|
Log-Analyse und Auswertung: Bundespolizeivirus aber Dateien nicht verschlüsseltWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.06.2012, 11:06 | #1 |
| Bundespolizeivirus aber Dateien nicht verschlüsselt Hallo, ich habe mir auch den Bundespolizeivirus eingefangen. Beim surfen wurde mein Bildschirm kurz weiß für 2 Sek. und mit dem Text: Ihr Computer wurde gesperrt, Bundespolizei und so weiter. Ich denk mal mein Antivir hat dann gegriffen und das Fenster hat sich wieder geschlossen. Auf jeden fall kam das noch 2 mal danach aber jeweils nur ganz kurz. Ich hab sofort das Internet ausgestöpselt und die hier empfohlenen malwareprogramme durchlaufen lassen. Ich kann noch voll auf meinen Computer und die Dateien zugreifen, nur mein Taskmanager verschwindet immer nach einer Sekunde wenn ich ihn öffne. Ich weiß aber nicht ob das direkt mit diesem Virus zu tun hat, ich hatte ihn schon länger nicht mehr aufgerufen. Unten sind die Logs in der Reihenfolge wie ich die Scans ausgeführt habe. Wäre super wenn ihr da mal draufschauen könntet und mir sagen könntet wie ich weiter vorgehen soll oder ob die Gefahr schon vorbei ist. Vielen Dank Mbam [log] Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.29.11 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 OLé :: OLÉ-PC [Administrator] Schutz: Aktiviert 30.06.2012 00:34:41 mbam-log-2012-06-30 (00-34-41).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 380379 Laufzeit: 57 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKCR\CLSID\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Live PC Care (Rogue.LivePCCare) -> Daten: "C:\ProgramData\7195b\LP801.exe" /s /d -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\OLé\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bösartig: (hxxp://findgala.com/?&uid=241&q={searchTerms}) Gut: (hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 2 C:\Users\OLé\AppData\Roaming\Live PC Care (Rogue.LivePCCare) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 C:\Users\OLé\AppData\Roaming\AcroIEHelpe143.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\OLé\AppData\Local\Temp\~os5A63.tmp\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\OLé\AppData\Local\Temp\~os5A63.tmp\rlxf.dll (PUP.Adware.RelevantKnowledge) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\OLé\Downloads\SoftonicDownloader_fuer_guitar-pro.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\OLé\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Live PC Care.lnk (Rogue.LivePCCare) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\OLé\AppData\Roaming\Live PC Care\cookies.sqlite (Rogue.LivePCCare) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\OLé\AppData\Roaming\Live PC Care\Instructions.ini (Rogue.LivePCCare) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) [/log] OTL.txt [log] OTL logfile created on: 30.06.2012 11:00:13 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\OLé\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,02% Memory free 4,00 Gb Paging File | 2,84 Gb Available in Paging File | 70,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 6,49 Gb Free Space | 3,32% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 13,24 Gb Free Space | 13,56% Space Free | Partition Type: NTFS Drive F: | 1,81 Gb Total Space | 0,52 Gb Free Space | 28,96% Space Free | Partition Type: FAT Drive H: | 172,79 Gb Total Space | 31,14 Gb Free Space | 18,02% Space Free | Partition Type: NTFS Drive I: | 74,53 Gb Total Space | 40,59 Gb Free Space | 54,47% Space Free | Partition Type: NTFS Computer Name: OLÉ-PC | User Name: OLé | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.24 04:50:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\OLé\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\OLé\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.24 07:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- D:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009.11.10 20:43:58 | 000,906,912 | ---- | M] (Acronis) -- C:\Programme\Seagate\DiscWizard\TimounterMonitor.exe PRC - [2009.11.10 20:36:22 | 000,136,544 | ---- | M] (Seagate) -- C:\Programme\Common Files\Seagate\Schedule2\schedhlp.exe PRC - [2009.11.10 20:36:04 | 000,431,456 | ---- | M] (Seagate) -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe PRC - [2009.11.10 20:30:14 | 001,352,480 | ---- | M] (Seagate) -- C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe ========== Modules (No Company Name) ========== MOD - [2012.06.30 00:20:09 | 000,215,200 | ---- | M] () -- C:\Users\OL4BAC~1\AppData\Local\Temp\0_0u_l.exe MOD - [2011.04.14 19:05:56 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll MOD - [2009.11.10 18:39:32 | 001,332,576 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\fox.dll MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.11.01 20:49:22 | 000,984,064 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\foxydeal\IE\libxml2.dll MOD - [2006.05.14 06:23:40 | 000,138,752 | ---- | M] () -- C:\Programme\7-Zip\7-zip.dll MOD - [2005.08.06 17:15:16 | 000,073,728 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\foxydeal\IE\zlib1.dll MOD - [2004.10.11 20:51:40 | 000,223,232 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\foxydeal\IE\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - File not found [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing) SRV - File not found [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpActivator) SRV - File not found [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetPipeActivator) SRV - File not found [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2012.06.24 01:56:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.11 20:52:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.11.10 20:36:04 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2009.11.06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009.10.30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D125D544-1BCB-4F84-8464-DF808BA68467}\MpKsl55a5fc0d.sys -- (MpKsl55a5fc0d) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.11.14 16:23:22 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.11.14 16:23:22 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010.11.14 16:23:16 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010.11.14 16:23:12 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2010.10.24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.10.24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.02.28 14:47:58 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.02.28 14:47:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.11.09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 AD 72 F4 7C 90 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {58EA6C21-597C-4B53-9330-79656EF73679} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=241&q={searchTerms} IE - HKCU\..\SearchScopes\{58EA6C21-597C-4B53-9330-79656EF73679}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OLé\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OLé\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.06 21:16:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.06 21:16:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\OLé\AppData\Roaming\01048 [2012.06.19 21:05:59 | 000,000,000 | ---D | M] [2010.01.09 15:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLé\AppData\Roaming\mozilla\Extensions [2010.01.08 20:53:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\OLé\AppData\Roaming\mozilla\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.08 20:53:08 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\OLé\AppData\Roaming\mozilla\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.11.16 12:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions [2010.01.09 14:56:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.13 13:19:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.01.09 14:56:17 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.05.01 01:55:40 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions\sparweltgutscheinewl@sparwelt.de [2012.06.26 19:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions [2010.01.12 20:45:31 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2010.06.13 13:19:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.23 18:59:07 | 000,000,000 | ---D | M] (Download YouTube Videos as MP4 and FLV) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060} [2010.01.12 20:39:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.01.12 20:52:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\elemhidehelper@adblockplus.org [2012.05.11 12:41:08 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\printpdf@pavlov.net [2010.05.12 23:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.12 23:48:23 | 000,000,000 | ---D | M] (foxydeal) -- C:\Programme\Mozilla Firefox\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\OLE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Z8UC00CK.