Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 06.07.2012, 21:02   #1
selinia86
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Hallo zusammen,

auch ich habe mir den berüchtigten BKA-Trojaner eingefangen.
Ich benutze Win 7 64bit Professional Edition.
Nachdem heute morgen eines der beiden Windows-Userprofile nicht mehr funktioniert hat (es wurde besagte Meldung des Bundeskriminalamtes angezeigt), wurde der Computer vorerst ausgeschaltet und alles incl. Internetzugang vorsichtshalber vom Stromnetz genommen.
Das zweite Userprofil funktionierte übrigens völlig normal.
Nachdem der PC erst abends wieder eingeschaltet wurde, kam die Meldung dass Windows nicht richtig funktioniert und nicht gestartet werden kann.
Daraufhin wurde eine Systemwiederherstellung durchgeführt.
Danach startete der PC (und das o.g. nicht funktionierende Userprofil) wieder komplett normal.
Habe erstmal Malwarebytes und anschließend den ESET Online Scanner gestartet.
Ein Scan mit OTL.exe war leider nicht möglich, da dieser immer wieder bei der folgenden Meldung hängenbleibt: Scanning service: XS Stick service..

Nachfolgend also die bereits erstellten Log-files:

Malwarebyte
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.06.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Peter :: ARBEITSPLATZ [administrator]

Protection: Enabled

06.07.2012 18:23:27
mbam-log-2012-07-06 (18-23-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 456386
Time elapsed: 46 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$Recycle.Bin\S-1-5-21-1615810410-456935748-570712834-1000\$RO2XQAC.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1615810410-456935748-570712834-1000\$RUODIO4.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\Andrea\AppData\Local\Temp\_ir_sf_temp_0\flvinstaller.exe (PUP.BundleInstaller.IQ) -> Quarantined and deleted successfully.

(end)
         
ESET Online Scanner
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a80ca2f3596dd04290e2c5a9d36fb9d6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-06 06:50:28
# local_time=2012-07-06 08:50:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 17472119 17472119 0 0
# compatibility_mode=5893 16776573 100 94 4782 93226159 0 0
# compatibility_mode=8192 67108863 100 0 1103 1103 0 0
# scanned=217189
# found=0
# cleaned=0
# scan_time=4320
         
Welche weiteren Schritte muss ich nun unternehmen?
Vielen Dank für eure Hilfe schon mal im Voraus!

Gruß, Selinia

Alt 08.07.2012, 12:16   #2
selinia86
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Ich wollte einfach meinen Thread wieder nach oben holen.

Vielleicht kann sich ja jemand meinem Problem annehmen....
__________________


Alt 09.07.2012, 17:47   #3
markusg
/// Malware-holic
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



hi
1. es war wochenende.
2. guck dich mal um, wie viel hier los ist.
3. wenn du selbst auf deine themen antwortest denke wir, die sind in bearbeitung, also musst du im zweifel dann sogar noch länger auf antwort warten.
3. hast du otl mit einem script ausgeführt? versuche es bitte erneut ohne ein script
__________________
__________________

Alt 11.07.2012, 17:16   #4
selinia86
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Ja, ich habe gesehen, dass viel los ist... nur konnte ich nicht wissen, inwieweit Themen, welche schon auf Seite 4 gerutscht sind, noch beachtet werden...

Ich wollte damit also niemandem auf die Füße treten... Sorry

Was die Sache mit OTL.exe betrifft... ich verwende kein Script zum starten des Programms...
Ich habe das Programm lediglich wie beschrieben heruntergeladen und starte es unter Verwendung der Funktion "Als Administator ausführen".
Der Punkt an dem es immer hängt, ist dieses XS Stick Service Ding...
Ich habe schon versucht, diesen Dienst zu deaktivieren, aber trotzdem funktioniert es nicht.
Auch nicht, wenn der besagte Stick nicht aktiv ist.

Alt 02.08.2012, 05:37   #5
t'john
/// Helfer-Team
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)





Bitte OTL.exe neu runterladen und probieren!

__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 16:50   #6
selinia86
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Danke für die Hilfe...

Nun gings auch endlich. Hier die Logfiles von OTL.exe:

Code:
ATTFilter
OTL logfile created on: 02.08.2012 17:31:57 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Andrea\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 55,32% Memory free
8,00 Gb Paging File | 5,95 Gb Available in Paging File | 74,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 78,54 Gb Free Space | 52,36% Space Free | Partition Type: NTFS
Drive D: | 548,54 Gb Total Space | 478,81 Gb Free Space | 87,29% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSPLATZ | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andrea\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
PRC - C:\Program Files (x86)\[verify-U] AVS\[verify-U]-Software.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\[verify-U] AVS\[verify-U]-Software.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SamsungAllShareV2.0) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics Co., Ltd.)
SRV - (SimpleSlideShowServer) -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe (Samsung Electronics Co., Ltd.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - ([verify-U]) -- C:\Program Files (x86)\[verify-U] AVS\[verify-U]-Service.exe (Cybit AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (cmnsusbser) -- C:\Windows\SysNative\drivers\cmnsusbser.sys (Mobile Connector)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\drivers\ss_mdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bus) -- C:\Windows\SysNative\drivers\ss_bus.sys (MCCI Corporation)
DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\drivers\ss_mdfl.sys (MCCI Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPF_devolo) -- C:\Windows\SysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - ([verify-U]_System) -- C:\Windows\SysWOW64\drivers\[verify-U]-driver.sys (Cybits AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 37 8B DC 9D 66 CD 01  [binary data]
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, .anime-loads.org"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files (x86)\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.13 20:41:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 21:41:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.08 14:28:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 21:41:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.08 14:28:50 | 000,000,000 | ---D | M]
 
