| |
| |||||||
Log-Analyse und Auswertung: 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.01.2012, 10:44
| #1 |
| |  50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" Ich habe diesen Virus auch (die Avira-Kaspersky-etc.-Variante). Ich habe dann im abgesicherten Modus Avira Free AV und Avira Cleaner-DE suchen lassen. Der Filewalker hat nichts gefunden, der Cleaner 1 Datei. Die habe ich gelöscht, aber das "Stopfenster" war beim nächsten Start wieder da - vermutlich hat das Virus irgendwo im Autostart eine unverdächtige Datei geparkt. Meine Fehlermeldung, äh Betriebssystem ist Windows Vista Home Basic, Build 6002 SP 2. Ich habe den OTL mit einem Listing suchen lassen, das ich in einem anderen Thread gefunden habe (was wahrscheinlich völlig falsch ist), und dabei kam das hier raus: (Grmpf, das ist ja ewig lang - wie bekomme ich hier einen Scroll-Kasten hin?)OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.01.2012 10:12:22 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sven\Desktop\Setup-Dateien Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,52 Mb Total Physical Memory | 259,55 Mb Available Physical Memory | 25,58% Memory free 2,24 Gb Paging File | 1,63 Gb Available in Paging File | 72,87% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,26 Gb Total Space | 40,41 Gb Free Space | 40,31% Space Free | Partition Type: NTFS Drive E: | 1863,01 Gb Total Space | 1107,18 Gb Free Space | 59,43% Space Free | Partition Type: NTFS Drive F: | 9,03 Gb Total Space | 1,81 Gb Free Space | 20,03% Space Free | Partition Type: NTFS Computer Name: SVENSKLAPPKISTE | User Name: Sven | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.31 10:10:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sven\Desktop\Setup-Dateien\OTL.exe PRC - [2012.01.10 00:14:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2012.01.10 00:14:21 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.12.03 22:26:29 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.09 12:29:16 | 000,366,000 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Programme\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.08.24 20:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe -- (DfSdkS) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.12.11 15:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.06.08 08:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK) SRV - [2007.03.12 09:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2007.03.05 09:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007.02.06 07:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011.12.08 21:29:18 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.12.12 00:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.06.02 23:57:34 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2008.12.05 06:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008.08.29 12:19:36 | 000,040,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2008.04.04 12:47:46 | 000,026,368 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optovcm.sys -- (optovcm) DRV - [2008.04.04 12:47:46 | 000,018,432 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optousb.sys -- (optousb) DRV - [2007.11.05 22:41:17 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AFS.SYS -- (AFS) DRV - [2007.11.02 13:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp) DRV - [2007.10.10 15:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev) DRV - [2007.06.19 14:48:04 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.06.18 13:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2007.06.08 07:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2007.05.24 16:59:48 | 010,343,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2007.01.23 18:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.11.02 10:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hp.com IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maxdome.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sven\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\telekom.com/PagePlaceStarter: C:\Program Files\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.27 15:56:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.10 00:14:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.12 14:35:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.11.12 14:35:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.12 14:35:21 | 000,000,000 | ---D | M] [2008.06.21 06:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Extensions [2012.01.27 14:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions [2010.04.30 13:10:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.31 10:53:54 | 000,000,000 | ---D | M] (Andasa Toolbar) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions\{579fcdb8-929b-11dc-8314-0800200c9a66} [2011.12.22 14:07:48 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011.11.18 20:10:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.01.24 17:52:11 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions\add-to-searchbox@maltekraus.de [2010.05.30 08:54:37 | 000,000,000 | ---D | M] ("Bookcrossing Helferlein") -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions\bookcrossing@ardik.net [2010.11.22 17:57:19 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.03.28 12:01:17 | 000,000,000 | ---D | M] (GutscheinRausch.de) -- C:\Users\Sven\AppData\Roaming\mozilla\Firefox\Profiles\e5lepv06.default\extensions\jl@leimbach-it.de [2012.01.10 00:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.10 00:14:22 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll [2006.07.31 15:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2011.09.30 08:16:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.30 08:16:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.30 08:16:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 08:16:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.30 08:16:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 08:16:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AdiCash Toolbar) - {85223548-4D57-4A3B-896B-145985F681C6} - C:\Programme\AdiCash\Toolbar.dll (Andasa GmbH) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (AdiCash Toolbar) - {BB9540F0-94B9-4fe8-A2E1-DE3A506ECD4B} - C:\Programme\AdiCash\Toolbar.dll (Andasa GmbH) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (AdiCash Toolbar) - {6AA99CB6-74AF-4136-A6C6-C64C95333249} - C:\Programme\AdiCash\Toolbar.dll (Andasa GmbH) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [Mozilla client] C:\Users\Sven\AppData\Local\Mozilla\Firefox\firefox.exe (Корпорация Майкрософт) O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.) O4 - HKCU..\Run: [UpdateStar] C:\Users\Sven\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\STRATO HiDrive.lnk = C:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe (STRATO) O4 - Startup: C:\Users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Programme\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{587E462A-1180-424B-BCB3-ACFACD43F9C9}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - E:\AutoOff.exe -- [ NTFS ] O32 - AutoRun File - [2010.11.02 14:29:16 | 000,000,073 | ---- | M] () - E:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{589453fd-4015-11de-b1c3-001a4b6665bf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Info.exe protect.ed 480 480 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe () MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.01.27 15:57:53 | 000,000,000 | ---D | C] -- C:\Users\Sven\AppData\Local\DDMSettings [2012.01.15 21:42:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.15 21:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.04 01:48:42 | 000,354,176 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2008.04.05 02:21:33 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2008.04.05 02:21:33 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2008.04.05 02:21:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2008.04.05 02:21:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2007.11.26 09:38:17 | 006,385,664 | ---- | C] (Superfirm) -- C:\Program Files\Multidecoder.exe ========== Files - Modified Within 30 Days ========== [2012.01.30 12:52:15 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.01.30 12:52:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.30 12:12:58 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.30 12:12:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.30 12:12:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.29 20:53:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.01.29 17:00:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.01.28 21:25:13 | 000,097,792 | ---- | M] () -- C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.27 15:56:23 | 000,001,438 | ---- | M] () -- C:\Users\Sven\Desktop\DivX Movies.lnk [2012.01.27 15:53:13 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2012.01.23 16:25:34 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.23 16:25:34 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.23 16:25:34 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.23 16:25:34 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.21 22:20:49 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSven.job [2012.01.15 21:42:06 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.04 01:48:42 | 000,354,176 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2012.01.02 10:09:49 | 000,000,981 | ---- | M] () -- C:\Users\Sven\Desktop\Bücher.lnk ========== Files Created - No Company Name ========== [2012.01.27 15:56:23 | 000,001,438 | ---- | C] () -- C:\Users\Sven\Desktop\DivX Movies.lnk [2012.01.27 15:53:13 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2012.01.15 21:42:06 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.09.24 06:28:31 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.04.26 02:05:19 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2010.08.27 19:24:02 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\edacded0.dat [2010.05.14 08:28:25 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI [2010.05.13 16:35:20 | 000,019,456 | ---- | C] () -- C:\Users\Sven\AppData\Local\WebpageIcons.db [2010.04.14 07:16:37 | 000,262,144 | ---- | C] () -- C:\Windows\System32\GfKLSPService.DLL [2009.10.20 14:47:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.20 14:47:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.13 23:31:41 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll [2009.05.13 23:31:35 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll [2009.05.13 23:31:35 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll [2008.11.26 01:30:16 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe [2008.10.30 13:11:27 | 000,000,092 | ---- | C] () -- C:\Users\Sven\AppData\Local\fusioncache.dat [2008.09.23 02:02:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.13 05:30:02 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.Ini [2008.06.20 02:39:57 | 000,671,232 | ---- | C] () -- C:\Windows\System32\dfrgui.exe [2008.04.05 02:21:42 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2008.04.05 02:21:34 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2008.03.27 20:29:09 | 000,008,723 