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\OLE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Z8UC00CK.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8} [2010.01.08 20:10:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\OL\u00E9\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\OL\u00E9\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OL\u00E9\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\OL\u00E9\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\OL\u00E9\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: DivX Web Player (Enabled) = D:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - Extension: YouTube = C:\Users\OLé\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\OLé\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\OLé\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (foxy) - {DAEB27B6-FFA6-417F-B060-C5413E6269AA} - C:\Users\OLé\AppData\Roaming\foxydeal\IE\foxyDeal.dll (foxyDeal.com) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Seagate\DiscWizard\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate) O4 - HKCU..\Run: [miCoach Manager] D:\Programme\miCoach Manager\SyncManager.exe (adidas) O4 - Startup: C:\Users\OLé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\OLé\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\OLé\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\OLé\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\OLé\Desktop\PartyPoker.lnk () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{283AFF35-E0C1-4408-836C-6D2B5D794587}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6f1065a1-fd09-11de-971a-001fd0946a7a}\Shell - "" = AutoRun O33 - MountPoints2\{6f1065a1-fd09-11de-971a-001fd0946a7a}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{7ecb3608-0840-11df-89a1-001fd0946a7a}\Shell - "" = AutoRun O33 - MountPoints2\{7ecb3608-0840-11df-89a1-001fd0946a7a}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.30 10:58:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\OLé\Desktop\OTL.exe [2012.06.30 00:31:19 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\Malwarebytes [2012.06.30 00:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.30 00:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.30 00:31:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.30 00:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.24 21:31:47 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Local\Macromedia [2012.06.19 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01048 [2012.06.19 18:39:34 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01047 [2012.06.19 07:30:21 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01046 [2012.06.16 19:08:36 | 000,000,000 | ---D | C] -- C:\Users\OLé\Desktop\Scheisse [2012.06.15 19:09:30 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01044 [2012.06.14 23:44:23 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01043 [2012.06.12 17:36:32 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01041 [2012.06.08 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01040 [2012.06.08 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\xmldm [2012.06.08 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\kock [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\OLé\AppData\Roaming\*.tmp files -> C:\Users\OLé\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.30 10:57:46 | 000,000,176 | ---- | M] () -- C:\Users\OLé\defogger_reenable [2012.06.30 10:56:58 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 10:56:58 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.30 10:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.30 10:53:12 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13293605-3485637756-3169363537-1000UA.job [2012.06.30 10:52:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.30 10:51:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.30 10:51:45 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.06.30 01:37:11 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.30 00:34:15 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.06.30 00:33:23 | 000,709,162 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.30 00:33:23 | 000,662,758 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.30 00:33:23 | 000,153,548 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.30 00:33:23 | 000,125,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.30 00:31:14 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.30 00:20:10 | 000,001,917 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.26 19:53:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13293605-3485637756-3169363537-1000Core.job [2012.06.24 04:50:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\OLé\Desktop\OTL.exe [2012.06.19 18:08:03 | 000,000,048 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\blckdom.res [2012.06.16 13:57:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.06.12 16:49:33 | 000,002,385 | ---- | M] () -- C:\Users\OLé\Desktop\Google Chrome.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\OLé\AppData\Roaming\*.tmp files -> C:\Users\OLé\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.30 10:57:32 | 000,000,176 | ---- | C] () -- C:\Users\OLé\defogger_reenable [2012.06.30 10:57:05 | 000,050,477 | ---- | C] () -- C:\Users\OLé\Desktop\Defogger.exe [2012.06.30 00:31:14 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.30 00:20:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.06.30 00:20:10 | 000,001,917 | ---- | C] () -- C:\Users\OLé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.08 15:46:40 | 000,000,048 | ---- | C] () -- C:\Users\OLé\AppData\Roaming\blckdom.res [2010.02.10 14:46:55 | 000,000,091 | ---- | C] () -- C:\Users\OLé\AppData\Local\fusioncache.dat ========== LOP Check ========== [2012.06.08 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01040 [2012.06.12 17:36:32 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01041 [2012.06.14 23:44:23 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01043 [2012.06.15 19:09:30 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01044 [2012.06.19 07:30:21 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01046 [2012.06.19 18:39:34 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01047 [2012.06.19 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01048 [2010.03.18 18:16:19 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Ashampoo [2010.03.29 18:46:58 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Canneverbe Limited [2010.01.09 12:29:33 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\DAEMON Tools Lite [2012.06.30 10:59:16 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Dropbox [2010.06.13 13:19:16 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.23 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\FOG Downloader [2010.05.12 23:48:23 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\foxydeal [2010.12.23 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\GetRightToGo [2012.03.11 15:19:05 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Guitar Pro 6 [2010.06.07 16:52:18 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\ImgBurn [2011.09.30 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Kalypso Media [2012.06.08 15:46:21 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\kock [2011.01.23 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Leadertech [2011.10.03 20:10:24 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\PeaZip [2010.11.16 12:08:55 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\RayV [2010.01.23 21:58:16 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Sony [2010.01.23 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Sony Setup [2011.03.10 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\The Creative Assembly [2012.03.10 13:49:06 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Tropico 4 [2012.05.15 21:29:40 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\TS3Client [2010.02.28 14:57:33 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Ubisoft [2010.05.01 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\widestream [2012.06.08 15:46:22 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\xmldm [2012.05.22 19:14:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMPFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > [/log] Extras.txt [log]OTL Extras logfile created on: 30.06.2012 11:00:13 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\OLé\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,02% Memory free 4,00 Gb Paging File | 2,84 Gb Available in Paging File | 70,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 6,49 Gb Free Space | 3,32% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 13,24 Gb Free Space | 13,56% Space Free | Partition Type: NTFS Drive F: | 1,81 Gb Total Space | 0,52 Gb Free Space | 28,96% Space Free | Partition Type: FAT Drive H: | 172,79 Gb Total Space | 31,14 Gb Free Space | 18,02% Space Free | Partition Type: NTFS Drive I: | 74,53 Gb Total Space | 40,59 Gb Free Space | 54,47% Space Free | Partition Type: NTFS Computer Name: OLÉ-PC | User Name: OLé | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PeaZip] -- Reg Error: Value error. Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1254DA85-D815-4DF3-A077-952C65FF7497}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{13172D0F-8592-495A-8BF6-40A6BAA20E03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{19046FCD-BABE-4311-9AA2-B10719B3B858}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1A19CFC1-0A59-4ADC-90D0-4AB9A940423D}" = rport=139 | protocol=6 | dir=out | app=system | "{1EC57C0E-B457-4B61-8582-5627BD03C19D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2959D930-2B0E-45F4-ACEB-223374AF3C5C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2ABEEACE-567B-4C14-8C97-F6A84CC948E4}" = rport=137 | protocol=17 | dir=out | app=system | "{30E5A6A0-529B-4E31-9122-F0AFFDA81785}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{45D35901-5669-4282-B928-617B21E62453}" = lport=138 | protocol=17 | dir=in | app=system | "{47D015FA-713F-4EA5-902F-1B4E7C1796D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{53020F5A-FB16-4D33-8FBA-B273FBFC88C6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{539864C1-B158-4BF0-A75A-E6AA396BB275}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{62F83A9E-C42F-4C4D-B15D-25453C84F99F}" = lport=2869 | protocol=6 | dir=in | app=system | "{63323C9E-5A90-4591-87C9-A5EFE8DA3596}" = lport=137 | protocol=17 | dir=in | app=system | "{6AB8936B-1CDD-42BD-971A-7927BC91ADB5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{705FF5E8-77ED-4F88-8BCE-C22A85C8ADE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{7964236B-20ED-4DF7-A0F2-9BD67F0553F1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7B7B0756-EBA7-4D5E-99FE-467AF3267AD2}" = rport=138 | protocol=17 | dir=out | app=system | "{7E74E931-6EBD-4EB6-861E-5059C258D56F}" = rport=445 | protocol=6 | dir=out | app=system | "{7FAAC67F-4BA4-4E50-98AA-684993ACB8DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8795AA5A-6400-4AC4-B1B3-6FBB720B0083}" = lport=139 | protocol=6 | dir=in | app=system | "{90076B65-ADD8-443A-BB8F-DEB3CC4DAC8C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{A472DED1-BCF1-4322-A9BA-29B0A57E9347}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B9ABB3AB-4439-4167-A1DF-75DAA35B3D9C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{BD6CA5C3-689E-44CB-A32F-06874226E715}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C48B0868-D0D3-4326-833C-600E3B0CF3A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E1E0104A-CD44-4DEE-BA95-4A874CAC71E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E49A16C9-6240-4D5E-A633-4396F1D7F896}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E78FDC55-32DC-446C-A800-578DB1E82898}" = lport=445 | protocol=6 | dir=in | app=system | "{EBE1018B-03CA-4F8F-AE41-9A67699D8804}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{F087D0F3-441F-4BA4-8F75-C08F7248EB66}" = lport=10243 | protocol=6 | dir=in | app=system | "{F233F7F2-8394-4604-842D-6D891BF4C996}" = rport=10243 | protocol=6 | dir=out | app=system | "{F4BA285D-7F07-4219-B568-F1F513FFF5BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F74CC547-0BC8-47B3-A6F6-E333E0324F8F}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04ACE25A-1AD8-4DE6-888D-BEE1EE933D12}" = protocol=17 | dir=in | app=c:\users\olé\appdata\roaming\dropbox\bin\dropbox.exe | "{085BC455-702D-494D-9749-6721014E2253}" = protocol=6 | dir=in | app=c:\users\olé\appdata\roaming\dropbox\bin\dropbox.exe | "{155A1B6A-68B3-46DC-A1F9-4848906A0F4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{2146153A-ECFA-438B-BC6F-B8B2EBEB243F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{232E945F-428A-4451-9FBB-9518A657D7A4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{32C59020-3C80-4C8F-9AC2-F39BA34D6708}" = protocol=6 | dir=out | app=system | "{3A7B9623-9279-4D18-BF58-B692AA48C611}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{3E34366B-CEE5-4B8C-80EE-677B38097A0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{558349C9-FF59-4B3A-932B-2C93C3739672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{57E5DF8C-68B3-4F93-9B02-8C74A67F3627}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{68CCC3A2-FA54-4A1C-864E-05F1427DF225}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{72C0041E-5AFE-495E-B090-0252C3892E1B}" = protocol=6 | dir=in | app=d:\spiele\steam\steamapps\gimligloinsohn@gmx.de\counter-strike\hl.exe | "{72FFA923-40F2-4CE8-9898-AAA9CB5BA30F}" = protocol=17 | dir=in | app=i:\diablo iii\diablo iii.exe | "{73F0CC65-DBB2-4A9B-945A-8A009E4BDCFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7F1EBE39-7835-4B05-B309-2C26D11F86A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{80402C33-34A9-489C-A032-6BE0ED852F91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8083A9B7-90D1-4AFE-AD81-5301646B70A7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{8C45870B-E70E-44C5-8B91-8B6ABF9AC90E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{949A208C-58F3-4375-A9D9-88AF0BBB55FC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9B1EF7FD-AAF1-4372-93C8-A0E06B8B8469}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6B5620C-D083-4280-9AB5-D5D4CDE50A3D}" = protocol=17 | dir=in | app=d:\spiele\steam\steam.exe | "{A70E1EAF-1BF1-4AD0-B469-E1B7E0E011FB}" = protocol=17 | dir=in | app=d:\spiele\steam\steamapps\gimligloinsohn@gmx.de\counter-strike\hl.exe | "{AAF346C0-B9CA-4DDE-A60A-82C57E3A9ACB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{B275939C-2201-4209-B3A4-FFA53C817CEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B644E97A-6098-4383-BA97-5FCBA0616B0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BBBC21A8-B8D9-4901-AB18-62EE0199AE2B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{BD7A3E2E-206C-4EB4-BD3C-A55C8A255B45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0B6CCE8-5F50-442E-A65C-46D215C6A540}" = protocol=6 | dir=in | app=i:\diablo iii\diablo iii.exe | "{C2526D42-37C0-488A-A88E-A9514640E8F5}" = protocol=6 | dir=in | app=d:\spiele\steam\steam.exe | "{CF9E56D3-A72F-4C1B-B02D-DE40CF1C47F0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D47226DE-D2F5-44CA-A424-B0CC1A889BF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DABFF8A5-9632-446E-92AC-CAA4CC195293}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{E1B1BAE8-6F83-4EFB-B354-FAE748FCC2B0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E741BB9B-356A-43A6-A81E-FE5CF6A85F13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E7B8E04D-193E-4448-981D-125CF9D626CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{F40C18A8-414F-4AF5-928C-F8E5981260B6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{FC2E9186-524B-4FFF-8D53-B77104EDF650}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "TCP Query User{0CFEB36F-7433-42C8-AC9E-00599ABDC9C8}D:\spiele\achtung\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=d:\spiele\achtung\ipcurve\ipcurve.exe | "TCP Query User{0F835171-43C8-4EA4-A206-6A7FDDA4A111}D:\spiele\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\spiele\runes of magic\client.exe | "TCP Query User{109D1D3D-F327-449F-8A09-3413DBBC6140}D:\programme\downloads\progs&\darts\dartpro\dartpro.exe" = protocol=6 | dir=in | app=d:\programme\downloads\progs&\darts\dartpro\dartpro.exe | "TCP Query User{15D9B1BA-04D8-4147-B7B7-EFF90EA0F5B1}D:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | "TCP Query User{23AAC60C-F513-42A6-9598-C77FE958FF7E}D:\spiele\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\eadm\core.exe | "TCP Query User{322A9E2E-9AD3-43CA-80E6-E3CBE388E07E}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{33C6B2C3-8536-41D3-BEA5-404C6139181A}D:\spiele\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age2_x1.exe | "TCP Query User{3AE0C69A-9534-46E5-8BA9-7648E584963F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{3DEEBCC7-FFF4-415D-B4C0-75222C585E80}D:\spiele\fifa11\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa11\game\fifa.exe | "TCP Query User{43E89256-D771-48C7-AD93-B97305C1179B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{4F228DA4-0055-4192-8C27-58FD410A610B}D:\spiele\age of empires\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires\age2_x1\age2_x1.exe | "TCP Query User{607C4530-69BD-4566-AF8F-D63890C3B571}C:\users\olé\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=6 | dir=in | app=c:\users\olé\downloads\fogdownloader-rom_3_0_1_2153.exe | "TCP Query User{73B103C1-7BE3-47F8-84CC-0B04E7E47494}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{756A723D-6800-460C-A829-68EE636A015E}D:\spiele\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age2_x1\age2_x1.exe | "TCP Query User{856B3D4D-57DD-40FE-A1A2-CEBA9A6B8A9F}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{8E25DE8D-1ED5-4987-B099-A64EFEE3DB1A}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "TCP Query User{8E406FFD-8718-4DEA-93F2-5C056566606A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{9287E7A2-3D75-4E90-B154-C63747B5345D}D:\spiele\age of empires\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age of empires\age2_x1\age2_x1.exe | "TCP Query User{96223488-8B9A-4100-82ED-7955B455D7A9}C:\programdata\7195b\lp801.exe" = protocol=6 | dir=in | app=c:\programdata\7195b\lp801.exe | "TCP Query User{9A033A1A-A840-4AE8-AD24-22FC7F483F85}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{A2FAC8BC-E699-470D-8DEC-F8A7439A25AA}D:\spiele\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\spiele\ubisoft\related designs\anno 1404\tools\anno4web.exe | "TCP Query User{AAE51A54-9D81-4494-A24D-63FAD8220BBE}D:\spiele\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\spiele\electronic arts\eadm\core.exe | "TCP Query User{AC2FCF84-56F4-497B-A49F-52DC60B6498A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{B4D773CA-F5A3-4262-B17A-F648203A38F8}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{BF119D52-E391-4F52-AB48-A8CCD366FDBB}D:\spiele\manager 11\manager11.exe" = protocol=6 | dir=in | app=d:\spiele\manager 11\manager11.exe | "TCP Query User{C126BB55-2D3A-4F55-AFB4-34D4457E121A}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{C5C35D39-123C-43DE-82FD-620FE7F549A9}D:\spiele\2k sports\nba 2k10\nba2k10.exe" = protocol=6 | dir=in | app=d:\spiele\2k sports\nba 2k10\nba2k10.exe | "TCP Query User{C7251943-96AA-4DC1-AE61-093783B52485}D:\spiele\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age2_x1\age2_x1.exe | "TCP Query User{C964A8D2-95A5-4EE7-800E-5A968932994E}D:\spiele\valve\hl.exe" = protocol=6 | dir=in | app=d:\spiele\valve\hl.exe | "TCP Query User{CE0F47E8-FC19-4608-9958-37B84916CB42}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{DDA545CF-9C12-4889-BB3E-DD3AF724BB11}D:\spiele\fifa11demo\game\fifa.exe" = protocol=6 | dir=in | app=d:\spiele\fifa11demo\game\fifa.exe | "TCP Query User{F619E6CD-EB8A-434F-BC40-C7FEE5220FD2}D:\programme\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\programme\videolan\vlc\vlc.exe | "TCP Query User{FC29BD30-E099-41EC-BB6A-01E244F06138}D:\spiele\age of empire\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\age of empire\age2_x1\age2_x1.exe | "UDP Query User{09ACD078-B95C-4F51-AEF0-22ED96D9D720}D:\spiele\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\eadm\core.exe | "UDP Query User{0B498C55-9A54-4350-A1D8-7CBAA0B5AE4F}D:\spiele\fifa11demo\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa11demo\game\fifa.exe | "UDP Query User{0FFE840C-B4B3-4D9F-B6EE-E3C97898137B}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{12C93066-717E-479C-88FB-32BCB07A4B1B}D:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | "UDP Query User{231A1445-F4DA-4B60-BAC1-CFF47086D176}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{25FEE4AE-A2F5-462D-B9FE-B26FAA23B4EA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{2902BD0A-CF33-496C-90E0-DFDD725301F2}D:\spiele\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age2_x1\age2_x1.exe | "UDP Query User{29114D07-5B1F-48EA-A027-24A43DE2C9C8}D:\spiele\achtung\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=d:\spiele\achtung\ipcurve\ipcurve.exe | "UDP Query User{2FA5100B-D9E1-4BE7-ADD7-8AA5EFA924E9}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{311C0D63-AC30-4B4C-9D29-25BC5A78A143}D:\spiele\2k sports\nba 2k10\nba2k10.exe" = protocol=17 | dir=in | app=d:\spiele\2k sports\nba 2k10\nba2k10.exe | "UDP Query User{41ED3467-3071-40D3-8A69-EC968FD80CF9}D:\spiele\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age2_x1\age2_x1.exe | "UDP Query User{422C3CB7-F8D2-4122-AF11-4A93F3FA3BD5}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{5194DDAF-2CBA-4600-A20F-A71364888C07}D:\spiele\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age2_x1.exe | "UDP Query User{5E443A55-7FAD-4BA8-A016-2CAB3D3E1AC4}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{6D71EA94-B172-4570-B886-1784184A0A27}D:\spiele\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\spiele\electronic arts\eadm\core.exe | "UDP Query User{71FB9B1C-CAD0-4018-9C42-00E60E08C467}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{784E546A-159E-499C-B168-CDEA633AAB33}D:\spiele\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\spiele\runes of magic\client.exe | "UDP Query User{7DF1B520-2282-4483-BB9F-459A87D8F0D7}C:\users\olé\downloads\fogdownloader-rom_3_0_1_2153.exe" = protocol=17 | dir=in | app=c:\users\olé\downloads\fogdownloader-rom_3_0_1_2153.exe | "UDP Query User{810B2C2A-6857-4771-8402-B92EF40B6A7F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{87BDEF32-B54A-4B30-97F6-944D7347964B}D:\programme\downloads\progs&\darts\dartpro\dartpro.exe" = protocol=17 | dir=in | app=d:\programme\downloads\progs&\darts\dartpro\dartpro.exe | "UDP Query User{960E80FD-CEDB-4F8E-9FC3-81FABB9E5A5F}D:\spiele\fifa11\game\fifa.exe" = protocol=17 | dir=in | app=d:\spiele\fifa11\game\fifa.exe | "UDP Query User{98CF3D38-2EDD-402C-B242-D9085E75F859}D:\programme\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\programme\videolan\vlc\vlc.exe | "UDP Query User{9CB8D3F4-DCB9-4ABA-9B57-444578F6377F}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe | "UDP Query User{AB4D73D6-AE1A-4ADE-9704-FB0397BF5B58}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{AD4DF4D0-EC11-4686-9410-D3316149F2C8}D:\spiele\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\spiele\ubisoft\related designs\anno 1404\tools\anno4web.exe | "UDP Query User{AE66D770-24B2-495C-A7CA-8265772B3C2A}D:\spiele\age of empires\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires\age2_x1\age2_x1.exe | "UDP Query User{C24BEBE9-20EE-4437-A2F9-D6C2A35F8086}C:\programdata\7195b\lp801.exe" = protocol=17 | dir=in | app=c:\programdata\7195b\lp801.exe | "UDP Query User{D4B1D020-01FE-4BC4-84FC-047657540C89}D:\spiele\manager 11\manager11.exe" = protocol=17 | dir=in | app=d:\spiele\manager 11\manager11.exe | "UDP Query User{DBEDDA9B-6EA5-4D24-9308-B41EBF3A0B53}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{DEFE12DE-9F15-4F37-98C5-20C3B76806E0}D:\spiele\age of empire\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age of empire\age2_x1\age2_x1.exe | "UDP Query User{E7B8EA8C-40E8-4BBD-9811-C7A75870A168}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{ECBCC496-91F2-4E25-ACA4-D6B4F51CF730}D:\spiele\age of empires\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\age of empires\age2_x1\age2_x1.exe | "UDP Query User{FA597EE8-4FD8-4AF8-A8E4-1877516C2573}D:\spiele\valve\hl.exe" = protocol=17 | dir=in | app=d:\spiele\valve\hl.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 "{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17 "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C630BB8-692D-4495-A0BD-40336CD51F99}" = ICM Trainer Light "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.0 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B4C4FE8A-96B2-4321-BEEB-AF1D8CB9F418}" = Magic Total Video Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate*DiscWizard "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.42 "Achtung, die Kurve!" = Achtung, die Kurve! "adidas miCoach Manager_is1" = miCoach Manager "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Browser Defender_is1" = Browser Defender 2.0.6.15 "CdCoverCreator" = CdCoverCreator 2.5.3 "Diablo III" = Diablo III "Digital Video Repair_is1" = Digital Video Repair 2.2.0.1 "divx650vfw_is1" = DivX Pro 6.8.0 VFW "DVD Shrink_is1" = DVD Shrink 3.2 "EA Installer.