[2010.03.19 14:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions
[2012.07.26 19:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\o28clbup.default\extensions
[2012.05.17 20:06:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\o28clbup.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.20 00:38:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\o28clbup.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.26 20:45:14 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\o28clbup.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.04.21 14:11:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\o28clbup.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.02.15 21:04:57 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\o28clbup.default\extensions\ffxtlbra@softonic.com
[2011.03.13 12:16:05 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\o28clbup.default\extensions\personas@christopher.beard
[2010.03.19 15:07:25 | 000,001,819 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\o28clbup.default\searchplugins\bing.xml
[2012.03.19 08:51:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.06 18:39:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.11 23:23:23 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O28CLBUP.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
[2012.01.21 23:30:28 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O28CLBUP.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.02.06 22:45:32 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O28CLBUP.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2012.07.18 21:41:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.19 14:57:48 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files (x86)\mozilla firefox\plugins\npracplug.dll
[2012.01.15 03:35:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.15 03:35:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.15 03:35:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.15 03:35:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.15 03:35:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.15 03:35:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - Extension: Skype Click to Call = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 <video> = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1615810410-456935748-570712834-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1615810410-456935748-570712834-1000..\Run: [EPSON S22 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\Windows\TEMP\E_S9972.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1615810410-456935748-570712834-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-1615810410-456935748-570712834-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1615810410-456935748-570712834-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F25013-FCBB-4B9C-9247-2FFC3EF1CA89}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A524CE2-48D0-4630-9837-262B5756475F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6324D2A-FAA9-4059-ABD9-57466B6DAE36}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.02 17:30:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2012.07.11 23:59:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.11 23:59:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.11 23:59:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.11 23:59:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.11 23:59:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.11 23:59:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.11 23:59:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.11 23:59:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.11 23:59:00 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.11 23:59:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.11 23:59:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.11 23:59:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 23:58:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 17:00:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 17:00:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 16:59:38 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 16:54:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 16:54:00 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.08 22:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012.07.08 14:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.08 14:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.08 14:28:50 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.07.08 14:28:50 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.07.08 14:28:43 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.08 14:28:43 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.08 14:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.07.08 13:34:48 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.07.08 13:34:48 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.07.08 13:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.07.06 19:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.06 08:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\crxklftdhpnikwz
[2010.10.12 17:37:18 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RngInterstitial.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.02 17:33:10 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 17:33:10 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.02 17:30:53 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2012.08.02 17:30:37 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.02 17:30:37 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.02 17:30:37 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.02 17:30:37 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.02 17:30:37 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.02 17:25:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.02 17:25:46 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2012.08.02 17:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.02 17:25:28 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.02 09:08:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.02 08:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.01 21:38:43 | 102,400,000 | ---- | M] () -- C:\Users\Andrea\Desktop\Epi110.part1.rar
[2012.07.31 18:13:50 | 000,038,382 | ---- | M] () -- C:\Users\Andrea\Desktop\o0640048012106432845.jpg
[2012.07.27 17:56:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.27 17:56:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.25 22:27:25 | 000,046,872 | ---- | M] () -- C:\Users\Andrea\Desktop\post2_img1.jpg
[2012.07.24 17:50:15 | 000,032,761 | ---- | M] () -- C:\Users\Andrea\Desktop\o0800045012095323630.jpg
[2012.07.24 17:49:19 | 000,033,478 | ---- | M] () -- C:\Users\Andrea\Desktop\o0480064012096644171.jpg
[2012.07.23 18:04:48 | 000,037,939 | ---- | M] () -- C:\Users\Andrea\Desktop\o0240032012094585077.jpg
[2012.07.20 23:05:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012.07.15 19:47:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 23:21:01 | 000,000,125 | ---- | M] () -- C:\Users\Andrea\Desktop\Kohlenhydrat- und Eiweißmengen berechnen.URL
[2012.07.12 09:27:53 | 000,434,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.08 22:36:54 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.07.08 14:28:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.07.08 14:28:28 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.07.07 00:54:27 | 000,021,504 | ---- | M] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.06 08:16:53 | 000,000,051 | ---- | M] () -- C:\ProgramData\ihbrmfmutdznwgn
[2012.07.04 19:17:56 | 001,707,366 | ---- | M] () -- C:\Users\Andrea\Desktop\VirtualDub-1.9.11.zip
 
