| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei: Ihr Computer wurde.... wie entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.07.2012, 18:44
| #1 |
| |  Bundespolizei: Ihr Computer wurde.... wie entfernen? Hallo, nun hat es mich auch erwischt, toller Start ins Wochenende...heute ist ja "Freitag der 13" mehr sage ich dazu nicht. Mich hat dieser Trojaner/Virus erwischt: http://www.trojaner-board.de/116052-...-gesperrt.html Wie bekomme ich den weg? System: Netbook 32bit Win7 Ultimate Alle log`s im abgesicherten Modus mit Netzwerkunterstützung erstellt. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.13.08 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 H5N1 :: H5N1-PC [Administrator] 13.07.2012 19:17:14 mbam-log-2012-07-13 (19-23-06).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 191025 Laufzeit: 4 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Validator (Trojan.BTSoft.Gen) -> Daten: C:\Users\H5N1\AppData\Roaming\Sun\{6869B88E-E72B-4FF0-959B-3A4B6D5EF895}\Validator.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\H5N1\AppData\Roaming\Sun\{6869B88E-E72B-4FF0-959B-3A4B6D5EF895}\Validator.exe (Trojan.BTSoft.Gen) -> Keine Aktion durchgeführt. C:\Users\H5N1\0.009897798997732687.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. (Ende) OTL: Code:
ATTFilter OTL logfile created on: 13.07.2012 16:27:00 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = D:\virus Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 75,81% Memory free 4,00 Gb Paging File | 3,63 Gb Available in Paging File | 90,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 63,18 Gb Total Space | 12,80 Gb Free Space | 20,26% Space Free | Partition Type: NTFS Drive D: | 9,77 Gb Total Space | 2,77 Gb Free Space | 28,32% Space Free | Partition Type: NTFS Drive E: | 58,99 Gb Total Space | 58,99 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: H5N1-PC | User Name: H5N1 | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.13 15:37:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\virus\OTL.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2002.04.22 03:15:02 | 000,139,264 | ---- | M] () -- C:\Programme\Common Files\Adobe\Shell\psicon.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.11 20:03:51 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.04 16:13:54 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.06.19 17:17:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.20 06:57:56 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.08.18 15:47:48 | 000,819,976 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Programme\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0) SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010.05.21 14:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [On_Demand | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2005.11.29 10:31:08 | 000,282,624 | ---- | M] (DynIP, a division of CanWeb Internet Services Ltd.) [Auto | Stopped] -- C:\Programme\DynIP\DynIP Client v5.51\Client.exe -- (DynIPClient) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\H5N1\AppData\Local\Temp\PIO868E.tmp -- (PORTIO64) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\libusb0.sys -- (libusb0) DRV - [2012.03.25 10:26:18 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2012.02.25 12:15:55 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.02.10 12:40:11 | 000,025,984 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver) DRV - [2012.02.04 14:05:59 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.02.04 14:05:57 | 010,325,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.02.04 14:05:57 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt) DRV - [2011.12.19 15:12:00 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2011.12.19 15:11:58 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2011.12.19 15:11:58 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2011.12.19 15:11:58 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2011.10.07 10:24:36 | 000,126,976 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2011.10.07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011.09.21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2011.09.13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.09.09 15:45:20 | 001,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.07.29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011.07.11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2011.02.28 11:27:10 | 000,061,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2011.02.28 11:26:54 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010.10.12 11:27:52 | 000,019,656 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Programme\Eltima Software\Serial Port Monitor\SPSniff.sys -- (SPSniff) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009.04.22 20:42:30 | 