-1902858451" = EA Installer "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Audio Dub_is1" = Free Audio Dub version 1.6 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9 "FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11 "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "Google Updater" = Google Updater "Guitar Explorer 1.0" = Guitar Explorer 1.0 "ImgBurn" = ImgBurn "InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "PartyPoker" = PartyPoker "Picasa 3" = Picasa 3 "PokerStars" = PokerStars "Red Alert" = Red Alert Windows 95 "SopCast" = SopCast 3.2.9 "Spyware Doctor" = Spyware Doctor 7.0 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "Winload Toolbar" = Winload Toolbar "Zatacka_is1" = Zatacka 0.1.7 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome "Tropico 4" = Tropico 4 1.00 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.11.2011 06:57:07 | Computer Name = OLé-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 01.11.2011 06:57:07 | Computer Name = OLé-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 01.11.2011 08:09:57 | Computer Name = OLé-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\OLé\AppData\Local\Temp\pccompanion\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.11.2011 09:02:56 | Computer Name = OLé-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 02.11.2011 09:02:56 | Computer Name = OLé-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 02.11.2011 10:19:32 | Computer Name = OLé-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\OLé\AppData\Local\Temp\pccompanion\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 03.11.2011 09:21:40 | Computer Name = OLé-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.11.2011 09:21:40 | Computer Name = OLé-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.11.2011 14:18:57 | Computer Name = OLé-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.11.2011 14:18:57 | Computer Name = OLé-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ OSession Events ] Error - 28.01.2012 10:22:20 | Computer Name = OLé-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6403 seconds with 3900 seconds of active time. This session ended with a crash. [ System Events ] Error - 29.06.2012 18:34:22 | Computer Name = OLé-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 29.06.2012 18:34:22 | Computer Name = OLé-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 29.06.2012 19:56:56 | Computer Name = OLé-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 29.06.2012 19:56:56 | Computer Name = OLé-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.06.2012 19:57:11 | Computer Name = OLé-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 29.06.2012 19:57:17 | Computer Name = OLé-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd Error - 30.06.2012 04:51:50 | Computer Name = OLé-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 30.06.2012 04:51:50 | Computer Name = OLé-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 30.06.2012 04:51:56 | Computer Name = OLé-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = Fehler beim Lesen der Datei für lokale Hosts. Error - 30.06.2012 04:52:04 | Computer Name = OLé-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: sptd < End of report > [/log] [log]defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:57 on 30/06/2012 (OL�) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCUAEMON Tools Lite -> Removed Checking for services/drivers... SPTD -> Disabled -=E.O.F=- [/log] [log] GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-30 11:34:21 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-a WDC_WD5000AAKS-00A7B2 rev.01.03B01 Running: 240f9985.exe; Driver: C:\Users\OL4BAC~1\AppData\Local\Temp\uwldapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x88FBACDE] SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x88FBAED0] SSDT 805B0C0C ZwCreateThread SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x88FBB0D8] SSDT 805B0BF8 ZwOpenProcess SSDT 805B0BFD ZwOpenThread SSDT 805B0C07 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E7A589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E9F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 32C 82EA693C 8 Bytes [DE, AC, FB, 88, D0, AE, FB, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 34C 82EA695C 4 Bytes [0C, 0C, 5B, 80] .text ntkrnlpa.exe!RtlSidHashLookup + 364 82EA6974 4 Bytes [D8, B0, FB, 88] .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82EA6AF8 4 Bytes [F8, 0B, 5B, 80] {CLC ; OR EBX, [EBX-0x80]} .text ntkrnlpa.exe!RtlSidHashLookup + 508 82EA6B18 4 Bytes [FD, 0B, 5B, 80] {STD ; OR EBX, [EBX-0x80]} .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC2D000, 0x2D5378, 0xE8000020] .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x98576300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x985B9300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!CreateDialogParamW 75BF9BFF 5 Bytes JMP 04FA38AB C:\Program Files\Winload\tbWinl.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!CreateWindowExW 75C00E51 5 Bytes JMP 65E48197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!DialogBoxIndirectParamW 75C24AA7 5 Bytes JMP 65F6FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!DialogBoxParamW 75C2564A 5 Bytes JMP 04FA3A7B C:\Program Files\Winload\tbWinl.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!DialogBoxParamA 75C3CF6A 5 Bytes JMP 65F6FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!DialogBoxIndirectParamA 75C3D29C 5 Bytes JMP 65F6FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!MessageBoxIndirectA 75C4E8C9 5 Bytes JMP 65F6FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!MessageBoxIndirectW 75C4E9C3 5 Bytes JMP 65F6FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!MessageBoxExA 75C4EA29 5 Bytes JMP 65F6FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2860] USER32.dll!MessageBoxExW 75C4EA4D 5 Bytes JMP 65F6FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CreateDialogParamW 75BF9BFF 5 Bytes JMP 100D38AB C:\Program Files\Winload\tbWinl.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!UnhookWindowsHookEx 75BFCC7B 5 Bytes JMP 65E583A2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CallNextHookEx 75BFCC8F 5 Bytes JMP 65E39D94 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!CreateWindowExW 75C00E51 5 Bytes JMP 65E48197 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!SetWindowsHookExW 75C0210A 5 Bytes JMP 65DF463B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxIndirectParamW 75C24AA7 5 Bytes JMP 65F6FED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxParamW 75C2564A 5 Bytes JMP 100D3A7B C:\Program Files\Winload\tbWinl.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxParamA 75C3CF6A 5 Bytes JMP 65F6FE75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!DialogBoxIndirectParamA 75C3D29C 5 Bytes JMP 65F6FF3B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxIndirectA 75C4E8C9 5 Bytes JMP 65F6FE0A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxIndirectW 75C4E9C3 5 Bytes JMP 65F6FD9F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxExA 75C4EA29 5 Bytes JMP 65F6FD3D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] USER32.dll!MessageBoxExW 75C4EA4D 5 Bytes JMP 65F6FCDB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] ole32.dll!OleLoadFromStream 75A95BF6 5 Bytes JMP 65F7022B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3868] ole32.dll!CoCreateInstance 75AE590C 5 Bytes JMP 65E48C85 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x87 0xCE 0xBA 0x8E ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE9 0x13 0xB4 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x1C 0x56 0x10 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x87 0xCE 0xBA 0x8E ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE9 0x13 0xB4 0x12 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD9 0x1C 0x56 0x10 ... ---- EOF - GMER 1.0.15 ----[/log] |
30.06.2012, 12:42 | #2 |
/// Malware-holic | Bundespolizeivirus aber Dateien nicht verschlüsselt hi
__________________das dein pc infiziert ist, ist kein wunder, fehlen doch viele updates. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.06.30 00:20:10 | 000,001,917 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk :Files :Commands [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
30.06.2012, 20:08 | #3 |
| Bundespolizeivirus aber Dateien nicht verschlüsselt Danke markus für die schnelle antwort. Das aktualisieren hatte ich anscheinend mal ausgestellt und nicht mehr beachtet.