========== Files Created - No Company Name ==========
 
[2012.08.01 20:39:49 | 102,400,000 | ---- | C] () -- C:\Users\Andrea\Desktop\Epi110.part1.rar
[2012.07.31 18:13:49 | 000,038,382 | ---- | C] () -- C:\Users\Andrea\Desktop\o0640048012106432845.jpg
[2012.07.25 22:27:23 | 000,046,872 | ---- | C] () -- C:\Users\Andrea\Desktop\post2_img1.jpg
[2012.07.24 17:50:14 | 000,032,761 | ---- | C] () -- C:\Users\Andrea\Desktop\o0800045012095323630.jpg
[2012.07.24 17:49:17 | 000,033,478 | ---- | C] () -- C:\Users\Andrea\Desktop\o0480064012096644171.jpg
[2012.07.23 18:04:47 | 000,037,939 | ---- | C] () -- C:\Users\Andrea\Desktop\o0240032012094585077.jpg
[2012.07.13 23:21:01 | 000,000,125 | ---- | C] () -- C:\Users\Andrea\Desktop\Kohlenhydrat- und Eiweißmengen berechnen.URL
[2012.07.08 22:36:54 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.07.08 22:36:54 | 000,001,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.07.06 08:16:44 | 000,000,051 | ---- | C] () -- C:\ProgramData\ihbrmfmutdznwgn
[2012.07.04 19:17:22 | 001,707,366 | ---- | C] () -- C:\Users\Andrea\Desktop\VirtualDub-1.9.11.zip
[2012.05.15 22:21:18 | 000,007,605 | ---- | C] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.25 08:31:51 | 000,000,000 | ---- | C] () -- C:\Users\Andrea\AppData\Local\{AD314364-F755-4FD4-A98E-AB63E6BF54E3}
[2011.02.18 23:38:03 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.04 11:51:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll
[2010.12.04 11:50:59 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll
[2010.06.01 21:14:12 | 000,021,504 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.21 23:15:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2010.12.11 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Amazon
[2012.02.25 18:31:56 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AnvSoft
[2012.07.08 16:06:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Applian FLV and Media Player
[2010.03.20 21:46:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Canneverbe Limited
[2011.09.02 19:04:41 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\DeskSoft
[2011.09.20 19:05:56 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\elsterformular
[2011.01.30 13:32:46 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\EPSON
[2010.03.19 14:58:33 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Foxit
[2011.11.06 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Imaxel
[2012.05.20 15:53:37 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\MAGIX
[2010.03.19 14:07:20 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\OpenOffice.org
[2011.04.24 20:02:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PC Suite
[2012.06.15 23:58:42 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PhotoScape
[2010.10.16 09:17:08 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PlayFirst
[2012.05.20 12:46:23 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Samsung
[2010.04.27 18:19:03 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ScummVM
[2010.03.20 21:47:43 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TeamViewer
[2012.01.08 12:57:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Ubisoft
[2010.03.19 15:03:11 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Win7codecs
[2011.12.21 19:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\XSManager
[2010.11.14 16:23:17 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Amazon
[2010.05.21 10:17:13 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Canneverbe Limited
[2011.11.05 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Crtnew
[2010.09.28 08:30:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DeskSoft
[2011.10.27 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Foxit Software
[2010.03.21 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2011.03.01 22:27:41 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PC Suite
[2011.04.26 08:05:06 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Samsung
[2010.08.07 09:33:17 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Temp
[2011.12.20 00:33:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\XSManager
[2012.07.20 23:05:00 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2012.06.04 22:00:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.07.20 23:47:15 | 008,306,938 | ---- | M] ()(C:\Users\Andrea\Desktop\??????????????????.mp3) -- C:\Users\Andrea\Desktop\【オリジナル曲】毒と罪と罰【弟の姉】.mp3
[2012.07.20 23:46:51 | 008,306,938 | ---- | C] ()(C:\Users\Andrea\Desktop\??????????????????.mp3) -- C:\Users\Andrea\Desktop\【オリジナル曲】毒と罪と罰【弟の姉】.mp3
[2012.06.13 23:46:11 | 000,011,761 | ---- | M] ()(C:\Users\Andrea\Documents\??????.docx) -- C:\Users\Andrea\Documents\おはよう大輔.docx
[2012.06.13 23:46:11 | 000,011,761 | ---- | C] ()(C:\Users\Andrea\Documents\??????.docx) -- C:\Users\Andrea\Documents\おはよう大輔.docx