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.03.12 16:41:48 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2008.02.21 01:19:39 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll [2007.11.06 03:07:56 | 000,097,792 | ---- | C] () -- C:\Users\Sven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.06 03:02:11 | 000,000,235 | ---- | C] () -- C:\Users\Sven\AppData\Roaming\devices.xml [2007.11.06 03:02:11 | 000,000,012 | ---- | C] () -- C:\Users\Sven\AppData\Roaming\settings.xml [2007.11.05 22:18:46 | 000,020,458 | ---- | C] () -- C:\Windows\hpoins01.dat [2007.11.05 22:18:46 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat [2007.10.14 22:08:57 | 000,303,616 | ---- | C] () -- C:\Windows\System32\TX32.DLL [2007.10.14 22:08:57 | 000,000,202 | ---- | C] () -- C:\Windows\System32\IC32.INI [2007.10.11 17:58:13 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.10.10 04:37:20 | 000,001,356 | ---- | C] () -- C:\Users\Sven\AppData\Local\d3d9caps.dat [2007.10.10 04:24:41 | 000,022,530 | ---- | C] () -- C:\Users\Sven\AppData\Roaming\phpdesigner2007_5_2.xml [2007.10.10 04:20:51 | 000,159,744 | ---- | C] () -- C:\Windows\System32\aip504.dll [2007.10.10 04:20:51 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VWBMP.dll [2007.10.10 04:20:51 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VMIO.dll [2007.10.10 04:20:51 | 000,014,380 | ---- | C] () -- C:\Windows\Tw100.ini [2007.10.10 04:20:51 | 000,014,118 | ---- | C] () -- C:\Windows\USB_CAM.INI [2007.10.10 04:20:51 | 000,001,721 | ---- | C] () -- C:\Windows\Ca100.ini [2007.10.10 04:20:51 | 000,000,156 | ---- | C] () -- C:\Windows\Setup504.ini [2007.10.10 04:20:50 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IPSK.dll [2007.10.10 04:20:50 | 000,184,320 | ---- | C] () -- C:\Windows\System32\jpg32.dll [2007.10.10 04:20:50 | 000,028,672 | ---- | C] () -- C:\Windows\System32\VWJPG.dll [2007.10.10 04:16:27 | 000,134,074 | ---- | C] () -- C:\Windows\ColorPic Uninstaller.exe [2007.10.10 03:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.10.09 21:58:05 | 000,000,043 | ---- | C] () -- C:\Windows\System32\Writer.ini [2007.10.09 10:39:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2007.10.09 10:39:36 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2007.10.09 10:39:36 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2007.10.09 10:39:36 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2007.10.09 10:39:36 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2007.10.09 10:39:35 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2007.09.13 14:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2007.09.13 14:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.06.08 08:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll [2007.06.07 03:26:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1287.dll [2007.06.07 03:02:10 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.06.07 02:15:28 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.09 17:42:33 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.09 17:42:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 16:38:05 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:38:05 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:38:05 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:38:05 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:44:53 | 000,444,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2008.02.04 11:28:42 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\1&1 [2010.01.31 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\AdiCash [2009.10.20 03:26:22 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Amazon [2011.04.21 02:59:32 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Ancient Quest of Saqqarah__intenium [2010.10.02 15:09:00 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Any Video Converter [2010.07.07 15:43:14 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Audacity [2011.09.16 20:16:04 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\calibre [2010.03.28 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\CloneSpy [2011.03.03 14:14:47 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\elsterformular [2008.05.21 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\eXPert PDF Editor [2010.01.23 01:58:04 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Free Download Manager [2011.04.21 13:57:55 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\FreeDoko [2011.08.29 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\GrassGames [2011.12.21 23:07:41 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\gtk-2.0 [2007.11.27 15:05:36 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\ICQ [2008.01.15 13:36:49 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\InterVideo [2008.04.19 12:03:07 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\KompoZer [2010.08.18 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\LG Electronics [2009.08.08 17:28:00 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\OpenOffice.org [2011.11.08 19:51:02 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\phonostar GmbH [2010.02.28 19:59:05 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\phonostar-Player [2007.10.10 04:24:40 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\PHP Designer 2007 [2007.11.06 13:48:42 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\PreisHai4 [2007.10.13 22:11:52 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\SampleView [2011.04.26 02:18:54 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\ScreenSeven [2007.10.12 00:30:30 