|
Plagegeister aller Art und deren Bekämpfung: Bundespolizei TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.03.2012, 21:42 | #16 |
| Bundespolizei Trojaner Hi, MAM mit Fullscan im abgesicherten Modus laufen lassen... Poste das Log... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
10.03.2012, 22:40 | #17 |
| Bundespolizei Trojaner ok, das MAM hat 24 infizierte objekte gefunden. sollen die entfernt werden oder was saoll ich mit denen machen?
__________________und dann wieder OTL laufen lassen und die "Extras" und die "OLT" Datei posten? hab ich das richtig verstanden? |
10.03.2012, 22:46 | #18 |
| Bundespolizei Trojaner Hi,
__________________poste bitte das Ergebniss von MAM hier... Dann folgen ev. weitere Schritte... chris
__________________ |
10.03.2012, 22:47 | #19 |
| Bundespolizei Trojaner oder meinst du das MAM-Log? das lautet nach dem scan und VOR dem Löschen der infizierten Programme: Malwarebytes Anti-Malware (Test) 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.03.10.04 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Martin :: MARTIN-PC [Administrator] Schutz: Deaktiviert 10.03.2012 21:43:07 mbam-log-2012-03-10 (22-42-38).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 345876 Laufzeit: 53 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\OOO (Malware.Trace) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\OOO (Rogue.LivePlayer) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Users\Martin\AppData\Roaming\PCenter (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\dbases (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\keys (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\temp (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\wedfwefeee.exe (Trojan.SpyEyes) -> Keine Aktion durchgeführt. C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 15 C:\Users\Martin\AppData\Local\Temp\0.03131854124746003.exe (Spyware.Zbot.ES) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.03131854124746003.exe.lnk (Backdoor.Agent) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\dbases\cg.dat (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\dbases\mw.dat (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\dbases\rd.dat (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\dbases\sc.dat (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\dbases\sm.dat (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\dbases\sp.dat (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\keys\cg.key (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\keys\rd.key (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\keys\sc.key (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\keys\sp.key (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\temp\settings.ini (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\Users\Martin\AppData\Roaming\PCenter\temp\spfilter (Rogue.PCenter) -> Keine Aktion durchgeführt. C:\wedfwefeee.exe\config.bin (Trojan.SpyEyes) -> Keine Aktion durchgeführt. (Ende) |
10.03.2012, 22:53 | #20 |
| Bundespolizei Trojaner Hi, alles löschen lassen... Spyeyes und ein Backdoor, eigentlich solltest Du Neuaufsetzen... Von einem sauberen Rechner aus alle Passwörter im Internet ändern (z. B. Eby, Amazon etc.)... Poste nach dem MAM den Rechner neu gebootet hat ein neues OGL-Log und lass über Nacht Curteit / Dr. Web laufen... Cureit Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris Ps.: bin dann offline, bis morgen...
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
10.03.2012, 23:46 | #21 |
| Bundespolizei Trojaner also, letztlich musst du beurteilen, ob das hier sinn macht - ich habe keine ahnung. wenn du meinst Neuaufsetzen ist besser, dann muss ich das machen, wobei ich da auch überhaupt nicht weiß, wie das geht. folgenden Satz versteh ich nicht, bitte nochmal erklären: "Poste nach dem MAM den Rechner neu gebootet hat ein neues OGL-Log ..." ich kümmere mich jetzt erst mal um "Cureit".Was bringt das? |
11.03.2012, 10:47 | #22 |
| Bundespolizei Trojaner Hi, ich meinte ein neues OTL-Log posten... Cureit ist ein anderer Scanner, jeder hat so seine Schwächen/Stärken... Was MAM übersieht findet meist Cureit... Poste das Log von Cureit&Otl... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
11.03.2012, 13:51 | #23 |
| Bundespolizei Trojaner hallo ... der scan von dr.web-cureIT ist jetzt endlich durch. er hat einiges an viren gefunden. was soll ich mit denen jetzt machen? desinfizieren oder löschen oder was? und wie soll ich den inhalt des logs posten? der dr. web scanner lässt mich auf nichts zugreifen. ich müsste erst die dr. web anwendung schließen, bevor ich wieder auf funktionen zugreifen kann. daher weiß ich auch nicht, ob ich jetzt die viren löschen soll oder nicht. ich mach erst mal nichts und warte auf deine antwort. |
11.03.2012, 18:41 | #24 |