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 02.08.2012 17:31:57 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Andrea\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 55,32% Memory free
8,00 Gb Paging File | 5,95 Gb Available in Paging File | 74,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 150,00 Gb Total Space | 78,54 Gb Free Space | 52,36% Space Free | Partition Type: NTFS
Drive D: | 548,54 Gb Total Space | 478,81 Gb Free Space | 87,29% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSPLATZ | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1615810410-456935748-570712834-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0680BAC8-CAE1-4C3F-8965-28F988718056}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{10697AB3-FEF6-4A4C-843C-43393DB0EAEC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1E9001C4-BCF6-44C5-924B-DB4A49F795EC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1F8571F2-82FD-4D0F-A5BA-B59806D421FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{21EE3244-5BEB-4024-86B1-11CD3C6638F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2ACBB752-176B-4309-B327-D014DC26CF37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2CAD5988-4B71-47AB-88E7-05A4D51C5A63}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3BC3C1C8-F299-4F64-81A0-7F98DB9999D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{475EFAF0-35D7-412A-8E1E-3C31F0367E40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{48F90DF2-AB27-42CD-A9A3-07A5B80D9E6B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{66F484DB-4C2E-45CA-9587-BEA12207BB46}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{718013EA-98E7-4D3D-8BB7-DCA6FE9C9629}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{76C900D9-7440-4E68-B16C-38053B4FD2BA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78368F31-9299-42F2-9C9D-ADCB147CACDE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7B46F7BB-D46C-444A-A118-71529827B497}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7CA08198-4783-4730-ACF1-5041341AA260}" = rport=139 | protocol=6 | dir=out | app=system | 
"{835FA94E-27FF-489C-A1AF-A921026861F2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9BAC3FBF-6705-4A88-861C-041CD2A15C2F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AD1D3DEE-1342-48E0-A794-2EFD2FB24887}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADD7687D-C65A-4693-BE87-00FAB9BDDB23}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B735986F-DAEB-42E9-902E-7600324F74A2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BBFB2D98-8B1B-43A3-BA2E-AC81615378C8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C5C20C2F-223B-41C7-A32F-E950A7F5573C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0FB0B03-B6C0-4981-B46D-9720390CC961}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E0251932-BFA5-415B-A043-3DFEDDA3C091}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
"{E6D51743-D7AF-49E7-B11E-B714D22697A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F05BF798-A1D5-4A65-B18E-254ED8DD2EAE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F1E88967-224B-41F5-8931-BD9F8A069361}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F419371E-E82C-4F1A-BD48-15070C6B9325}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FB7A0E1B-6486-4965-98CE-EEDDEAB8525A}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E09C8C-6E9F-421A-9E0F-83C5759CB481}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{043F26CE-062D-44DE-99D0-665A53D3E04D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{059C8CFE-8C61-4F8D-9C0B-1FDF2BF9CB1A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{0A9E6E43-14AE-4756-9052-5BD8155E5C62}" = protocol=17 | dir=in | app=d:\andrea\spiele\anno 2070\initengine.exe | 
"{0B5D5953-65C6-47EB-B86F-7DAA8C62B718}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{0DBA3E9A-A4FD-4242-BFA6-3B61D90EEA8B}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{0F4E5144-5112-4464-8A93-280626D61DB5}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\wiselinkpro.exe | 
"{109DF827-7CEB-46CB-8221-FF91CD6BEA83}" = protocol=17 | dir=in | app=d:\spiele\anno4.exe | 
"{12C3A231-9B2F-4A63-AE34-2427D3E9E2D0}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\wiselinkpro.exe | 
"{15EC0646-1F4E-4470-B658-F358DEE60F6E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{16636878-9985-4A2A-A2D6-F5E6F4416B97}" = protocol=6 | dir=in | app=d:\spiele\addon.exe | 
"{21B75C81-ED72-4568-A0D2-26739D4283F9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{2599A4DD-DDE3-4872-A777-6224CD711B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{274DF70C-F5BF-4179-A6AA-FB737E0978DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2C54154E-5543-490F-A3AF-F05FC03CACD5}" = protocol=6 | dir=in | app=d:\spiele\tools\addonweb.exe | 
"{2E4B40F8-4619-475C-9FD0-AB3AAF089D7C}" = protocol=17 | dir=in | app=d:\andrea\spiele\die siedleraek\base\bin\settlers6.exe | 
"{2F24D1A4-EADA-4F97-A782-64D758FFBEB0}" = protocol=6 | dir=in | app=d:\spiele\tools\anno4web.exe | 
"{31729924-AD1B-4481-9179-166B9E17025E}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"{31FD8EEE-1A6E-4158-A7B1-378B1A15B502}" = protocol=6 | dir=out | app=system | 
"{34B59DA3-898B-4577-A8FD-1B984FA061FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{3518C36C-380C-4F57-9824-5D921FDC3987}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3B12EDFA-63F6-41F2-837D-33508F7F4841}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{3B1C464B-486B-4510-9550-660F4324D1DE}" = protocol=17 | dir=in | app=d:\andrea\spiele\anno2070demo\anno5.exe | 
"{402DE08C-ACBE-4381-A047-046638D9F641}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{42255E2B-C119-40EB-B557-ED93992EE429}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{44636586-EBAA-43A3-A217-90130CDDCF64}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{47FD31AE-7917-4BDF-8639-47AAA6192DE8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4932AA3D-D4BF-43F0-96CB-FE8E0C6804F8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4A331D0D-9B05-4686-AEA2-42329FFBB3FC}" = protocol=17 | dir=in | app=d:\andrea\spiele\anno 2070\autopatcher.exe | 
"{4B13C639-5615-45D0-8862-7C6003EDC7CA}" = protocol=6 | dir=in | app=d:\andrea\spiele\anno 2070\anno5.exe | 
"{5A68BC07-7DCF-49FF-88A7-AFDD7543F040}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{623ED563-E5F7-4045-A8A2-52D665F7E138}" = protocol=6 | dir=in | app=d:\spiele\anno4.exe | 
"{649755A9-1DC1-4D79-AC36-C3F53CA0D156}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{654B2B6A-AC7B-430C-BAD8-8721791BCC49}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\wiselinkpro.exe | 
"{6D13B50B-795F-4D1E-B240-F67219520566}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{6EF8C0F9-8A62-4514-A0CF-5037E28CF7F1}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\http_ss_win_pro.exe | 
"{6FAB1D52-425D-4A12-86E6-094AE0D0FDEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{73E37AB9-7591-4E79-B20F-1A006D4D6D3B}" = protocol=17 | dir=in | app=d:\andrea\spiele\anno 2070\anno5.exe | 
"{7820B6DA-FB4B-4A33-A94D-CFCF34E7E277}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A1C0EF1-6627-4DED-88F6-A601AEA3A357}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\http_ss_win_pro.exe | 
"{7F624AA9-7998-4A6D-A029-D3814FA8B854}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{81173688-16DB-44E0-AA33-F589D2809A81}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{8604D7D1-38A3-44CB-81F9-C39B521F60C1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{87967231-7036-4546-8C6C-B7D9239FEEBF}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{8F234881-F210-46F6-93DB-3A93661FC9E5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{983193D7-B82B-45BE-94B0-8F5D37482922}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9FA88056-6CE0-4DF0-B2A5-BA56904087B6}" = protocol=17 | dir=in | app=d:\spiele\tools\anno4web.exe | 
"{A6806167-1A3C-420B-82AC-118FD938B2F6}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe | 
"{AF4D328B-B0B2-4B1A-AF7A-EC28B26D07BD}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\wiselinkpro.exe | 
"{B1CBE5ED-CC0B-41E7-95EA-DA7AC7BCBE26}" = protocol=6 | dir=in | app=d:\andrea\spiele\anno2070demo\anno5.exe | 
"{B83EEB19-C2A8-4685-83FE-201411B50C84}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc share manager\wiselinkpro.exe | 
"{BAC1BB9D-CB91-4D71-B4FA-3513A77E3525}" = protocol=17 | dir=in | app=d:\spiele\tools\addonweb.exe | 
"{BB8A656B-1434-43F8-86C4-53C448AE0EFC}" = protocol=17 | dir=in | app=d:\andrea\spiele\anno2070demo\initengine.exe | 
"{BBC8D9F4-526E-4F3F-809A-EB42D952EA76}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BC0ACC88-6F15-47C1-87EF-BC69B599AD0C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BC40609E-964A-49F2-9DDB-87D29865F28C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1464665-B069-4840-B30D-0D793B36A1C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C41D0EBC-9EDC-42EE-8BCD-3991CA8B4475}" = protocol=6 | dir=in | app=d:\andrea\spiele\anno 2070\autopatcher.exe | 
"{C5D9EFDF-BB26-4097-8AF7-29202C452DDD}" = protocol=6 | dir=in | app=d:\andrea\spiele\die siedleraek\base\bin\settlers6.exe | 
"{C663874C-BBA5-4E00-A05D-A68FBC893E3B}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{CA2F88AF-AB25-4BFC-8892-CDE7ED0D9DE1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D28985D9-5F32-4F16-9408-9C37EFAF0D7B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D9EEBE72-0EFB-4EAD-8143-BB9468866DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\wiselinkpro.exe | 
"{DD0FEA3B-40DF-432D-AD43-3772D337DA7C}" = protocol=17 | dir=in | app=d:\spiele\addon.exe | 
"{DF23739B-9E98-49CF-B133-130F888B706A}" = protocol=6 | dir=in | app=d:\andrea\spiele\anno2070demo\initengine.exe | 