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\SecondLife [2012.01.30 12:17:00 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Software Informer [2010.09.05 15:51:09 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\STRATO [2010.02.28 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\System Tweaker [2011.04.12 23:31:36 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Temp [2009.06.04 13:12:45 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Thunderbird [2009.09.07 23:06:00 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Trillian [2011.06.19 06:18:19 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Uniblue [2011.03.29 18:40:41 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\UpdateStar [2012.01.29 20:53:38 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2007.10.09 10:55:23 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.05.15 02:03:19 | 000,000,000 | -H-D | M] -- C:\blyadstvoeb [2009.10.21 08:09:58 | 000,000,000 | -HSD | M] -- C:\boot [2009.09.23 23:49:33 | 000,000,000 | ---D | M] -- C:\Diagnostics [2006.11.02 13:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2006.11.09 17:46:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.04.11 22:37:37 | 000,000,000 | ---D | M] -- C:\Downloads [2008.04.01 20:09:46 | 000,000,000 | ---D | M] -- C:\drivers [2009.12.11 06:34:08 | 000,000,000 | ---D | M] -- C:\f7e8c9ef01d98f9ba77a35314c700cc2 [2011.04.03 13:02:51 | 000,000,000 | -HSD | M] -- C:\found.000 [2011.01.24 14:56:22 | 000,000,000 | ---D | M] -- C:\found.001 [2011.04.28 14:04:11 | 000,000,000 | -HSD | M] -- C:\found.002 [2011.10.13 12:36:09 | 000,000,000 | -HSD | M] -- C:\found.003 [2007.07.27 11:35:20 | 000,000,000 | -H-D | M] -- C:\hp [2007.10.12 01:49:17 | 000,000,000 | ---D | M] -- C:\Intel [2009.08.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Microgaming [2008.04.05 02:25:48 | 000,000,000 | ---D | M] -- C:\MyAlbum [2008.06.21 07:28:03 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.15 21:39:37 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.25 22:29:03 | 000,000,000 | -H-D | M] -- C:\ProgramData [2006.11.09 17:46:51 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.07 01:41:03 | 000,000,000 | -H-D | M] -- C:\Record.Cl [2010.08.18 12:49:39 | 000,000,000 | ---D | M] -- C:\Sounds [2009.08.06 12:17:39 | 000,000,000 | ---D | M] -- C:\SwSetup [2007.10.09 11:16:08 | 000,000,000 | -HSD | M] -- C:\System Recovery [2012.01.29 06:06:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.02.19 13:48:43 | 000,000,000 | -H-D | M] -- C:\System.sav [2007.10.27 04:42:15 | 000,000,000 | ---D | M] -- C:\Temp [2007.10.09 10:36:15 | 000,000,000 | R--D | M] -- C:\Users [2012.01.29 17:52:03 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2007.10.31 12:02:32 | 006,385,664 | ---- | M] (Superfirm) -- C:\Program Files\Multidecoder.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.07.27 11:16:45 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007.07.27 11:16:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007.07.27 11:16:46 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2007.10.24 04:56:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys [2007.10.24 04:56:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.02.14 03:07:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.02.14 03:07:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2007.10.24 05:11:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys [2007.10.24 05:11:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys [2008.02.14 03:07:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.02.14 03:07:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys [2007.08.09 03:27:33 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=F3215E5525CE4AC9AF6C835BAE5DAC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_2c2f89e5\atapi.sys [2007.08.09 03:27:33 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=F3215E5525CE4AC9AF6C835BAE5DAC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20657_none_dbac76c33da31d64\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.13 20:03:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.13 20:03:08 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.03.21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\Drivers\32\HDD\iastor.sys [2007.03.21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\SP36132\iastor.sys [2007.03.21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys [2007.03.21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys [2007.03.21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.07.27 11:06:02 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2007.07.27 11:06:02 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.12.21 23:07:41 | 000,525,870 | ---- | M] () -- C:\Users\Sven\.recently-used.xbel [2007.12.27 00:01:44 | 000,000,135 | -H-- | M] () -- C:\Users\Sven\hpothb07.dat [2007.12.27 00:01:44 | 000,000,000 | -H-- | M] () -- C:\Users\Sven\hpothb07.tif [2002.03.11 09:45:04 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Users\Sven\instmsia.exe [2002.03.11 10:06:30 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Users\Sven\instmsiw.exe [2012.01.31 10:12:32 | 003,932,160 | ---- | M] () -- C:\Users\Sven\ntuser.dat [2012.01.31 10:12:32 | 000,262,144 | -H-- | M] () -- C:\Users\Sven\ntuser.dat.LOG1 [2010.01.14 01:50:28 | 000,262,144 | -H-- | M] () -- C:\Users\Sven\ntuser.dat.LOG2 [2010.03.19 22:04:22 | 000,065,536 | -HS- | M] () -- C:\Users\Sven\ntuser.dat{49917e28-2222-11df-a6bb-001a4b6665bf}.TM.blf [2010.03.19 22:04:22 | 000,524,288 | -HS- | M] () -- C:\Users\Sven\ntuser.dat{49917e28-2222-11df-a6bb-001a4b6665bf}.TMContainer00000000000000000001.regtrans-ms [2010.02.28 19:18:53 | 000,524,288 | -HS- | M] () -- C:\Users\Sven\ntuser.dat{49917e28-2222-11df-a6bb-001a4b6665bf}.TMContainer00000000000000000002.regtrans-ms [2012.01.29 20:52:58 | 000,065,536 | -HS- | M] () -- C:\Users\Sven\ntuser.dat{a16ea852-38af-11df-9042-001a4b6665bf}.TM.blf [2012.01.29 20:52:58 | 000,524,288 | -HS- | M] () -- C:\Users\Sven\ntuser.dat{a16ea852-38af-11df-9042-001a4b6665bf}.TMContainer00000000000000000001.regtrans-ms [2010.03.27 18:58:48 | 000,524,288 | -HS- | M] () -- C:\Users\Sven\ntuser.dat{a16ea852-38af-11df-9042-001a4b6665bf}.TMContainer00000000000000000002.regtrans-ms [2010.02.28 19:12:57 | 000,065,536 | -HS- | M] () -- C:\Users\Sven\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010.02.28 19:12:57 | 000,524,288 | -HS- | M] () -- C:\Users\Sven\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2007.10.09 21:54:24 | 000,524,288 | -HS- | M] () -- C:\Users\Sven\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2007.10.09 10:36:16 | 000,000,020 | -HS- | M] () -- C:\Users\Sven\ntuser.ini [2009.04.24 16:01:52 | 140,387,071 | ---- | M] () -- C:\Users\Sven\openofficeorg1.cab [2009.04.24 16:01:34 | 009,819,136 | ---- | M] () -- C:\Users\Sven\openofficeorg31.msi [2009.04.24 16:02:14 | 000,451,928 | ---- | M] () -- C:\Users\Sven\setup.exe [2009.12.16 22:39:24 | 000,000,167 | ---- | M] () -- C:\Users\Sven\udownload.dat < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F768B6EF < End of report > Geändert von Glyckspilz (31.01.2012 um 10:53 Uhr) Grund: Formatierungsfrage |
|
31.01.2012, 11:36
| #2 |
| |  50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" Ach so, und den hier habe ich auch noch, falls der hilft:
__________________OTL Extras logfile OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.01.2012 10:12:22 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sven\Desktop\Setup-Dateien
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,52 Mb Total Physical Memory | 259,55 Mb Available Physical Memory | 25,58% Memory free
2,24 Gb Paging File | 1,63 Gb Available in Paging File | 72,87% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,26 Gb Total Space | 40,41 Gb Free Space | 40,31% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 1107,18 Gb Free Space | 59,43% Space Free | Partition Type: NTFS
Drive F: | 9,03 Gb Total Space | 1,81 Gb Free Space | 20,03% Space Free | Partition Type: NTFS
Computer Name: SVENSKLAPPKISTE | User Name: Sven | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.wsf [@ = WSFFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B42A390-7E2B-431B-B571-A018D876F6E6}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{24284247-E8D5-4BD9-9C39-507E0284FBD1}" = lport=137 | protocol=17 | dir=in | app=system |
"{24C8951F-5D62-4E21-8B4D-63F71AB0A9EC}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D068FEE-3B26-436E-A0F5-8385C0C72881}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{488D5405-8E51-438B-84F6-F29F358C122D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{74EFC992-B9B2-41EB-AAB2-F35884986CE1}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{7E1EE02B-2BEA-49A8-A7C4-601A94132FDB}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{841F0BD9-A5DA-4DB0-AD13-574CD00A634E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{892A8148-A7A8-4B27-8FD9-85014CAE3D6C}" = lport=138 | protocol=17 | dir=in | app=system |
"{92D30716-843A-44A7-AE3C-A79E28817894}" = rport=137 | protocol=17 | dir=out | app=system |
"{99FEC745-F8AD-4A73-BB62-D561B67EF795}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{9C6D8C08-F02E-48C4-A3E4-ED6B96BFCC17}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0EC9442-6390-4DF4-BD24-06EE482815A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{A6E8C381-3D56-459D-869C-E16CBB28105D}" = rport=139 | protocol=6 | dir=out | app=system |
"{C0E020F5-9D8C-4A39-90FA-3966E590D0E8}" = lport=139 | protocol=6 | dir=in | app=system |
"{ED8A93E8-4013-4BD4-8BCC-83E1C84682D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049D664B-ED85-44EB-8AAC-8E04D4205619}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{195BD0B4-592E-4C3C-8DEE-6BE4881D2AD3}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{1A768B55-01BB-40F7-A089-C833C590C72A}" = protocol=6 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{295C0CC8-F330-4352-A5AF-230F0967A821}" = protocol=17 | dir=in | app=c:\windows\system32\lxcycoms.exe |
"{342C9D2C-52F3-4828-9DB5-AAAECD55F1F6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3EE10A42-C6C3-4092-BC70-058FBC224C5E}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{422C92BF-4E61-401F-8585-1CA53A387880}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4CD6E7BF-5263-4667-8F90-2DCB0C2E954E}" = protocol=6 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe |
"{58DA1E03-C1E5-47FC-9085-D1030A814C39}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{5A42B89F-C2CF-46FB-869F-29BCE30404E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5DB0AF8B-1265-41DF-A273-6B3FEFB05966}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{6814A827-2A50-455E-A94B-19066854B065}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{69A7EAC5-2EC6-4DB1-92D7-294A78CBCEF6}" = protocol=17 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{727E0452-196B-42DB-B23D-2E429B2A3FD1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{744EE6E3-943B-462A-8774-7CC3B34E098F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{757A6142-F3AD-42B6-B6E1-83150DDACC6D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{76301330-F4B3-4275-9EAD-866DC2E1A579}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{763E28B0-C613-47D8-943D-520A0D69F796}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{79542E76-FED4-40D9-93FD-19205454C61F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7E15A4F7-983B-4C85-9EFF-33A4F356386B}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{8B1BF235-66F9-4B79-A6AD-A75E108158BD}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{9278C085-B234-4311-BE4D-A58EA511E5DC}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcyaiox.exe |