000,304,128 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VPS3Joy.sys -- (VPS3Joy) Virtual Playstation(3) DRV - [2009.04.22 20:42:12 | 000,303,104 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMouse.sys -- (VMouse) DRV - [2009.04.22 20:41:46 | 000,302,080 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VKeyboard.sys -- (VKeyboard) DRV - [2008.09.08 09:23:08 | 000,060,032 | ---- | M] (FreeBT (www.freebt.net)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fbtusb.sys -- (FreeBT) DRV - [2008.05.19 17:02:00 | 000,055,808 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\evserial.sys -- (evserial) Virtual Serial Ports Driver (Eltima Softwate) DRV - [2008.05.19 17:01:54 | 000,027,648 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\evsbc.sys -- (VSBC) Virtual Serial Bus Enumerator (Eltima Software) DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’ IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 FC 33 F1 F5 E7 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 199.104.126.42:80 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\H5N1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\H5N1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 17:17:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 10:26:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 17:17:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.04 14:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\H5N1\AppData\Roaming\mozilla\Extensions [2012.07.10 15:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\H5N1\AppData\Roaming\mozilla\Firefox\Profiles\b3ezisx4.Standard-Benutzer\extensions [2012.05.31 00:06:21 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\H5N1\AppData\Roaming\mozilla\Firefox\Profiles\b3ezisx4.Standard-Benutzer\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2012.06.13 23:53:20 | 000,000,000 | ---D | M] ("DownloadHelper [AU]") -- C:\Users\H5N1\AppData\Roaming\mozilla\Firefox\Profiles\b3ezisx4.Standard-Benutzer\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.01 01:28:21 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\H5N1\AppData\Roaming\mozilla\Firefox\Profiles\b3ezisx4.Standard-Benutzer\extensions\de-DE@dictionaries.addons.mozilla.org [2012.06.15 15:52:26 | 000,000,000 | ---D | M] ("FVD Speed Dial with Online Sync") -- C:\Users\H5N1\AppData\Roaming\mozilla\Firefox\Profiles\b3ezisx4.Standard-Benutzer\extensions\pavel.sherbakov@gmail.com [2012.03.22 09:11:42 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\H5N1\AppData\Roaming\mozilla\Firefox\Profiles\b3ezisx4.Standard-Benutzer\extensions\support@lastpass.com [2012.06.01 01:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.13 09:50:25 | 000,074,108 | ---- | M] () (No name found) -- C:\USERS\H5N1\APPDATA\ROAMING\THUNDERBIRD\PROFILES\MC78PHEP.DEFAULT\EXTENSIONS\{8845E3B3-E8FB-40E2-95E9-EC40294818C4}.XPI [2012.05.18 11:30:24 | 000,000,000 | ---D | M] (Provider for Google Calendar) -- C:\USERS\H5N1\APPDATA\ROAMING\THUNDERBIRD\PROFILES\MC78PHEP.DEFAULT\EXTENSIONS\{A62EF8EC-5FDC-40C2-873C-223B8A6925CC} [2012.07.02 19:38:14 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\H5N1\APPDATA\ROAMING\THUNDERBIRD\PROFILES\MC78PHEP.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103} [2012.02.21 12:27:31 | 000,000,000 | ---D | M] (German Dictionary) -- C:\USERS\H5N1\APPDATA\ROAMING\THUNDERBIRD\PROFILES\MC78PHEP.DEFAULT\EXTENSIONS\DE-DE@DICTIONARIES.ADDONS.MOZILLA.ORG [2012.07.09 13:20:23 | 000,000,000 | ---D | M] (MyPhoneExplorer) -- C:\USERS\H5N1\APPDATA\ROAMING\THUNDERBIRD\PROFILES\MC78PHEP.DEFAULT\EXTENSIONS\MYPHONEEXPLORER@FJSOFT.AT [2012.04.25 21:02:18 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\H5N1\APPDATA\ROAMING\THUNDERBIRD\PROFILES\MC78PHEP.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI [2012.06.19 17:17:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.08 12:39:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.08 12:39:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 12:39:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 12:39:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 12:39:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 12:39:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\H5N1\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\H5N1\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\H5N1\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - Extension: BIODIGITAL HUMAN = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Turn Off the Lights = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.106_0\ CHR - Extension: Save the trees (print & screenshot) = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlcapbgbcnfkifgclinapfbkielnmdi\1.0.1.0_0\ CHR - Extension: Slinky Vornehm = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Stylish = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\ CHR - Extension: Translate selection = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\goanabmlmgfinmjohhepcpffcnkeobjm\1.1.8.3_0\ CHR - Extension: Mibbit webchat = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi\1.12_0\ CHR - Extension: LastPass = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.0_0\ CHR - Extension: Print Plus = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmfccjbmmiihefchodekgaebpodidoem\1.0.3.29_0\ CHR - Extension: Stealthy = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.1_0\ CHR - Extension: Speed Dial 2 = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.0.8_0\ CHR - Extension: Quick Note = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.3.8_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Sticky Notes = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfklpmdfldnnjbkdmamhokiphfkfieg\1.8_0\ CHR - Extension: freenode irc = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhkcfbkpodjkallcfebgihcoglfaniep\2.0_0\ CHR - Extension: Sticky Notes = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadhkifhlcmdahecfkhomjcilnblhifn\1.4_0\ CHR - Extension: BIODIGITAL HUMAN = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\ CHR - Extension: Turn Off the Lights = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.106_0\ CHR - Extension: Save the trees (print & screenshot) = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlcapbgbcnfkifgclinapfbkielnmdi\1.0.1.0_0\ CHR - Extension: Slinky Vornehm = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Stylish = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\ CHR - Extension: Translate selection = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\goanabmlmgfinmjohhepcpffcnkeobjm\1.1.8.3_0\ CHR - Extension: Mibbit webchat = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi\1.12_0\ CHR - Extension: LastPass = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.0_0\ CHR - Extension: Print Plus = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmfccjbmmiihefchodekgaebpodidoem\1.0.3.29_0\ CHR - Extension: Stealthy = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.2.1_0\ CHR - Extension: Speed Dial 2 = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.0.8_0\ CHR - Extension: Quick Note = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.3.8_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: Sticky Notes = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfklpmdfldnnjbkdmamhokiphfkfieg\1.8_0\ CHR - Extension: freenode irc = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhkcfbkpodjkallcfebgihcoglfaniep\2.0_0\ CHR - Extension: Sticky Notes = C:\Users\H5N1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadhkifhlcmdahecfkhomjcilnblhifn\1.4_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKCU..\Run: [cdgjyoicolejkcm] C:\ProgramData\cdgjyoic.exe (Freescale) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [Unified Remote v2] C:\Programme\Unified Remote\RemoteServer.exe (Unified Remote) O4 - HKCU..\Run: [Validator] C:\Users\H5N1\AppData\Roaming\Sun\{6869B88E-E72B-4FF0-959B-3A4B6D5EF895}\Validator.exe (See!Rich) O4 - Startup: C:\Users\H5N1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\H5N1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09C6EFE7-DBF8-4543-AA74-7275863E4E92}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43B9C2CE-69D1-4951-A37C-75F350B065C9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D701255-250C-46C4-80B1-D273BC643590}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F020F5-76D9-45CE-932A-54556A149CEB}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.02.04 12:18:22 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.13 12:59:19 | 000,121,344 | ---- | C] (Freescale) -- C:\ProgramData\cdgjyoic.exe [2012.07.13 12:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\xqargfqkogtivyl [2012.07.13 12:59:12 | 000,121,344 | ---- | C] (Freescale) -- C:\Users\H5N1\0.009897798997732687.exe [2012.07.10 18:36:25 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Microsoft Corporation [2012.07.10 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Apple [2012.07.10 10:06:47 | 000,000,000 | ---D | C] -- C:\Users\H5N1\Desktop\kleinanzeigen [2012.07.09 23:20:35 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Google Inc [2012.07.06 12:10:58 | 000,000,000 | ---D | C] -- C:\Users\H5N1\Desktop\The_Reset_Glitch_Hack_Tutorial_v1.1_EN [2012.07.05 20:26:13 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Opera [2012.07.04 18:40:18 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\TS3Client [2012.07.04 18:37:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.04 18:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2012.07.04 17:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ET Starter Pro [2012.07.04 17:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\ET Starter Pro [2012.07.04 17:28:55 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Local\Punkbuster [2012.07.04 17:28:28 | 000,000,000 | ---D | C] -- C:\Users\H5N1\Desktop\ETPunkBuster_Setup_And_KeyGen [2012.07.04 16:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kroll Ontrack [2012.07.04 16:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Kroll Ontrack [2012.07.04 16:12:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2012.07.04 16:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.07.04 16:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2012.07.04 14:52:40 | 000,000,000 | ---D | C] -- C:\Users\H5N1\Desktop\backup_4_7_12 [2012.07.04 00:15:19 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Help [2012.07.03 19:04:15 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Sun [2012.07.03 10:42:47 | 000,000,000 | ---D | C] -- C:\Users\H5N1\Desktop\X1160_X1260user_1.0_A_A [2012.06.24 17:56:51 | 000,000,000 | ---D | C] -- C:\New Folder [2012.06.24 17:04:47 | 000,000,000 | ---D | C] -- C:\no_client_files [2012.06.24 17:03:25 | 000,000,000 | ---D | C] -- C:\aitcrack_clientdoku.php_files [2012.06.24 17:03:06 | 000,000,000 | ---D | C] -- C:\aircrack_no_clientdoku.php_files [2012.06.24 12:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.06.24 12:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2012.06.22 00:05:23 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Local\MPlayer [2012.06.22 00:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server [2012.06.22 00:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS [2012.06.22 00:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server [2012.06.21 23:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2012.06.21 23:11:13 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\uTorrent [2012.06.20 15:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Editor [2012.06.18 14:25:34 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\vlc [2012.06.18 14:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.06.18 14:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.06.17 16:55:12 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVR-20100110 [2012.06.17 16:52:17 | 000,000,000 | ---D | C] -- C:\WinAVR-20100110 [2012.06.17 14:55:37 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Local\Macromedia [2012.06.15 16:35:04 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DynIP Client for Windows v5.51 [2012.06.15 16:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\DynIP [2012.06.15 16:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.06.15 14:38:11 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\USB DVD-Downloadtool für Windows 7 [2012.06.15 14:38:11 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Local\Apps [2012.06.14 09:13:17 | 000,000,000 | ---D | C] -- C:\Users\H5N1\Desktop\sonstiges [2012.06.14 09:12:03 | 000,000,000 | ---D | C] -- C:\Users\H5N1\Desktop\LOK [2012.06.14 00:03:39 | 000,000,000 | ---D | C] -- C:\Users\H5N1\AppData\Roaming\Media Player Classic [2012.06.13 23:59:36 | 000,000,000 | ---D | C] -- C:\Users\H5N1\dwhelper [2012.06.13 23:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper [2012.06.13 19:38:18 | 000,000,000 | ---D | C] -- C:\WINXPCD [2012.06.13 19:36:21 | 000,000,000 | ---D | C] -- C:\Win Setup_1_0_beta8 ========== Files - Modified Within 30 Days ========== [2012.07.13 15:42:47 | 000,000,000 | ---- | M] () -- C:\Users\H5N1\defogger_reenable [2012.07.13 15:40:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.13 15:40:00 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys [2012.07.13 15:35:59 | 000,050,477 | ---- | M] () -- C:\Defogger.exe [2012.07.13 13:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.13 13:03:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.13 12:59:20 | 000,000,051 | ---- | M] () -- C:\ProgramData\aiwizkopkxcjqzp [2012.07.13 12:59:13 | 000,121,344 | ---- | M] (Freescale) -- C:\ProgramData\cdgjyoic.exe [2012.07.13 12:59:13 | 000,121,344 | ---- | M] (Freescale) -- C:\Users\H5N1\0.009897798997732687.exe [2012.07.13 12:46:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1501322901-3709429985-2944457107-1000UA.job [2012.07.13 12:34:25 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 12:34:25 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 12:29:19 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.07.13 12:29:08 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.07.13 12:27:15 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.13 12:21:57 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.07.13 10:31:32 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1501322901-3709429985-2944457107-1000Core.job [2012.07.13 10:31:11 | 101,398,884 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.07.12 11:07:35 