"{E00BBE1F-C964-4059-A1AB-294899534B9E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E1B5B59F-352E-46BF-8A70-414BC3D6730C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareslideshowservice.exe | 
"{E309BB4F-22EC-4474-83C1-B32E6D3F8A4B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{EF5CCA79-B4AA-404B-A3A1-DF14921BF23A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F68FB077-BCA3-4050-B57D-630A81521F40}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{F83EF75F-3841-4206-9EC7-786BDC30EFB7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F9E27812-E767-43C0-881D-762DB9361CBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FDAC2D0A-AC65-43E7-B3DF-9D2A01F66713}" = protocol=6 | dir=in | app=d:\andrea\spiele\anno 2070\initengine.exe | 
"TCP Query User{0C6CA5FB-DB77-4CB7-9933-2C61CD5FE9FD}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{10677C62-A68E-4F41-838F-40768F7AAC68}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{18E4AE6C-ECAD-4E67-8C00-F3552B2B1DB5}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{321A0C92-6EAE-440A-BD43-8E2CF0F528DC}D:\andrea\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\andrea\spiele\anno 1404\tools\anno4web.exe | 
"TCP Query User{3C136E6C-3C92-4632-BFB7-91325D4B26AA}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{40501F4D-B5FA-4568-90BA-3D98D190B605}D:\andrea\spiele\anno2070demo\anno5.exe" = protocol=6 | dir=in | app=d:\andrea\spiele\anno2070demo\anno5.exe | 
"TCP Query User{90864D34-3DE4-4DF0-9E26-24B555F269EA}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"TCP Query User{935DA397-0788-4DD0-9A4B-8866CFDCFDD0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{A87422E5-FCDB-43F6-9E4D-BD997F0AAD43}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{C650F4B9-C791-456A-82EA-80D1C04ACA83}D:\andrea\spiele\anno 1404\addon.exe" = protocol=6 | dir=in | app=d:\andrea\spiele\anno 1404\addon.exe | 
"TCP Query User{F1AF38BE-7651-4AB4-982B-09E00F890A1F}C:\users\andrea\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\andrea\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{FE390564-D2FE-4ED2-B88A-3BE38735D72F}D:\andrea\spiele\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\andrea\spiele\anno 1404\tools\addonweb.exe | 
"UDP Query User{040F8E6F-6BDE-4A36-8A07-624C2AF12CBC}D:\andrea\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\andrea\spiele\anno 1404\tools\anno4web.exe | 
"UDP Query User{3A1FDFC2-1D47-4647-A647-CA0DAB960FFE}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe | 
"UDP Query User{455D069A-3B95-4529-9921-484408547AD4}D:\andrea\spiele\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\andrea\spiele\anno 1404\tools\addonweb.exe | 
"UDP Query User{61B0CBBE-7D7C-4052-8F26-19E2B5DA2580}D:\andrea\spiele\anno 1404\addon.exe" = protocol=17 | dir=in | app=d:\andrea\spiele\anno 1404\addon.exe | 
"UDP Query User{7BDC7818-6975-40A1-8FE6-0AB6D03CE741}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{83575500-D530-4496-9379-FEC721D81EC3}C:\users\andrea\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\andrea\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{96A88140-9774-4236-B0F6-E091E9662283}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{A9472283-8E29-4059-A9E0-A49D9FAECED3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{B5A9771A-B9C1-4710-A51F-7D9462039ECA}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{BF117958-6E35-482E-AB9C-44C92D5E2791}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{E422120B-166D-4D3E-9B32-10E8ABAC6AC2}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{E92B1D1C-AE69-4E7C-8E07-BEA13F39405A}D:\andrea\spiele\anno2070demo\anno5.exe" = protocol=17 | dir=in | app=d:\andrea\spiele\anno2070demo\anno5.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON S22 Series" = Druckerdeinstallation für EPSON S22 Series
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U] AVS" = [verify-U] AVS 2.1.9
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0610.1 
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Die Pirateninsel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3D035310-3D86-4537-93B5-D390A6CF1778}" = ANNO 2070 DEMO
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAE4C76-44C3-418F-B715-6BBF5A65323E}" = TL-WN851ND Driver
"{555A05F8-4069-4503-8476-C8AE6DB7BD80}" = Anno 1404 Rechner
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EABB309-64F7-11D7-B796-0050BFE4DB80}" = Restaurant Empire
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK Home Center Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Any Video Converter_is1" = Any Video Converter 3.3.5
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"Caesar 3" = Caesar 3
"DivX Setup" = DivX-Setup
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dm Digi Foto" = dm Digi Foto
"dslmon" = devolo Informer
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON S22 Series Manual" = EPSON S22 Series Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"nfsCloudsHD New Free Screensaver_is1" = NewFreeScreensaver nfsCloudsHD
"nfsSky01 New Free Screensaver_is1" = NewFreeScreensaver nfsSky01
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pharaoh" = Pharao
"S2TNG" = Die Siedler II - Die nächste Generation
"S4Uninst" = Die Siedler IV
"SADK" = Die Siedler - Aufbruch der Kulturen
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"Theme Park World" = Theme Park World
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XSManager" = XSManager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1615810410-456935748-570712834-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.07.2012 18:00:33 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 23.07.2012 13:28:12 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 23.07.2012 13:29:00 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.07.2012 03:05:30 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 27.07.2012 12:12:54 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 27.07.2012 12:13:51 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 28.07.2012 11:21:39 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 28.07.2012 11:22:24 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.07.2012 06:35:42 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 29.07.2012 06:54:19 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 29.07.2012 06:54:48 | Computer Name = Arbeitsplatz | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ Media Center Events ]
Error - 26.10.2011 06:39:56 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 12:39:56 - Fehler beim Herstellen der Internetverbindung.  12:39:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 26.10.2011 06:40:29 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 12:40:25 - Fehler beim Herstellen der Internetverbindung.  12:40:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 13:31:33 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 18:31:33 - Fehler beim Herstellen der Internetverbindung.  18:31:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 21.12.2011 13:32:06 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 18:32:02 - Fehler beim Herstellen der Internetverbindung.  18:32:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.12.2011 04:50:40 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 09:50:40 - Fehler beim Herstellen der Internetverbindung.  09:50:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.12.2011 04:51:13 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 09:51:09 - Fehler beim Herstellen der Internetverbindung.  09:51:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.12.2011 05:51:45 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 10:51:45 - Fehler beim Herstellen der Internetverbindung.  10:51:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.12.2011 05:52:16 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 10:52:15 - Fehler beim Herstellen der Internetverbindung.  10:52:15 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.12.2011 13:20:49 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 18:20:49 - Fehler beim Herstellen der Internetverbindung.  18:20:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.12.2011 13:21:01 | Computer Name = Arbeitsplatz | Source = MCUpdate | ID = 0
Description = 18:20:54 - Fehler beim Herstellen der Internetverbindung.  18:20:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 24.12.2011 09:24:01 | Computer Name = Arbeitsplatz | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 12:49:35 | Computer Name = Arbeitsplatz | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.08.2012 17:41:59 | Computer Name = Arbeitsplatz | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\[verify-U]-driver.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 01.08.2012 17:42:21 | Computer Name = Arbeitsplatz | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
Error - 01.08.2012 17:42:23 | Computer Name = Arbeitsplatz | Source = Service Control Manager | ID = 7023
Description = Der Dienst "[verify-U]-Service" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 02.08.2012 02:33:33 | Computer Name = Arbeitsplatz | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\[verify-U]-driver.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 02.08.2012 02:33:56 | Computer Name = Arbeitsplatz | Source = Service Control Manager | ID = 7023
Description = Der Dienst "[verify-U]-Service" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 02.08.2012 02:33:56 | Computer Name = Arbeitsplatz | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
Error - 02.08.2012 11:25:26 | Computer Name = Arbeitsplatz | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\[verify-U]-driver.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 02.08.2012 11:25:48 | Computer Name = Arbeitsplatz | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   [verify-U]_System
 