"{957D4FCF-26CB-4E4F-B18F-8292CA5C1628}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{9F3E8066-CB5D-4F5F-888B-8E5002449A4C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{A14D6DEC-E8A2-439D-823A-43EDB5C3A064}" = protocol=17 | dir=in | app=c:\program files\msi\arcsoft\totalmedia\totalmedia.exe |
"{A6FBD1F2-3A41-40D9-A111-D0725C8C6A04}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A70C836A-4AC2-46FF-A4F4-0EF0D25578D9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{AD73E073-7E0F-4048-A2F1-144AF8BC628E}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{B32F39B9-EB96-49DF-8C8D-9B897A3DF026}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{BA66CD0C-BF30-40A5-9C7F-C7C02645FEA9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C057C156-394D-43D7-9850-52A0821F5DF7}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{CA119E95-6D40-4BEC-8971-CF00A25486BA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CD629AD8-7639-416B-807B-6C557E479CA9}" = protocol=6 | dir=in | app=c:\program files\lexmark 3400 series\lxcymon.exe |
"{DEFA3344-CDCD-4C7A-BF05-2B8D3C0AD711}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3CD2E10-42D7-4876-8EBC-F7BA3EFE53C3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{0E4231E5-7139-4A05-9769-44C4F1A0D163}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"TCP Query User{411548D5-890B-4104-8DD6-AC9B3ED8B6E6}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{58A81ACE-85B4-4377-B450-32D35F051F32}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{8F56A778-42BD-4B5E-BA4A-20EEC6A1A6D8}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{94BF9E06-EBA2-4B79-A939-FABFC7AFCC17}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{BB7E1119-7F9E-41CC-83AE-38EBB1C65398}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"TCP Query User{E690E7C8-F1D4-4212-A660-A2307F1BFD84}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F32944B5-81C5-4C1F-8A6F-A1782D4A5E36}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F4F4AC21-CB54-4160-B1E0-72F5FE80F3C6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{04110D7F-CAA9-4BA1-B3D7-D85B81B963C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0AADE4B5-9A32-4F03-BED3-62F2AC2F92AE}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{251FB962-6746-40FE-BD57-D0D63B9080D9}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{82C7271B-4D5C-41BA-94C9-AABA2149F7CF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{8B379C0A-CFAC-4DBB-ACCE-C36163E42E3D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{CD3002F5-785C-4134-A370-F928CF5EA500}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{DC71A5F4-3DD0-4692-B99A-85725263DF37}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{F6FF290B-CDC5-4AEC-892F-60763194DCF4}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe |
"UDP Query User{F96893B3-5690-46F7-9A86-8FED1F2E212E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08823E70-05FD-4CC3-8019-ABE5B85FC8BE}" = Microsoft Photo Info
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1365E84A-F7E7-4B38-A618-950B2ACF2B10}" = Mein Budgetplaner
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{32347E43-C68C-423B-9DC8-A22CE16DE0C1}" = MyMicroBalance
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{33ED6288-90A4-42BE-A192-C6812B4B945A}" = Andasa Toolbar
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3698F5C8-111B-4B92-8F52-3FF6AD8E8F57}" = ESU for Microsoft Vista
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D13B5F1-8FE4-4829-AA6E-6461D4B0B7E8}" = Motorola Software Update
"{3E00C574-B650-401D-A898-4581AAD6CC74}" = STRATO HiDrive
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}" = Paragon Partition Manager 9.0 Personal
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0749BE-A456-40DB-95B0-FA0A1C488190}" = iHoerbuch
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{707CF19F-3948-4313-A5D4-9FBC256A2A53}" = Smart Cam Manager
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7355D6F3-DBA4-4CD4-8FC3-B96FA766B642}" = calibre
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A693D0D0-0EF2-4D90-96AA-11CC1A4793ED}" = UpdateStar
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5676-5A64-800000000003}" = Adobe Reader Extended Language Support Font Pack
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D692E771-F6CC-11D4-83DE-004F4E03F091}" = Zoner Draw 3
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA99DC8C-DFFA-410A-B8D6-BCA7F5790B05}" = Radiotracker
"{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}" = TotalMedia
"0BCA6D24013166B380927D270B90FF6D447A4AAA" = Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports (06/02/2008 2.0.5.5)
"7-Zip" = 7-Zip 9.14 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Andasa Toolbar" = Andasa Toolbar
"Ashampoo WinOptimizer 2010 CBE_is1" = Ashampoo WinOptimizer 2010 CBE
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CloneSpy" = CloneSpy 2.41
"ColorPic" = ColorPic
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Edition C" = Edition C
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"FBReader for Windows" = FBReader for Windows