| Bundespolizei Trojaner Also, ich habe jetzt doch auf "löschen" geklickt ... habe aber das gefühl, dass nicht alle dateien, die als infiziert gemeldet worden sind, gelöscht werden konnten und sich die dr.-web anwendung irgendwie aufgehängt hat. in dem quarantäne-ordner sind 5 dateien abgelegt. bei der textdatei "cureIT" hab ich nach dem wort " infiziert" gesucht und poste nachfolgend alle zeilen mit dem wort infiziert: Scanstatistiken ----------------------------------------------------------------------------- Gescannt: 93471 Infiziert: 0 Desinfiziert: 0 Scanstatistiken ----------------------------------------------------------------------------- Gescannt: 1126 Infiziert: 0 Scanstatistiken ----------------------------------------------------------------------------- Gescannt: 1126 Infiziert: 0 Modifikationen: 0 Verdächtig: 0 Adware: 0 Dialer: 0 Scherzprogramme: 0 Riskware: 0 Hacktools: 0 Desinfiziert: 0 >>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\034362c7.qua/data001 - infiziert mit Trojan.Click1.59251 >>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\034362c7.qua - Archiv enthält infizierte Objekte - verschoben >>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\498b11f3.qua/data001 - infiziert mit Trojan.Click1.59251 >>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\498b11f3.qua - Archiv enthält infizierte Objekte - verschoben >>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\511c3638.qua/data001 - infiziert mit Trojan.Click1.59251 >>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\511c3638.qua - Archiv enthält infizierte Objekte - verschoben C:\Documents and Settings\Martin\Anwendungsdaten\Mozilla\Firefox\Profiles\i7r22a7o.default\Yahoo! Inc\ytoolbar\default\cachesection wahrscheinlich infiziert mit SCRIPT.Virus C:\Documents and Settings\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\Yahoo! Inc\ytoolbar\default\cachesection wahrscheinlich infiziert mit SCRIPT.Virus C:\Documents and Settings\Martin\Desktop\OTL.exe infiziert mit Trojan.Siggen3.52699 - nicht desinfizierbar - verschoben >>>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\034362c7.qua/data001 - infiziert mit Trojan.Click1.59251 >>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\034362c7.qua - Archiv enthält infizierte Objekte - verschoben >>>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\498b11f3.qua/data001 - infiziert mit Trojan.Click1.59251 >>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\498b11f3.qua - Archiv enthält infizierte Objekte - verschoben >>>>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\511c3638.qua/data001 - infiziert mit Trojan.Click1.59251 >>C:\Documents and Settings\Martin\DoctorWeb\Quarantine\511c3638.qua - Archiv enthält infizierte Objekte - verschoben C:\Documents and Settings\Martin\DoctorWeb\Quarantine\OTL.exe infiziert mit Trojan.Siggen3.52699 - nicht desinfizierbar - verschoben C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\Yahoo! Inc\ytoolbar\default\cachesection wahrscheinlich infiziert mit SCRIPT.Virus Scanstatistiken ----------------------------------------------------------------------------- Gescannt: 606433 Infiziert: 8 Scanstatistiken ----------------------------------------------------------------------------- Gescannt: 606433 Infiziert: 8 Modifikationen: 0 Verdächtig: 3 Adware: 2 Dialer: 0 Scherzprogramme: 0 Riskware: 2 Hacktools: 0 Desinfiziert: 0 Gesamtsitzungsstatistik ============================================================================= Gescannt: 701032 Infiziert: 8 Modifikationen: 0 Verdächtig: 3 Adware: 2 Dialer: 0 Scherzprogramme: 0 Riskware: 2 Hacktools: 0 Desinfiziert: 0 |
11.03.2012, 18:44 | #25 |
| Bundespolizei Trojaner Hab ich das bis hierher richtig gemacht? Wie gehts weiter? Du brauchst jetzt noch ein neues OTL?! |
11.03.2012, 19:50 | #26 |
| Bundespolizei Trojaner Hi, poste ein neues OTL-Log... Was Dr.Web/Cureit gefunden hat war nichts "so interessant"... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
11.03.2012, 20:22 | #27 |
| Bundespolizei Trojaner ok. sie OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.03.2012 19:59:27 - Run 4 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Martin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,87% Memory free 6,19 Gb Paging File | 5,34 Gb Available in Paging File | 86,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 33,34 Gb Free Space | 35,40% Space Free | Partition Type: NTFS Drive D: | 195,14 Gb Total Space | 55,64 Gb Free Space | 28,51% Space Free | Partition Type: NTFS Drive E: | 0,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (Norman NJeeves) -- File not found SRV - (AviraUpgradeService) -- File not found SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (RalinkRegistryWriter) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (OsdService) -- C:\Program Files\OEM\OSD_1.12\OsdService.exe (TODO: <公司名稱>) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- File not found DRV - (NwlnkFwd) -- File not found DRV - (NwlnkFlt) -- File not found DRV - (IpInIp) -- File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation) DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation) DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation) DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation) DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation) DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation) DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys () DRV - (s716mdm) -- C:\Windows\System32\drivers\s716mdm.sys (MCCI Corporation) DRV - (s716obex) -- C:\Windows\System32\drivers\s716obex.sys (MCCI Corporation) DRV - (s716mdfl) -- C:\Windows\System32\drivers\s716mdfl.sys (MCCI Corporation) DRV - (s716bus) Sony Ericsson Device 716 driver (WDM) -- C:\Windows\System32\drivers\s716bus.sys (MCCI Corporation) DRV - (k750obex) -- C:\Windows\System32\drivers\k750obex.sys (MCCI) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Martin\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9HP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms} IE - HKCU\..\SearchScopes\{08EF2EC7-48BA-4AB0-9529-C3A3A4A3021F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=mSRsvz6jFP9h0TVyCw73QHO6YHc?q={searchTerms} IE - HKCU\..\SearchScopes\{880DF7F5-F0D3-4051-B68C-5A2C2D315E4F}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{EB825AC3-D8CE-4F1E-8986-F095BB93D20B}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=17-01-2012&tb_mrud=17-01-2012 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.haz.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20120117101624874&tb_oid=31-12-2010&tb_mrud=17-01-2012&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 13:17:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.19 18:44:50 | 000,000,000 | ---D | M] [2010.06.02 08:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2012.03.09 22:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions [2012.01.17 11:17:29 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.10.20 11:49:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.25 19:57:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.09 22:37:47 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2011.09.01 09:12:13 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\i7r22a7o.default\extensions\2020Player_IKEA@2020Technologies.com [2012.01.17 11:17:40 | 000,002,354 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\aol-web-search.xml [2010.12.31 16:58:19 | 000,001,196 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\i7r22a7o.default\searchplugins\winamp-search.xml [2012.01.02 20:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.06.15 21:17:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.02.17 13:17:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.08 13:25:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.08 13:25:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.08 13:25:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.08 13:25:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.08 13:25:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.08 13:25:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Skype Extension = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.3\PriceGongIE.dll (PriceGong) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164C6585-FAE0-4313-BBF0-B1704721EA6A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell - "" = AutoRun O33 - MountPoints2\{8668c964-4a5d-11df-9b88-00030da1c51a}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.11 19:53:39 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2012.03.10 23:52:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\DoctorWeb [2012.03.10 21:23:06 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2012.03.10 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.10 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.10 21:23:02 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.10 21:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.10 21:21:07 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Martin\Desktop\mbam--setup-1.60.1.1000.exe [2012.03.10 21:16:07 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Martin\Desktop\mbam-clean.exe [2012.03.09 22:45:09 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.03.09 22:37:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong [2012.03.09 22:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\PriceGong [2012.03.09 22:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012.03.09 22:37:21 | 009,221,696 | ---- | C] (McAfee Inc.) -- C:\Users\Martin\Desktop\stinger-10.2.0.530.exe [2012.03.09 22:12:47 | 045,106,984 | ---- | C] (Mischel Internet Security ) -- C:\Users\Martin\Desktop\TrojanHunter55Setup.exe [2012.03.09 21:06:56 | 002,805,464 | ---- | C] (Symantec Corporation) -- C:\Users\Martin\Desktop\NPE25.exe [2012.03.09 15:48:22 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.03.09 15:48:22 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.03.09 15:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.03.09 15:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.03.09 15:29:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\mbam-installer [2012.03.09 15:25:34 | 033,205,152 | ---- | C] (TuneUp Software) -- C:\Users\Martin\Desktop\TuneUpUtilities2012_de-DE.exe [2012.03.09 10:40:04 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.08 20:18:20 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.03.08 20:18:19 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.03.08 20:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.03.08 20:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.03.08 20:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.08 20:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.08 20:06:48 | 003,628,016 | ---- | C] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup316.exe [2012.03.08 18:16:37 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\TrojanHunter [2012.03.08 16:05:16 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Systweak [2012.03.08 16:05:13 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.03.08 16:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro [2012.03.08 16:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro [2012.03.08 15:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter [2012.03.08 15:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TrojanHunter [2012.03.08 15:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.5 [2012.03.08 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.03.08 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Simply Super Software [2012.03.08 15:39:20 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll [2012.03.08 15:39:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2012.03.08 15:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Simply Super Software [2012.03.08 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.03.04 21:18:11 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Bank [2012.03.03 14:29:53 | 000,000,000 | ---D | C] -- C:\Users\Martin\Wgh [2012.02.15 20:44:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.15 20:44:15 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.15 20:44:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.15 20:44:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.15 20:44:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.15 20:44:12 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.02.15 19:37:11 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.02.13 21:23:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Neuer Ordner [2012.02.13 12:47:34 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira [2012.02.13 11:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.02.13 11:41:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.02.13 11:41:06 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.13 11:41:06 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.02.13 11:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.02.13 11:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ] [1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.11 19:53:39 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2012.03.11 00:49:51 | 081,316,632 | ---- | M] () -- C:\Users\Martin\Desktop\rq28mjjk.exe [2012.03.11 00:36:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.10 23:49:49 | 081,312,088 | ---- | M] () -- C:\Users\Martin\Desktop\drweb-cureit.exe [2012.03.10 23:37:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 23:37:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.10 23:37:18 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.03.10 21:23:03 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.10 21:21:10 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Martin\Desktop\mbam--setup-1.60.1.1000.exe [2012.03.10 21:17:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.10 21:17:20 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5B4FF3C-941E-437A-8FC3-EEC1EDA584BF}.job [2012.03.10 21:16:08 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Martin\Desktop\mbam-clean.exe [2012.03.09 22:45:09 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.03.09 22:37:38 | 009,221,696 | ---- | M] (McAfee Inc.) -- C:\Users\Martin\Desktop\stinger-10.2.0.530.exe [2012.03.09 22:15:20 | 000,000,780 | ---- | M] () -- C:\Users\Martin\Desktop\TrojanHunter.lnk [2012.03.09 22:14:59 | 000,111,182 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.03.09 22:13:51 | 045,106,984 | ---- | M] (Mischel Internet Security ) -- C:\Users\Martin\Desktop\TrojanHunter55Setup.exe [2012.03.09 21:57:12 | 001,634,086 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.09 21:57:12 | 000,907,720 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.09 21:57:12 | 000,403,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.09 21:57:11 | 000,453,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.09 21:51:37 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.09 