Error - 02.08.2012 11:25:50 | Computer Name = Arbeitsplatz | Source = Service Control Manager | ID = 7023
Description = Der Dienst "[verify-U]-Service" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 02.08.2012 11:26:12 | Computer Name = Arbeitsplatz | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
         

Alt 02.08.2012, 16:54   #7
t'john
/// Helfer-Team
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1615810410-456935748-570712834-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "Bing" 
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.t-online.de/" 
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q=" 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, .anime-loads.org" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O3 - HKU\S-1-5-21-1615810410-456935748-570712834-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKU\S-1-5-21-1615810410-456935748-570712834-1000..\Run: [EPSON S22 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\Windows\TEMP\E_S9972.tmp" /EF "HKCU" File not found 
O4 - HKU\S-1-5-21-1615810410-456935748-570712834-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-21-1615810410-456935748-570712834-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\G\Shell - "" = AutoRun 
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe 
 
[2012.07.06 08:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\crxklftdhpnikwz 
[2012.07.06 08:16:53 | 000,000,051 | ---- | M] () -- C:\ProgramData\ihbrmfmutdznwgn 

[2012.08.02 17:25:53 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
 
[2012.08.02 09:08:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.02 08:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.20 23:05:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 17:22   #8
selinia86
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Na das war aber mal eine fixe Antwort! ^^