"ffdshow_is1" = ffdshow v1.1.3476 [2010-06-15]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"king.com" = king.com (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"OnlineBible" = Online Bible 10.10.08
"Opticon USB Installer" = Opticon USB Drivers Installer
"PagePlace" = PagePlace
"Panel Client_is1" = Panel Client 3.2
"phase5" = phase5
"PreisHai_is1" = PreisHai 4.0
"PROSet" = Intel(R) Network Connections Drivers
"Revo Uninstaller" = Revo Uninstaller 1.88
"ScanIT-Client_is1" = ScanIT-Client 3.2
"Security Task Manager" = Security Task Manager 1.7h
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Software Informer_is1" = Software Informer 1.0 BETA
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"UnderCoverXP_is1" = UnderCoverXP 1.22
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinGimp-2.0_is1" = GIMP 2.4.0
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"XiphQT" = Xiph QuickTime Components
"ZipCentral_is1" = ZipCentral 4.01
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"OnlineBible" = Online Bible 10.10.08
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.01.2012 07:19:22 | Computer Name = SvensKlappkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 07:19:22 | Computer Name = SvensKlappkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 07:19:23 | Computer Name = SvensKlappkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 07:19:23 | Computer Name = SvensKlappkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 07:19:23 | Computer Name = SvensKlappkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 07:19:23 | Computer Name = SvensKlappkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 07:19:25 | Computer Name = SvensKlappkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 07:19:25 | Computer Name = SvensKlappkiste | Source = Windows Search Service | ID = 3013
Description =
Error - 30.01.2012 07:52:57 | Computer Name = SvensKlappkiste | Source = EventSystem | ID = 4609
Description =
Error - 31.01.2012 05:15:32 | Computer Name = SvensKlappkiste | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 29.01.2012 15:52:23 | Computer Name = SvensKlappkiste | Source = DCOM | ID = 10010
Description =
Error - 30.01.2012 07:13:23 | Computer Name = SvensKlappkiste | Source = Service Control Manager | ID = 7034
Description =
Error - 30.01.2012 07:52:09 | Computer Name = SvensKlappkiste | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.01.2012 um 12:49:03 unerwartet heruntergefahren.
Error - 30.01.2012 07:52:49 | Computer Name = SvensKlappkiste | Source = DCOM | ID = 10005
Description =
Error - 30.01.2012 07:52:57 | Computer Name = SvensKlappkiste | Source = DCOM | ID = 10005
Description =
Error - 30.01.2012 07:53:19 | Computer Name = SvensKlappkiste | Source = DCOM | ID = 10005
Description =
Error - 30.01.2012 07:53:22 | Computer Name = SvensKlappkiste | Source = DCOM | ID = 10005
Description =
Error - 30.01.2012 07:53:24 | Computer Name = SvensKlappkiste | Source = Service Control Manager | ID = 7001
Description =
Error - 30.01.2012 07:53:24 | Computer Name = SvensKlappkiste | Source = Service Control Manager | ID = 7026
Description =
Error - 30.01.2012 08:08:19 | Computer Name = SvensKlappkiste | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
31.01.2012, 16:29
| #3 |
| /// Malware-holic   | 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Mozilla client] C:\Users\Sven\AppData\Local\Mozilla\Firefox\firefox.exe (Корпорация Майкрософт)
:Files
C:\Users\Sven\AppData\Local\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Drücke bitte die  + E Taste.
__________________ |
|
31.01.2012, 17:17
| #4 |
| | 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" Die Textdatei sagt: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mozilla client deleted successfully.
C:\Users\Sven\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Sven
->Flash cache emptied: 3195321 bytes
Total Flash Files Cleaned = 3,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 64068 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Sven
->Temp folder emptied: 1881344 bytes
->Temporary Internet Files folder emptied: 61339851 bytes
->Java cache emptied: 16090662 bytes
->FireFox cache emptied: 372010541 bytes
->Apple Safari cache emptied: 12425216 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 442354453 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 864,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01312012_163210
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Geändert von Glyckspilz (31.01.2012 um 17:21 Uhr) Grund: Fehlermeldung korrigiert |
|
31.01.2012, 17:27
| #5 |
| /// Malware-holic | 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" ok, dann lassen wir das weg :-) Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.01.2012, 20:44
| #6 |
| | 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" Das Combofix-Log sagt: Combofix Logfile: Code:
ATTFilter ComboFix 12-01-30.02 - Sven 31.01.2012 20:18:52.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.1015.421 [GMT 1:00]
ausgeführt von:: c:\users\Sven\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\blyadstvoeb
c:\program files\AdiCash\Toolbar.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
C:\Record.Cl
c:\record.cl\C0A295CC392DE96
c:\users\Sven\AppData\Roaming\1&1
c:\users\Sven\AppData\Roaming\1&1\1&1 SoftPhone\NetworkLog.txt
c:\users\Sven\AppData\Roaming\1&1\Common\Contacts.cdb
c:\users\Sven\AppData\Roaming\1&1\Common\Contacts.lck
c:\windows\unin0407.exe
E:\Autorun.inf
F:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-28 bis 2012-01-31 ))))))))))))))))))))))))))))))
.
.