__________________Der Bundespolizeibildschirm kommt weiterhin kurz wenn ich den Browser öffne. Ich hab jetzt noch nicht aktualisiert weil ich dachte das könnte vielleicht den scan jetzt verändern. Ich hab die Datei hochgeladen. Ich hab keine Ahnung wie das hier funktioniert. Kannst du darauf jetzt zugreifen oder muss ich dir noch den Link geben? Ach und hier noch die desktop.inis die auf meinem Desktop erschienen sind, falls du die textdokumente meinst (es sind 2 mit gleichem namen): [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799 Geändert von Mabba1 (30.06.2012 um 20:18 Uhr) |
30.06.2012, 21:41 | #4 |
/// Malware-holic | Bundespolizeivirus aber Dateien nicht verschlüsselt deaktiviere alle programme, auch internet fenster schließen. navigiere mal zu C:\Users\name\AppData\Local\Temp rechtsklick, mit winrar oder zip packen und dann mal über rechtsklick eigenschaften gucken wie groß das neue archiv ist hi für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache bitte ebenfalls packen und im upload channel hochladen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
01.07.2012, 08:49 | #5 |
| Bundespolizeivirus aber Dateien nicht verschlüsselt Das Zippen von Temp hatte mittendrin einen Fehler da die ~DF... Dateien von einem anderen Programm verwendet werden. Ich kann des Taskmanager ja nur kurz (für 1 sek) öffnen und da hab ich kein anderes gesehen. Auf jeden fall wäre das gezippte so um die 15 GB groß. Bei der Cache weiß ich nicht genau ob die jetzt hochgeladen wurde oder nicht, musst du mal gucken. Kann das sein das die zu groß ist? (25MB) Und kann ich das Windowsupdate machen oder soll ich noch warten? Geändert von Mabba1 (01.07.2012 um 09:02 Uhr) |
01.07.2012, 11:48 | #6 |
/// Malware-holic | Bundespolizeivirus aber Dateien nicht verschlüsselt hi dann poste noch mal ein neues otl log.
__________________ --> Bundespolizeivirus aber Dateien nicht verschlüsselt |
01.07.2012, 14:06 | #7 |
| Bundespolizeivirus aber Dateien nicht verschlüsselt Wenn du die extra.txt datei noch brauchst sag bescheid OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.07.2012 14:33:49 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\OLé\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,04% Memory free 4,00 Gb Paging File | 2,83 Gb Available in Paging File | 70,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 8,00 Gb Free Space | 4,10% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 13,24 Gb Free Space | 13,56% Space Free | Partition Type: NTFS Drive H: | 172,79 Gb Total Space | 22,94 Gb Free Space | 13,28% Space Free | Partition Type: NTFS Drive I: | 74,53 Gb Total Space | 40,59 Gb Free Space | 54,47% Space Free | Partition Type: NTFS Computer Name: OLÉ-PC | User Name: OLé | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.24 04:50:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\OLé\Desktop\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\OLé\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.24 01:16:48 | 003,878,896 | ---- | M] (adidas) -- D:\Programme\miCoach Manager\SyncManager.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.24 07:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- D:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009.11.10 20:43:58 | 000,906,912 | ---- | M] (Acronis) -- C:\Programme\Seagate\DiscWizard\TimounterMonitor.exe PRC - [2009.11.10 20:36:22 | 000,136,544 | ---- | M] (Seagate) -- C:\Programme\Common Files\Seagate\Schedule2\schedhlp.exe PRC - [2009.11.10 20:36:04 | 000,431,456 | ---- | M] (Seagate) -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe PRC - [2009.11.10 20:30:14 | 001,352,480 | ---- | M] (Seagate) -- C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe PRC - [2009.08.18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe ========== Modules (No Company Name) ========== MOD - [2012.06.30 00:20:09 | 000,215,200 | ---- | M] () -- C:\Users\OL4BAC~1\AppData\Local\Temp\0_0u_l.exe MOD - [2012.01.20 17:02:00 | 006,885,376 | ---- | M] () -- D:\Programme\miCoach Manager\QtGui4.dll MOD - [2012.01.20 17:02:00 | 002,113,536 | ---- | M] () -- D:\Programme\miCoach Manager\QtCore4.dll MOD - [2012.01.20 17:02:00 | 001,163,264 | ---- | M] () -- D:\Programme\miCoach Manager\QtScript4.dll MOD - [2011.04.14 19:05:56 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ebdaeaeb9f66c9035b5f11431f10cda4\mscorlib.ni.dll MOD - [2009.11.10 18:39:32 | 001,332,576 | ---- | M] () -- C:\Programme\Seagate\DiscWizard\fox.dll MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.11.01 20:49:22 | 000,984,064 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\foxydeal\IE\libxml2.dll MOD - [2006.05.14 06:23:40 | 000,138,752 | ---- | M] () -- C:\Programme\7-Zip\7-zip.dll MOD - [2005.08.06 17:15:16 | 000,073,728 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\foxydeal\IE\zlib1.dll MOD - [2004.10.11 20:51:40 | 000,223,232 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\foxydeal\IE\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - File not found [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpPortSharing) SRV - File not found [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetTcpActivator) SRV - File not found [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetPipeActivator) SRV - File not found [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe -- (NetMsmqActivator) SRV - [2012.06.24 01:56:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.11 20:52:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.11.10 20:36:04 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Programme\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc) SRV - [2009.11.06 15:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009.10.30 12:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009.08.18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.11.14 16:23:22 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.11.14 16:23:22 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010.11.14 16:23:16 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010.11.14 16:23:12 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2010.10.24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.10.24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.02.28 14:47:58 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.02.28 14:47:57 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.11.09 12:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore) DRV - [2009.08.18 04:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.21 10:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 10:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008.10.21 10:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008.10.21 10:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008.10.21 10:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008.10.21 10:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2005.02.11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 AD 72 F4 7C 90 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {58EA6C21-597C-4B53-9330-79656EF73679} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://findgala.com/?&uid=241&q={searchTerms} IE - HKCU\..\SearchScopes\{58EA6C21-597C-4B53-9330-79656EF73679}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OLé\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OLé\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.06 21:16:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.06 21:16:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\OLé\AppData\Roaming\01048 [2012.06.19 21:05:59 | 000,000,000 | ---D | M] [2010.01.09 15:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLé\AppData\Roaming\mozilla\Extensions [2010.01.08 20:53:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\OLé\AppData\Roaming\mozilla\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.08 20:53:08 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\OLé\AppData\Roaming\mozilla\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.11.16 12:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions [2010.01.09 14:56:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.13 13:19:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.01.09 14:56:17 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.05.01 01:55:40 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\mdo4pgcw.default\extensions\sparweltgutscheinewl@sparwelt.de [2012.06.30 21:06:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions [2010.01.12 20:45:31 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} [2010.06.13 13:19:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.23 18:59:07 | 000,000,000 | ---D | M] (Download YouTube Videos as MP4 and FLV) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060} [2010.01.12 20:39:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.01.12 20:52:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\elemhidehelper@adblockplus.org [2012.05.11 12:41:08 | 000,000,000 | ---D | M] (printpdf) -- C:\Users\OLé\AppData\Roaming\mozilla\Firefox\Profiles\vurgxmx0.default\extensions\printpdf@pavlov.net [2010.05.12 23:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.12 23:48:23 | 000,000,000 | ---D | M] (foxydeal) -- C:\Programme\Mozilla Firefox\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\OLE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Z8UC00CK.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\OLE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Z8UC00CK.