Hier die Log-Datei: (Allerdings sind plötzlich diverse Firefox Extensions weg... war das beabsichtigt???)
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1615810410-456935748-570712834-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1615810410-456935748-570712834-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1615810410-456935748-570712834-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Bing" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.bing.com/search?FORM=IEFM1&q=" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.t-online.de/" removed from browser.startup.homepage
Prefs.js: personas@christopher.beard:1.6.2 removed from extensions.enabledItems
Prefs.js: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 removed from extensions.enabledItems
Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 removed from extensions.enabledItems
Prefs.js: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50 removed from extensions.enabledItems
Prefs.js: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: "hxxp://www.bing.com/search?FORM=IEFM1&q=" removed from keyword.URL
Prefs.js: "localhost, 127.0.0.1, .anime-loads.org" removed from network.proxy.no_proxies_on
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-1615810410-456935748-570712834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1615810410-456935748-570712834-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON S22 Series deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1615810410-456935748-570712834-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KiesPDLR deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1615810410-456935748-570712834-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\autorun.exe not found.
C:\ProgramData\crxklftdhpnikwz folder moved successfully.
C:\ProgramData\ihbrmfmutdznwgn moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\EasyShare Registration Task.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Andrea\Desktop\cmd.bat deleted successfully.
C:\Users\Andrea\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Andrea
->Temp folder emptied: 1844143875 bytes
->Temporary Internet Files folder emptied: 557468373 bytes
->Java cache emptied: 2343971 bytes
->FireFox cache emptied: 1098795540 bytes
->Google Chrome cache emptied: 114885053 bytes
->Flash cache emptied: 5132 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Peter
->Temp folder emptied: 7694751 bytes
->Temporary Internet Files folder emptied: 269743373 bytes
->Java cache emptied: 11290660 bytes
->FireFox cache emptied: 60781089 bytes
->Flash cache emptied: 67862 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 677871759 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 9772294452 bytes
 
Total Files Cleaned = 13.750,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Andrea
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Peter
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08022012_181031

Files\Folders moved on Reboot...
C:\Users\Andrea\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Andrea\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 02.08.2012, 17:25   #9
t'john
/// Helfer-Team
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Sehr gut!

Ja, die kannst du am Ende wieder installieren.

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.08.2012, 19:20   #10
selinia86
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Ok, hier das Ergebnis des Malwarebytes scan:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.02.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrea :: ARBEITSPLATZ [Administrator]

Schutz: Aktiviert

02.08.2012 18:35:36
mbam-log-2012-08-02 (18-35-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 417153
Laufzeit: 1 Stunde(n), 35 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und hier das Ergebnis des Suchlaufs mit dem AdwCleaner
Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/02/2012 at 20:18:02
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Andrea - ARBEITSPLATZ
# Running from : C:\Users\Andrea\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Andrea\AppData\LocalLow\Softonic
Folder Found : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\o28clbup.default\extensions\ffxtlbra@softonic.com

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Freeze.com
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\o28clbup.default\prefs.js

Found : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]
Found : user_pref("extensions.softonic_i.aflt", "SD");
Found : user_pref("extensions.softonic_i.dfltLng", "de");
Found : user_pref("extensions.softonic_i.excTlbr", false);
Found : user_pref("extensions.softonic_i.id", "7c912804000000000000b0487afa5c3a");
Found : user_pref("extensions.softonic_i.instlDay", "15385");
Found : user_pref("extensions.softonic_i.instlRef", "MON00015");
Found : user_pref("extensions.softonic_i.newTab", false);
Found : user_pref("extensions.softonic_i.prdct", "softonic");
Found : user_pref("extensions.softonic_i.prtnrId", "softonic");
Found : user_pref("extensions.softonic_i.smplGrp", "eng7");
Found : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault");
Found : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSour[...]
Found : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Found : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.520:04:57");
Found : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");

Profile name : default 
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\l75qnadj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v4.1.249.1036

File : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2607 octets] - [02/08/2012 20:18:02]

########## EOF - C:\AdwCleaner[R1].txt - [2735 octets] ##########
         

Alt 03.08.2012, 13:35   #11
t'john
/// Helfer-Team
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.08.2012, 20:18   #12
selinia86
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Also hier der Bericht vom AdwCleaner
Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/03/2012 at 19:42:02
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Andrea - ARBEITSPLATZ
# Running from : C:\Users\Andrea\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Andrea\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\o28clbup.default\extensions\ffxtlbra@softonic.com

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Freeze.com

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\o28clbup.default\prefs.js

C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\o28clbup.default\user.js ... Deleted !

Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"20\": {\"id\": \"20\",\"tit[...]
Deleted : user_pref("extensions.softonic_i.aflt", "SD");
Deleted : user_pref("extensions.softonic_i.dfltLng", "de");
Deleted : user_pref("extensions.softonic_i.excTlbr", false);
Deleted : user_pref("extensions.softonic_i.id", "7c912804000000000000b0487afa5c3a");
Deleted : user_pref("extensions.softonic_i.instlDay", "15385");
Deleted : user_pref("extensions.softonic_i.instlRef", "MON00015");
Deleted : user_pref("extensions.softonic_i.newTab", false);
Deleted : user_pref("extensions.softonic_i.prdct", "softonic");
Deleted : user_pref("extensions.softonic_i.prtnrId", "softonic");
Deleted : user_pref("extensions.softonic_i.smplGrp", "eng7");
Deleted : user_pref("extensions.softonic_i.tlbrId", "de12JANdefault");
Deleted : user_pref("extensions.softonic_i.tlbrSrchUrl", "hxxp://search.softonic.com/MON00015/tb_v1?SearchSour[...]
Deleted : user_pref("extensions.softonic_i.vrsn", "1.5.11.5");
Deleted : user_pref("extensions.softonic_i.vrsnTs", "1.5.11.520:04:57");
Deleted : user_pref("extensions.softonic_i.vrsni", "1.5.11.5");

Profile name : default 
File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\l75qnadj.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v4.1.249.1036

File : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2732 octets] - [02/08/2012 20:18:02]
AdwCleaner[S1].txt - [2678 octets] - [03/08/2012 19:42:02]

########## EOF - C:\AdwCleaner[S1].txt - [2806 octets] ##########
         
Emsisoft:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 03.08.2012 20:11:10