21:37:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2012.03.09 21:06:56 | 002,805,464 | ---- | M] (Symantec Corporation) -- C:\Users\Martin\Desktop\NPE25.exe [2012.03.09 15:48:18 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.03.09 15:48:18 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.03.09 15:29:26 | 001,035,136 | ---- | M] () -- C:\Users\Martin\Desktop\HT42C7ZkG.exe [2012.03.09 15:26:18 | 033,205,152 | ---- | M] (TuneUp Software) -- C:\Users\Martin\Desktop\TuneUpUtilities2012_de-DE.exe [2012.03.08 20:16:49 | 210,292,736 | ---- | M] () -- C:\Users\Martin\Desktop\KWU_1.0.3.upd.iso [2012.03.08 20:12:21 | 074,761,776 | ---- | M] () -- C:\Users\Martin\Desktop\avast_free1426_antivirus_setup.exe [2012.03.08 20:07:25 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.08 20:06:56 | 003,628,016 | ---- | M] (Piriform Ltd) -- C:\Users\Martin\Desktop\ccsetup316.exe [2012.03.08 19:37:36 | 000,001,356 | ---- | M] () -- C:\Users\Martin\AppData\Local\d3d9caps.dat [2012.03.08 18:21:44 | 000,001,791 | ---- | M] () -- C:\Users\Martin\Desktop\Avira DE-Cleaner.lnk [2012.03.08 16:05:26 | 000,101,888 | ---- | M] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.08 16:05:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.03.08 16:05:21 | 000,000,262 | ---- | M] () -- C:\Windows\tasks\RegClean Prosch.job [2012.03.08 15:49:31 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll [2012.03.08 14:55:11 | 007,367,726 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat [2012.03.08 10:02:24 | 000,883,840 | ---- | M] () -- C:\Users\Martin\Desktop\Avira-DE-Cleaner.exe [2012.03.07 13:27:27 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2012.03.07 01:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.03.07 01:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.03.05 21:26:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2012.03.02 13:12:06 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.02.24 16:43:10 | 000,017,280 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.02.15 22:23:10 | 000,370,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.15 20:09:07 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.02.13 11:41:24 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.13 09:45:04 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2 C:\Users\Martin\Documents\*.tmp files -> C:\Users\Martin\Documents\*.tmp -> ] [1 C:\Users\Martin\Desktop\*.tmp files -> C:\Users\Martin\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.11 00:48:01 | 081,316,632 | ---- | C] () -- C:\Users\Martin\Desktop\rq28mjjk.exe [2012.03.10 23:47:35 | 081,312,088 | ---- | C] () -- C:\Users\Martin\Desktop\drweb-cureit.exe [2012.03.10 21:23:03 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.09 22:15:20 | 000,000,780 | ---- | C] () -- C:\Users\Martin\Desktop\TrojanHunter.lnk [2012.03.09 15:48:18 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.03.09 15:48:18 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.03.09 15:48:18 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.03.09 15:29:24 | 001,035,136 | ---- | C] () -- C:\Users\Martin\Desktop\HT42C7ZkG.exe [2012.03.08 20:10:06 | 210,292,736 | ---- | C] () -- C:\Users\Martin\Desktop\KWU_1.0.3.upd.iso [2012.03.08 20:09:22 | 074,761,776 | ---- | C] () -- C:\Users\Martin\Desktop\avast_free1426_antivirus_setup.exe [2012.03.08 20:07:25 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.08 16:05:21 | 000,000,262 | ---- | C] () -- C:\Windows\tasks\RegClean Prosch.job [2012.03.08 15:49:20 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2012.03.08 15:39:20 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll [2012.03.08 15:39:20 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2012.03.08 15:39:20 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2012.03.08 15:39:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2012.03.08 15:39:19 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2012.03.08 14:54:53 | 007,367,726 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\SMRBackup162.dat [2012.03.08 10:02:30 | 000,001,791 | ---- | C] () -- C:\Users\Martin\Desktop\Avira DE-Cleaner.lnk [2012.03.08 10:02:23 | 000,883,840 | ---- | C] () -- C:\Users\Martin\Desktop\Avira-DE-Cleaner.exe [2012.02.13 11:41:24 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.11 18:58:58 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2012.02.11 18:58:57 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2011.10.13 16:45:00 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.10.02 19:49:13 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.10.02 19:49:13 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.05.05 17:42:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > |
11.03.2012, 20:23 | #28 |