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8} [2010.01.08 20:10:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\OL\u00E9\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\OL\u00E9\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\OL\u00E9\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\OL\u00E9\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\OL\u00E9\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: DivX Web Player (Enabled) = D:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - Extension: YouTube = C:\Users\OLé\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\OLé\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\OLé\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ Hosts file not found O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (foxy) - {DAEB27B6-FFA6-417F-B060-C5413E6269AA} - C:\Users\OLé\AppData\Roaming\foxydeal\IE\foxyDeal.dll (foxyDeal.com) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Seagate\DiscWizard\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Programme\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate) O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [miCoach Manager] D:\Programme\miCoach Manager\SyncManager.exe (adidas) O4 - Startup: C:\Users\OLé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\OLé\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\OLé\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\OLé\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\OLé\Desktop\PartyPoker.lnk () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{283AFF35-E0C1-4408-836C-6D2B5D794587}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6f1065a1-fd09-11de-971a-001fd0946a7a}\Shell - "" = AutoRun O33 - MountPoints2\{6f1065a1-fd09-11de-971a-001fd0946a7a}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{7ecb3608-0840-11df-89a1-001fd0946a7a}\Shell - "" = AutoRun O33 - MountPoints2\{7ecb3608-0840-11df-89a1-001fd0946a7a}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.30 20:52:46 | 000,000,000 | ---D | C] -- C:\_OTL [2012.06.30 10:58:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\OLé\Desktop\OTL.exe [2012.06.30 00:31:19 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\Malwarebytes [2012.06.30 00:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.30 00:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.30 00:31:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.30 00:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.24 21:31:47 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Local\Macromedia [2012.06.19 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01048 [2012.06.19 18:39:34 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01047 [2012.06.19 07:30:21 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01046 [2012.06.16 19:08:36 | 000,000,000 | ---D | C] -- C:\Users\OLé\Desktop\Scheisse [2012.06.15 19:09:30 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01044 [2012.06.14 23:44:23 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01043 [2012.06.12 17:36:32 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01041 [2012.06.08 16:43:08 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\01040 [2012.06.08 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\xmldm [2012.06.08 15:46:21 | 000,000,000 | ---D | C] -- C:\Users\OLé\AppData\Roaming\kock [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\OLé\AppData\Roaming\*.tmp files -> C:\Users\OLé\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.01 14:37:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.01 13:57:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.07.01 13:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.01 13:53:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13293605-3485637756-3169363537-1000UA.job [2012.07.01 10:01:32 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.01 09:54:50 | 000,002,385 | ---- | M] () -- C:\Users\OLé\Desktop\Google Chrome.lnk [2012.07.01 09:45:54 | 024,046,760 | ---- | M] () -- C:\Users\OLé\Desktop\cache.zip [2012.07.01 09:22:40 | 1666,549,913 | ---- | M] () -- C:\Users\OLé\AppData\Local\Temp.zip [2012.07.01 08:46:29 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 08:46:29 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 08:43:22 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.01 08:41:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.01 08:41:04 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.06.30 20:52:46 | 000,001,917 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.30 19:53:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13293605-3485637756-3169363537-1000Core.job [2012.06.30 11:21:32 | 000,302,592 | ---- | M] () -- C:\Users\OLé\Desktop\240f9985.exe [2012.06.30 00:33:23 | 000,709,162 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.30 00:33:23 | 000,662,758 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.30 00:33:23 | 000,153,548 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.30 00:33:23 | 000,125,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.30 00:31:14 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 04:50:42 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\OLé\Desktop\OTL.exe [2012.06.19 18:08:03 | 000,000,048 | ---- | M] () -- C:\Users\OLé\AppData\Roaming\blckdom.res [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\OLé\AppData\Roaming\*.tmp files -> C:\Users\OLé\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.01 09:59:23 | 024,046,760 | ---- | C] () -- C:\Users\OLé\Desktop\cache.zip [2012.07.01 08:46:47 | 1666,549,913 | ---- | C] () -- C:\Users\OLé\AppData\Local\Temp.zip [2012.06.30 11:22:20 | 000,302,592 | ---- | C] () -- C:\Users\OLé\Desktop\240f9985.exe [2012.06.30 10:57:05 | 000,050,477 | ---- | C] () -- C:\Users\OLé\Desktop\Defogger.exe [2012.06.30 00:31:14 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.30 00:20:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.06.30 00:20:10 | 000,001,917 | ---- | C] () -- C:\Users\OLé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.08 15:46:40 | 000,000,048 | ---- | C] () -- C:\Users\OLé\AppData\Roaming\blckdom.res [2010.02.10 14:46:55 | 000,000,091 | ---- | C] () -- C:\Users\OLé\AppData\Local\fusioncache.dat ========== LOP Check ========== [2012.06.08 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01040 [2012.06.12 17:36:32 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01041 [2012.06.14 23:44:23 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01043 [2012.06.15 19:09:30 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01044 [2012.06.19 07:30:21 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01046 [2012.06.19 18:39:34 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01047 [2012.06.19 21:05:59 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\01048 [2010.03.18 18:16:19 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Ashampoo [2010.03.29 18:46:58 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Canneverbe Limited [2010.01.09 12:29:33 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\DAEMON Tools Lite [2012.07.01 09:53:23 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Dropbox [2010.06.13 13:19:16 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\DVDVideoSoftIEHelpers [2010.08.23 15:45:48 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\FOG Downloader [2010.05.12 23:48:23 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\foxydeal [2010.12.23 18:50:08 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\GetRightToGo [2012.03.11 15:19:05 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Guitar Pro 6 [2010.06.07 16:52:18 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\ImgBurn [2011.09.30 19:55:34 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Kalypso Media [2012.06.08 15:46:21 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\kock [2011.01.23 17:31:15 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Leadertech [2011.10.03 20:10:24 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\PeaZip [2010.11.16 12:08:55 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\RayV [2010.01.23 21:58:16 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Sony [2010.01.23 21:55:02 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Sony Setup [2011.03.10 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\The Creative Assembly [2012.03.10 13:49:06 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Tropico 4 [2012.05.15 21:29:40 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\TS3Client [2010.02.28 14:57:33 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\Ubisoft [2010.05.01 01:53:33 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\widestream [2012.06.08 15:46:22 | 000,000,000 | ---D | M] -- C:\Users\OLé\AppData\Roaming\xmldm [2012.05.22 19:14:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
02.07.2012, 13:47 | #8 | |
/// Malware-holic | Bundespolizeivirus aber Dateien nicht verschlüsseltCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.07.2012, 17:00 | #9 |
| Bundespolizeivirus aber Dateien nicht verschlüsselt so hier ist das logfile Combofix Logfile: Code:
ATTFilter ComboFix 12-07-02.01 - OLé 02.07.2012 17:39:25.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2046.1298 [GMT 2:00] ausgeführt von:: c:\users\OLÚ\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Images c:\users\OLé\AppData\Roaming\AcroIEHelpe.txt c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\FW.dll c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\PE.exe c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\sld.dll c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll c:\users\OLé\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-02 bis 2012-07-02 )))))))))))))))))))))))))))))) . . 2012-07-02 15:48 . 2012-07-02 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-02 15:15 . 2012-07-02 15:15 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58BE5367-3A7A-445A-B71C-02A058EEF1A1}\MpKsl5297e474.sys 2012-07-02 15:11 . 2012-07-02 15:11 43480 ----a-w- c:\windows\system32\drivers\qbgevqsi.sys 2012-07-02 15:11 . 2012-07-02 15:11 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58BE5367-3A7A-445A-B71C-02A058EEF1A1}\offreg.dll 2012-07-02 15:09 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58BE5367-3A7A-445A-B71C-02A058EEF1A1}\mpengine.dll 2012-06-30 18:52 . 2012-06-30 18:55 -------- d-----w- C:\_OTL 2012-06-29 22:31 . 2012-06-29 22:31 -------- d-----w- c:\users\OLé\AppData\Roaming\Malwarebytes 2012-06-29 22:31 . 2012-06-29 22:31 -------- d-----w- c:\programdata\Malwarebytes 2012-06-29 22:31 . 2012-06-29 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-29 22:31 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-24 19:31 . 2012-06-24 19:31 -------- d-----w- c:\users\OLé\AppData\Local\Macromedia 2012-06-22 23:07 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 23:07 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 23:07 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 23:07 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 23:07 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-22 23:07 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 23:07 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 23:07 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 23:07 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 19:05 . 2012-06-19 19:05 -------- d-----w- c:\users\OLé\AppData\Roaming\01048 2012-06-19 16:39 . 2012-06-19 16:39 -------- d-----w- c:\users\OLé\AppData\Roaming\01047 2012-06-19 05:30 . 2012-06-19 05:30 -------- d-----w- c:\users\OLé\AppData\Roaming\01046 2012-06-15 17:09 . 2012-06-15 17:09 -------- d-----w- c:\users\OLé\AppData\Roaming\01044 2012-06-14 21:44 . 2012-06-14 21:44 -------- d-----w- c:\users\OLé\AppData\Roaming\01043 2012-06-12 20:13 . 2012-02-10 09:58 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39D0CFF5-6118-47DD-A022-34FF9DB41BD6}\gapaengine.dll 2012-06-12 15:36 . 2012-06-12 15:36 -------- d-----w- c:\users\OLé\AppData\Roaming\01041 2012-06-08 14:43 . 2012-06-08 14:43 -------- d-----w- c:\users\OLé\AppData\Roaming\01040 2012-06-08 13:46 . 2012-06-08 13:46 264 ----a-w- c:\users\OLé\AppData\Roaming\srvblck5.tmp 2012-06-08 13:46 . 2012-06-08 13:46 -------- d-----w- c:\users\OLé\AppData\Roaming\xmldm 2012-06-08 13:46 . 2012-06-08 13:46 -------- d-----w- c:\users\OLé\AppData\Roaming\kock . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 23:56 . 2012-04-02 11:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 23:56 . 2011-09-12 19:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-08 13:46 . 2012-06-08 13:46 264 ----a-w- c:\users\OLé\AppData\Roaming\srvblck5.tmp 2012-06-08 13:46 . 2012-06-08 13:46 264 ----a-w- c:\users\OLé\AppData\Roaming\srvblck5.tmp 2012-05-31 03:41 . 2010-01-11 21:15 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\system32\GPhotos.scr . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224] . [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}] 2010-03-17 13:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224] . [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224] . [HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\OLé\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\OLé\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\OLé\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "miCoach Manager"="d:\programme\miCoach Manager\SyncManager.exe" [2012-01-23 3878896] "DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-08 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-06-15 141624] "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-11-10 1352480] "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-11-10 906912] "Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-11-10 136544] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\OLé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\OLé\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] 2009-08-20 12:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R1 qbgevqsi;qbgevqsi;c:\windows\system32\drivers\qbgevqsi.sys [x] R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x] R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x] R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x] R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x] R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x] R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x] R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x] R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x] S1 MpKsl5297e474;MpKsl5297e474;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58BE5367-3A7A-445A-B71C-02A058EEF1A1}\MpKsl5297e474.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MPKSL5297E474 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners . 2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:56] . 2012-07-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-13 06:14] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 13:32] . 2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-06 13:32] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube to Mp3 Converter - c:\users\OLé\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\OLé\AppData\Roaming\Mozilla\Firefox\Profiles\vurgxmx0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - www.google.de FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: foxydeal: {F58A62EB-38DC-43C4-A539-DC52E135208D} - c:\programme\Mozilla Firefox\extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} FF - Ext: Adblock Plus: Element Hiding Helper: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org FF - Ext: Firefox Showcase: {89506680-e3f4-484c-a2c0-ed711d481eda} - %profile%\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Download YouTube Videos as MP4 and FLV: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060} - %profile%\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060} FF - Ext: printpdf: printpdf@pavlov.net - %profile%\extensions\printpdf@pavlov.net FF - Ext: JavaLink Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\users\OLé\AppData\Roaming\01048 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-EA Core - d:\spiele\Electronic Arts\EADM\Core.exe MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe AddRemove-Achtung, die Kurve! - c:\program files\Achtung . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'lsass.exe'(692) c:\windows\system32\relog_ap.DLL . Zeit der Fertigstellung: 2012-07-02 17:49:59 ComboFix-quarantined-files.txt 2012-07-02 15:49 . Vor Suchlauf: 4.662.636.544 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 20.772.384.768 Bytes frei . - - End Of File - - A46FAA1788195C1EA224A7950C148EA9 |
02.07.2012, 21:35 | #10 |
/// Malware-holic | Bundespolizeivirus aber Dateien nicht verschlüsselt hi nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie berufliches?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.07.2012, 06:37 | #11 |
| Bundespolizeivirus aber Dateien nicht verschlüsselt ja sehr selten für online Banking ansonsten vor allem auch für das Studium aber die Dateien sind in Dropbox abgesichert |
03.07.2012, 10:57 | #12 |
/// Malware-holic | Bundespolizeivirus aber Dateien nicht verschlüsselt droppbox ist nicht unbedingt sicher, wichtige dateien würd ich dort niemals hinterlegen wenn sie nicht passwort geschützt sind. bitte rufe deine bank an, lasse onlinebanking wegen trojan.banker sperren. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.07.2012, 15:31 | #13 |
| Bundespolizeivirus aber Dateien nicht verschlüsselt Okay vielen Dank erstmal. Ich bin momentan ziemlich im Klausurstress werde also erst in 2 Wochen dazu kommen. Ich werde den Pc allerdings nicht mehr für wichtige Dinge benutzen. Die Dateien in Dropbox haben bei mir nur persönlichen Wert, es sind halt meine Zusammenschriften in der Uni und um zwischen Laptop und Pc hin- under her zu transferieren ist das Programm super. Ist eigentlich die Gefahr das wenn ich Dateien dieses Windows auf meinem Mac geöffnet habe, dass ich den Virus dort auch habe? Ich habe echt keine Ahnung wie Viren funktionieren.. |
04.07.2012, 13:19 | #14 |
/// Malware-holic | Bundespolizeivirus aber Dateien nicht verschlüsselt hi die gefahr besteht nicht. meld dich dann wenn du soweit bist, falls ichs übersehe, gern per privater nachicht
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Bundespolizeivirus aber Dateien nicht verschlüsselt |
7-zip, adblock, alternate, antivir, autorun, avira, battle.net, bildschirm, bonjour, browser, cdburnerxp, computer, conduit, converter, dateisystem, flash player, format, foxydeal, gmx.de, google earth, grand theft auto, heuristiks/extra, heuristiks/shuriken, install.exe, internet, jdownloader, langs, launch, locker, microsoft office word, mp3, office 2007, plug-in, pup.adware.relevantknowledge, pup.spyware.marketscore, registry, security, software, super, taskmanager, teamspeak, version=1.0, winload toolbar |