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	03.08.2012 20:12:00

c:\windows\system32\beegd10.ocx 	gefunden: Trace.File.morpheus!E1
D:\Andrea\Spiele\Transportgigant\transportgiant.exe 	gefunden: Trojan.Win32.Inject.ambl!E1

Gescannt	673513
Gefunden	2

Scan Ende:	03.08.2012 21:12:11
Scan Zeit:	1:00:11
         
Und hier hatte ich zuerst versehentlich einen Schnellscan gemacht:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 03.08.2012 19:15:04

Scan Einstellungen:

Scan Methode: Schnelltest
Objekte: Rootkits, Speicher, Traces
Archiv Scan: Aus
ADS Scan: An

Scan Beginn:	03.08.2012 19:15:30

c:\windows\system32\beegd10.ocx 	gefunden: Trace.File.morpheus!E1
Value: hkey_local_machine\software\freeze.com\installer --> id 	gefunden: Trace.Registry.ez game cheats!E1
Key: hkey_local_machine\software\freeze.com\ 	gefunden: Trace.Registry.freeze!E1

Gescannt	480584
Gefunden	3

Scan Ende:	03.08.2012 19:16:10
Scan Zeit:	0:00:40
         

Alt 04.08.2012, 15:28   #13
t'john
/// Helfer-Team
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Sehr gut!



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.08.2012, 17:20   #14
selinia86
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Hier ist der Eset Scan-log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a80ca2f3596dd04290e2c5a9d36fb9d6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-06 06:50:28
# local_time=2012-07-06 08:50:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 17472119 17472119 0 0
# compatibility_mode=5893 16776573 100 94 4782 93226159 0 0
# compatibility_mode=8192 67108863 100 0 1103 1103 0 0
# scanned=217189
# found=0
# cleaned=0
# scan_time=4320
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a80ca2f3596dd04290e2c5a9d36fb9d6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-04 04:10:18
# local_time=2012-08-04 06:10:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 19968672 19968672 0 0
# compatibility_mode=5893 16776573 100 94 57441 95722712 0 0
# compatibility_mode=8192 67108863 100 0 2497656 2497656 0 0
# scanned=197664
# found=1
# cleaned=1
# scan_time=3755
C:\_OTL\MovedFiles\08022012_181031\C_ProgramData\crxklftdhpnikwz\main.html	HTML/Ransom.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         
Seltsamerweise ist seit heute die Maus ruckelig und Programme lassen sich nur nach mehrmaligem klicken öffnen.
Vorhin kam dann auch noch die Meldung "Der Server ist ausgelastet".
Hört sich gar nicht gut an....

Hätte ich eigentlich die mit dem Emsisoft Scanner gefundenen Infektionen in Quarantäne verschieben sollen??? Dies habe ich nämlich nicht gemacht...

Alt 04.08.2012, 18:01   #15
t'john
/// Helfer-Team
 
Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Standard

Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)
administrator, anti-malware, appdata, arbeitsplatz, bka-trojaner, bundeskriminalamt, bundespolizei, code, computer, detected, escan, eset, explorer, folge, funktioniert, infiziert, logfiles, malwarebytes, nicht mehr, nicht möglich, online, recycle.bin, registry, scan, stick, systemwiederherstellung, temp, win, win 7 64bit, win7




Ähnliche Themen: Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)


  1. Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung?
    Log-Analyse und Auswertung - 01.10.2014 (9)
  2. System mit BKA-Trojaner ähnlichem Schädling infiziert (Win7 Home Premium)
    Log-Analyse und Auswertung - 17.04.2014 (7)
  3. Win7 infiziert, u.a. TR/ATRAPS.Gen2 (Trojaner)
    Log-Analyse und Auswertung - 01.10.2013 (14)
  4. Interpol Trojaner - Sperschirm//FRST.Log schon angehängt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (9)
  5. Interpol Trojaner - Logfile schon angehängt
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (3)
  6. Win7-PC mit GVU/BSI-Trojaner infiziert
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (17)
  7. GVU-Trojaner 2.07 / Logs angehängt / System sauber?
    Log-Analyse und Auswertung - 05.10.2012 (8)
  8. GVU Trojaner - PC gesperrt - defogger + OTL-Log angehängt
    Plagegeister aller Art und deren Bekämpfung - 12.09.2012 (5)
  9. Suisa Trojaner, Win7 64bit, Logfiles anbei
    Log-Analyse und Auswertung - 14.08.2012 (16)
  10. GVU Trojaner auf Win7 64bit - Logfiles
    Log-Analyse und Auswertung - 02.08.2012 (17)
  11. GVU Trojaner 2.07 / Logfiles angehängt
    Log-Analyse und Auswertung - 30.07.2012 (8)
  12. GVU Trojaner 2.07 - Win7 32 BIT Ultimate - Logfiles anbei
    Log-Analyse und Auswertung - 30.07.2012 (6)
  13. Win7 mit GVU-Trojaner 2.07 infiziert
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (12)
  14. Bundespolizei-Trojaner, OTL-Logs angehängt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (5)
  15. neue Win7, Fragen zu Logfiles?
    Log-Analyse und Auswertung - 12.06.2012 (1)
  16. System Check Trojaner -> Logfiles angehängt
    Log-Analyse und Auswertung - 29.03.2012 (8)
  17. 50 € Trojaner, Win XP, OTL Logfiles angehängt
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (36)

Zum Thema Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) - Hallo zusammen, auch ich habe mir den berüchtigten BKA-Trojaner eingefangen. Ich benutze Win 7 64bit Professional Edition. Nachdem heute morgen eines der beiden Windows-Userprofile nicht mehr funktioniert hat (es wurde - Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt)...
Archiv
Du betrachtest: Win7 PC mit BKA-Trojaner infiziert (Logfiles angehängt) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.