| Bundespolizei Trojaner und die Extras:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.03.2012 19:59:27 - Run 4 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Martin\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,87% Memory free 6,19 Gb Paging File | 5,34 Gb Available in Paging File | 86,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,16 Gb Total Space | 33,34 Gb Free Space | 35,40% Space Free | Partition Type: NTFS Drive D: | 195,14 Gb Total Space | 55,64 Gb Free Space | 28,51% Space Free | Partition Type: NTFS Drive E: | 0,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum EasyBook\Fotoschau.exe" -d "%1" () Directory [Pixum EasyBook] -- "C:\Program Files\Pixum\Pixum EasyBook\Pixum EasyBook.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03BE16C2-7F81-496F-9AE5-F7EBF80F036A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{170C8C54-B392-482B-9F23-9C228860FBE1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{1CCD7AA4-B0C2-428B-A372-AFFF1E5E059D}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{311D4DFF-1964-4149-8CDE-F7DA989823CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{397E7F37-6BA5-493E-B053-FE02E7844F1B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{450CBD0B-816F-4106-9EB5-1977F2968659}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5CC650F9-0B20-425B-A6BC-CA8778FAA934}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{65143E8F-41E8-4233-9510-EB3714628AE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{71515D20-171F-4E86-912C-125B88F4B345}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{8D57A384-9F1E-4C2A-ACC3-CC0382368005}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B0A23F26-669C-45D8-ADB8-1F4D985D00DF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B8C62B2F-6F39-4769-906B-582FC3B3ACD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BD957A4F-BA1D-4E60-8C1F-8568D71181B7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{CC7D6AE0-EEBB-441F-8ECE-63F8F974063D}" = lport=2869 | protocol=6 | dir=in | app=system | "{CFB04593-8C8E-4C3D-877E-8EA94C0BE255}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F07E294F-C817-4161-9798-87265245EEA7}" = rport=2869 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04BF250E-B80E-47E9-8D95-AC75A0DB66A0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1DC7653A-614F-457F-BC71-BC0B28290A25}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{260965F7-DC2A-473A-87CD-4B8BB5A63B69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{29E666AF-2A82-4401-8633-3FB72FEC3A99}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2A2AEB15-0949-48BF-B739-6F2A2938D4F0}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{37AA4EEE-F69D-4A11-83C3-AEE785797E5E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{47C2EDB2-674B-48FC-999C-38260E4A2571}" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | "{48CC86E9-7783-46BC-9A2B-45EB5D71F10D}" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | "{6508ECC3-D78E-4A5D-B8EF-FD4E375B0F30}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{68785373-888A-485A-97D3-133C7A352D67}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{6E555262-445B-4AB9-B5E4-09DFAF397347}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{759CA9A0-E57A-4EC9-9CAD-510A176444E3}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{932AAF37-DE4A-4343-BC0C-8B0F7CCA84F6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{94A6A708-8D34-4075-9B60-25485ABB4705}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B66AF5EC-F941-43A8-B21C-E1881A839036}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CDB55A2E-B884-48AA-9813-959975024403}" = dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{06E68202-05AD-47BB-98A8-F12D3B24985C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{1DFD7C6E-33E5-45BD-B08E-55D720A6490F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{20AE0F50-EBD3-4618-AF7B-2DC8726B2079}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{272EC2EE-33E4-4036-909F-368D12AF36EA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{858A3433-1C59-4D9E-89A8-F93E29CA173E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{8E0C5033-B28B-437B-8911-676411FCA7E3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{981E0A58-25A6-4A71-9D05-DA9C0B7A072A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{A61CAEDE-ED7A-4FA5-982C-5C36DEBEE68E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{AEF01DE3-C8EB-45F7-A975-C91C9A0E631A}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{B623211E-D96A-4A1D-ACC5-A8B946449A0D}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{BCC61290-BC9D-45C1-8E45-8AFE68ABDAD2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{E4DD02B6-35F2-45AC-A6F1-B20AF248FFC6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{EB60AFD4-37BA-4704-880E-3F59BFFF2E3E}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{F60A3D7D-1F10-4CD9-B688-E0443C00FB26}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{FC32036E-01D4-4084-8927-F16DCF0E048E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{01392A9D-02E5-4AE4-8F4F-31A37648D34C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{19298AB5-B819-45E1-9C56-343