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.11 15:31:21 | 000,001,371 | ---- | M] () -- C:\Users\H5N1\Desktop\ethersex-ethersex-snapshot_compile_ok-105-g42b8418.tar - Verknüpfung.lnk [2012.07.10 10:01:18 | 000,000,446 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.07.09 19:44:33 | 000,260,869 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.07.06 12:10:42 | 014,801,949 | ---- | M] () -- C:\Users\H5N1\Desktop\The_Reset_Glitch_Hack_Tutorial_v1.1_EN.rar [2012.07.05 22:18:11 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.05 22:18:11 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.05 22:18:11 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.05 22:18:11 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.04 18:36:56 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.07.04 17:39:20 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\ET Starter Pro.lnk [2012.07.04 17:38:59 | 013,522,701 | ---- | M] () -- C:\Users\H5N1\Desktop\etstarterpro_095.zip [2012.07.04 17:29:29 | 000,022,328 | ---- | M] () -- C:\Users\H5N1\AppData\Roaming\PnkBstrK.sys [2012.07.04 17:28:55 | 000,682,280 | ---- | M] () -- C:\Windows\System32\pbsvc.exe [2012.07.04 17:28:17 | 003,348,123 | ---- | M] () -- C:\Users\H5N1\Desktop\ETPunkBuster_Setup_And_KeyGen.zip [2012.07.04 16:43:43 | 000,002,284 | ---- | M] () -- C:\Users\Public\Desktop\Ontrack EasyRecovery Professional.lnk [2012.07.04 16:43:26 | 000,001,137 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2012.07.04 16:12:39 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.07.04 16:11:09 | 008,531,968 | ---- | M] () -- C:\Users\H5N1\Desktop\SteamInstall_German.msi [2012.07.03 10:42:24 | 003,472,456 | ---- | M] () -- C:\Users\H5N1\Desktop\X1160_X1260user_1.0_A_A.zip [2012.06.29 14:11:16 | 000,050,878 | ---- | M] () -- C:\Users\H5N1\Desktop\index.html [2012.06.24 17:04:47 | 000,055,343 | ---- | M] () -- C:\no_client.html [2012.06.24 17:03:34 | 000,042,944 | ---- | M] () -- C:\aitcrack_clientdoku.php.html [2012.06.24 17:03:33 | 000,055,319 | ---- | M] () -- C:\aircrack_no_clientdoku.php.html [2012.06.24 16:55:12 | 000,000,125 | ---- | M] () -- C:\Text File [2012.06.24 16:55:12 | 000,000,118 | ---- | M] () -- C:\Text File~ [2012.06.24 14:54:20 | 000,001,096 | ---- | M] () -- C:\Users\H5N1\Desktop\EVEREST Ultimate Edition.lnk [2012.06.24 12:33:56 | 000,000,969 | ---- | M] () -- C:\Users\H5N1\Desktop\SpeedFan.lnk [2012.06.24 12:33:53 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2012.06.24 12:32:32 | 000,001,076 | ---- | M] () -- C:\Users\H5N1\Desktop\EVEREST Home Edition.lnk [2012.06.21 23:13:38 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk ========== Files Created - No Company Name ========== [2012.07.13 15:42:47 | 000,000,000 | ---- | C] () -- C:\Users\H5N1\defogger_reenable [2012.07.13 15:36:20 | 000,050,477 | ---- | C] () -- C:\Defogger.exe [2012.07.13 12:59:14 | 000,000,051 | ---- | C] () -- C:\ProgramData\aiwizkopkxcjqzp [2012.07.06 12:10:15 | 014,801,949 | ---- | C] () -- C:\Users\H5N1\Desktop\The_Reset_Glitch_Hack_Tutorial_v1.1_EN.rar [2012.07.04 18:36:56 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2012.07.04 17:45:30 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2012.07.04 17:39:20 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\ET Starter Pro.lnk [2012.07.04 17:38:55 | 013,522,701 | ---- | C] () -- C:\Users\H5N1\Desktop\etstarterpro_095.zip [2012.07.04 17:29:30 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.07.04 17:29:29 | 000,022,328 | ---- | C] () -- C:\Users\H5N1\AppData\Roaming\PnkBstrK.sys [2012.07.04 17:29:01 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2012.07.04 17:29:01 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.07.04 17:28:56 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2012.07.04 17:28:55 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2012.07.04 17:28:13 | 003,348,123 | ---- | C] () -- C:\Users\H5N1\Desktop\ETPunkBuster_Setup_And_KeyGen.zip [2012.07.04 16:43:43 | 000,002,284 | ---- | C] () -- C:\Users\Public\Desktop\Ontrack EasyRecovery Professional.lnk [2012.07.04 16:43:26 | 000,000,535 | ---- | C] () -- C:\Windows\System32\MAPISVC.BAK [2012.07.04 16:12:39 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.07.04 16:11:08 | 008,531,968 | ---- | C] () -- C:\Users\H5N1\Desktop\SteamInstall_German.msi [2012.07.03 10:42:21 | 003,472,456 | ---- | C] () -- C:\Users\H5N1\Desktop\X1160_X1260user_1.0_A_A.zip [2012.06.24 17:04:47 | 000,055,343 | ---- | C] () -- C:\no_client.html [2012.06.24 17:03:34 | 000,042,944 | ---- | C] () -- C:\aitcrack_clientdoku.php.html [2012.06.24 17:03:33 | 000,055,319 | ---- | C] () -- C:\aircrack_no_clientdoku.php.html [2012.06.24 16:55:12 | 000,000,118 | ---- | C] () -- C:\Text File~ [2012.06.24 14:54:20 | 000,001,096 | ---- | C] () -- C:\Users\H5N1\Desktop\EVEREST Ultimate