Users\franzi & falko\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.Dropper) -> Quarantined and deleted successfully. |
|
19.12.2011, 12:20
| #11 |
| /// Malware-holic | Windows blockiert und Zahlungsaufforderung zum Freischalten sehr gut. lade den CCleaner standard: CCleaner Download - CCleaner 3.13.1600 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.12.2011, 16:56
| #12 |
| | Windows blockiert und Zahlungsaufforderung zum Freischalten Die Liste ist im Upload-Channel hochgeladen |
|
19.12.2011, 16:58
| #13 |
| /// Malware-holic | Windows blockiert und Zahlungsaufforderung zum Freischalten bitte die liste hier posten, der upload channel ist nur für verdächtige dateien, einfach die txt anhängen bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
20.12.2011, 10:25
| #14 |
| | Windows blockiert und Zahlungsaufforderung zum Freischalten hier die Programmliste im Anhang |
|
20.12.2011, 11:11
| #15 |
| /// Malware-holic | Windows blockiert und Zahlungsaufforderung zum Freischalten deinstaliere: Adobe Flash Player beide Adobe - Andere Version des Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Airport Mania Alldj DVD To AVI Aspell Audacity Auslogics das kann windows gut genug, kein extra programm nötig. C:\Program Files\Acer GameZone Cake Mania Cooking Dash Cradle of Rome Dairy Dash Desktop Sidebar Download Updater Dream Day beide DVD2one DVD To MPEG eSobi FlashPoint Pro Free Mp3 Freez FLV Galapago GenealogyJ GNU Aspell Google Earth InstantCopy Java(TM) 6 Update 24 Download der kostenlosen Java-Software downloade java jre instaliere es. deinstaliere: Jewel Quest Launch Manager LG beide. Luxor Mahjong Media Go Mein Gutscheincode Ocean Express Parking Dash PlayStation beide Puzzle Express SweetIM beide Tradewinds Tri-Peaks Turbo Pizza Vista Boot Logo Generator Wedding Dash Winamp Toolbar Zuma Deluxe im CCleaner auf analysieren und bereinigen klicken.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Windows blockiert und Zahlungsaufforderung zum Freischalten |
| 32 bit, aceraspire, alternate, audacity, autorun, avira, bho, bka virus vista, blockiert, bonjour, converter, emsisoft, emsisoft anti-malware, entfernen, error, excel, firefox, flash player, format, google earth, home, install.exe, intranet, locker, microsoft office word, mozilla, mp3, mywinlocker, office 2007, plug-in, realtek, registry, rundll, scan, sched.exe, security, security update, software, svchost.exe, torrent.exe, version=1.0, vista, windows, wma |
Linear-Darstellung