C438ED144}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3188EB50-F8F4-4DE0-9115-B563F46EA573}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{3A3CDE58-E432-4421-9FDA-351B12388A41}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{49065ACF-A1DE-47BD-9CD1-C3D7706FE99D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{8293C225-A4C3-43A2-91A8-EDDDC82E6FB1}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{8889C0A0-19FD-48F5-84FA-C275C4108737}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{8AA3325E-6B97-4584-AF7D-2798EA36B6CD}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{8E5A5E82-6A11-407D-B54B-FC2E13A6D1D4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{A3872F3A-39DD-4AFF-91F8-82CE46EE3855}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{CBA3C2E5-25EE-4E4A-A976-357519A48F30}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{CBE30CE5-0D22-4292-AF56-17A8105693EC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{CF4CF07A-B9FC-48BC-AA99-346F5AC55733}C:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\martin\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{EFA51997-3254-406D-AAF8-67F9FF38301C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F9FEF081-39B9-485E-95AA-CB9A9671F1BD}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 27 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2F04C9DA-94DA-4361-8B34-02CD8187861F}" = SystemDiagnostics "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2 "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.12 "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{854C47D1-C2A0-4492-8655-C3F8D49C1031}" = Nero 8 Essentials "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch "{AD5A6099-D163-4DE9-9485-F2A210EE09B4}" = Langenscheidt Vokabeltrainer 4.0 Demoversion "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0194539-8118-4FD7-8ABA-912B2D479B48}" = Ulead Photo Explorer 6.0 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Canon MP190 series Benutzerregistrierung" = Canon MP190 series Benutzerregistrierung "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "CutePDF Writer Installation" = CutePDF Writer 2.5 "Defraggler" = Defraggler "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ElsterFormular 11.5.0.4546" = ElsterFormular "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "Luxor Amun Rising" = Luxor Amun Rising (remove only) "Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "MP Navigator EX 1.2" = Canon MP Navigator EX 1.2 "NVIDIA Drivers" = NVIDIA Drivers "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "Pixum EasyBook" = Pixum EasyBook "Poker Superstars II" = Poker Superstars II (remove only) "PriceGong" = PriceGong 2.6.3 "RegClean Pro_is1" = RegClean Pro "SoftwareUpdUtility" = Download Updater (AOL LLC) "SopCast" = SopCast 3.0.3 "Trojan Remover_is1" = Trojan Remover 6.8.3 "TrojanHunter_is1" = TrojanHunter 5.5 "TuneUp Utilities 2012" = TuneUp Utilities 2012 "ucqemcq" = Favorit "Virtual Villagers" = Virtual Villagers (remove only) "VLC media player" = VLC media player 1.1.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 145697977 Error - 05.09.2011 02:52:09 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 145697977 Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 145698975 Error - 05.09.2011 02:52:10 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 145698975 Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 145700176 Error - 05.09.2011 02:52:11 | Computer Name = Martin-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 145700176 Error - 05.09.2011 04:26:25 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
11.03.2012, 20:40 | #29 |
| Bundespolizei Trojaner noch was zur info: hab gerade mal versucht mich normal unter meinem benutzerkonto anzumelden ... also nicht im abgesicherten modus, sondern so wie immer. und der virus scheint weg zu sein. jedenfalls kommt nicht mehr diese bundespolizeiseite, die alles blockt. desktop sieht ganz normal aus ... wie gehts jetzt weiter? |
11.03.2012, 21:07 | #30 |
| Bundespolizei Trojaner Hi, sollte jetzt auch alles wieder tun. Du hast einiges an SW drauf (Avira, Avast, etc.). Die Realtimescanner können sich gegenseitig behindern, nur einen behalten, den Rest (Trojanhunter etc.) runterlöschen. MAM würde ich drauf lassen, ab- und an updaten und dann einen fullscan wöchentlich machen. Dr. Web/Cureit kann auch gelöscht/deinstalliert werden. Ein Reg.-Key muss noch gerade gebogen werden:
Code:
ATTFilter :REG [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = dword:0x01 :Commands [purity] [emptytemp] [CREATERESTOREPOINT] [Reboot]
Dann sollten wir erstmal durch sein... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
Themen zu Bundespolizei Trojaner |
abgesicherten, administrator, ahnung, beendet, booten, cleaner, erstellt, euro, geld, gen, heute, klicke, links, log, logfiles, modus, programme, rechtsklick, registry, scan, sperrt, trojane, trojaner, verschiedene, virus |