2012-01-31 19:33 . 2012-01-31 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 16:41 . 2012-01-31 16:41 -------- d-----w- c:\program files\iPod
2012-01-31 16:22 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BC4E39F-CFD9-4AC2-8066-00D863141A1F}\mpengine.dll
2012-01-31 15:32 . 2012-01-31 16:20 -------- d-----w- C:\_OTL
2012-01-27 14:57 . 2012-01-27 14:57 -------- d-----w- c:\users\Sven\AppData\Local\DDMSettings
2012-01-18 01:38 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 01:38 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 01:38 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 01:38 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-18 01:38 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 01:38 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-11 12:02 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 12:02 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 12:02 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 12:02 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 12:02 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 12:01 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 12:00 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 12:00 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-09 23:14 . 2012-01-09 23:14 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-09 23:14 . 2012-01-09 23:14 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-09 23:14 . 2012-01-09 23:14 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-09 23:14 . 2012-01-09 23:14 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 20:29 . 2011-10-25 21:30 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-07 09:08 . 2009-10-06 17:51 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-12-03 21:26 . 2011-05-17 20:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-15 17:11 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-15 17:05 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-16 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-16 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-16 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2007-10-31 11:02 . 2007-11-26 08:38 6385664 ----a-w- c:\program files\Multidecoder.exe
2012-01-09 23:14 . 2011-03-26 12:10 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\tbMyAs.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"UpdateStar"="c:\users\Sven\AppData\Roaming\UpdateStar\UpdateStar.exe" [2010-09-01 4739312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 133912]
"vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 998912]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2007-09-26 492912]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
.
c:\users\Sven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
STRATO HiDrive.lnk - c:\program files\STRATO AG\STRATO HiDrive\STRATO HiDrive.exe [2010-7-8 235520]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-12-19 2362720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2009-9-23 1791320]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-10-9 192512]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 21:41]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 21:41]
.
2012-01-21 c:\windows\Tasks\HPCeeScheduleForSven.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-07-27 12:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.maxdome.de/
mStart Page = hxxp://www.hp.com
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sven\AppData\Roaming\Mozilla\Firefox\Profiles\e5lepv06.default\
FF - prefs.js: browser.search.selectedEngine - My Movies
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/fm/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{85223548-4D57-4A3B-896B-145985F681C6} - c:\program files\AdiCash\Toolbar.dll
BHO-{BB9540F0-94B9-4fe8-A2E1-DE3A506ECD4B} - c:\program files\AdiCash\Toolbar.dll
Toolbar-{6AA99CB6-74AF-4136-A6C6-C64C95333249} - c:\program files\AdiCash\Toolbar.dll
HKCU-Run-fsm - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-Edition C - c:\windows\unin0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-31 20:33
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{209085e5-5667-437d-9bb6-f033a046fd24}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:09001a6b
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{4307b741-db35-492a-9a68-6d09a99a4c9c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{587e462a-1180-424b-bcb3-acfacd43f9c9}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:08001a73
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{689143df-175a-4794-839e-8447741cc799}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11001641
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{8063b8bf-e98a-4896-b59a-0ac70752649b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{86be41b8-9b0a-4779-8d98-a131f8e7cdee}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100013e8
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{b0ac1ee4-7cb9-43c1-9ea2-c83b81caef28}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0002a5
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{b6a558df-a9cc-4d3a-9eba-95e5a91fdd30}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{b70726f3-e2b4-4b96-9b58-6e6eb928cf4c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001a4b
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{ba9e677f-0ef8-4bb2-a3e5-3ba5c63d1e87}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{cff6a614-b773-4842-85ac-76493736d448}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10001a73
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\Tcpip6\Parameters\Interfaces\{e6b5a806-e10d-48c3-9e29-e7a84e9efb88}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d001a4b
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2012-01-31 20:38:48
ComboFix-quarantined-files.txt 2012-01-31 19:38
.
Vor Suchlauf: 17 Verzeichnis(se), 44.609.286.144 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 45.355.675.648 Bytes frei
.
- - End Of File - - 97EE058F92291124520E3D49C3474C62
--- --- --- Geändert von Glyckspilz (31.01.2012 um 20:46 Uhr) Grund: Frage am Rande |
|
31.01.2012, 20:46
| #7 |
| /// Malware-holic | 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" nutzt du das system für onlinebanking, einkäufe sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.01.2012, 22:12
| #8 | |
| | 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert"Zitat:
 |
|
01.02.2012, 11:49
| #9 |
| /// Malware-holic | 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" hi, dein pc war schon mit einigen trojanern infiziert die banking zugänge klauen. er ist nicht mehr vertrauenswürdig. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu 50 Euro Virus "Ihr Windowssystem wurde aus Sicherheitsgründen blockiert" |
| 50 euro, alternate, antivir, autorun, bho, blockiert, bonjour, browser, conduit, desktop, euro, expert pdf, fehlermeldung, firefox, format, free download, google earth, helper, home, launch, logfile, mozilla, mozilla thunderbird, nvstor.sys, plug-in, registry, required, rundll, scan, security, security scan, security update, software, symantec, updates, version=1.0, virus, vista, windows, windows vista home, windows vista home basic, windowssystem blockiert |
Linear-Darstellung