Edition.lnk [2012.06.24 12:33:56 | 000,000,969 | ---- | C] () -- C:\Users\H5N1\Desktop\SpeedFan.lnk [2012.06.24 12:32:32 | 000,001,076 | ---- | C] () -- C:\Users\H5N1\Desktop\EVEREST Home Edition.lnk [2012.06.23 02:39:04 | 000,001,371 | ---- | C] () -- C:\Users\H5N1\Desktop\ethersex-ethersex-snapshot_compile_ok-105-g42b8418.tar - Verknüpfung.lnk [2012.06.21 23:13:38 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012.04.19 00:07:27 | 000,000,218 | ---- | C] () -- C:\Users\H5N1\.recently-used.xbel [2012.04.08 23:03:47 | 000,000,446 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.28 09:29:11 | 000,000,142 | ---- | C] () -- C:\Windows\SoftWriting.ini [2012.03.26 07:36:27 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.03.25 21:55:12 | 000,009,886 | ---- | C] () -- C:\Windows\System32\SETUP.INI [2012.03.25 11:05:35 | 002,134,016 | ---- | C] () -- C:\Users\H5N1\20120325_Lokalzeit_Ruhr-Opel__Die_Hoffnung_stirbt_zuletzt.mp4 [2012.03.13 15:24:50 | 000,000,000 | ---- | C] () -- C:\Users\H5N1\.pspsh.hist [2012.02.22 16:46:39 | 000,007,601 | ---- | C] () -- C:\Users\H5N1\AppData\Local\Resmon.ResmonCfg [2012.02.19 12:21:53 | 000,003,584 | ---- | C] () -- C:\Users\H5N1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.18 11:37:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.02.10 12:40:11 | 000,025,984 | ---- | C] () -- C:\Windows\System32\drivers\VSPE.sys [2012.02.07 12:12:50 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012.02.07 12:12:50 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012.02.07 12:12:50 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012.02.07 12:12:50 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012.02.07 12:12:50 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012.02.04 14:24:46 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2012.02.04 14:14:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.07.27 00:56:50 | 000,408,168 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll [2010.07.27 00:56:50 | 000,352,325 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin ========== LOP Check ========== [2012.07.10 21:35:34 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\.purple [2012.03.05 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\abby684 [2012.04.25 13:44:33 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Arduino [2012.06.06 23:39:21 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\AVG [2012.04.25 01:29:50 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\AVG2012 [2012.03.19 17:00:43 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\CadSoft [2012.03.31 00:08:08 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\DAEMON Tools Lite [2012.07.13 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Dropbox [2012.04.18 14:59:22 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\enchant [2012.05.30 18:11:15 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Foxit Software [2012.04.25 18:08:49 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Fritzing [2012.06.18 15:14:07 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\gtk-2.0 [2012.05.03 11:38:37 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\IrfanView [2012.02.10 13:42:57 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\MCS Electronics [2012.04.13 20:18:26 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\MotioninJoy [2012.07.07 01:35:40 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\MyPhoneExplorer [2012.03.04 01:20:25 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Notepad++ [2012.02.07 10:02:41 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\OpenOffice.org [2012.07.05 20:26:13 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Opera [2012.02.18 11:37:24 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\pdfforge [2012.03.26 07:36:26 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Spyware Terminator [2012.07.12 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\TeamViewer [2012.02.21 12:26:52 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Thunderbird [2012.07.04 23:02:53 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\TS3Client [2012.02.22 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\Unified Remote [2012.06.21 23:47:32 | 000,000,000 | ---D | M] -- C:\Users\H5N1\AppData\Roaming\uTorrent [2012.07.04 23:37:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:1FB1CEE3 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > Extras: Code:
ATTFilter OTL Extras logfile created on: 13.07.2012 16:27:00 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = D:\virus
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 75,81% Memory free
4,00 Gb Paging File | 3,63 Gb Available in Paging File | 90,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,18 Gb Total Space | 12,80 Gb Free Space | 20,26% Space Free | Partition Type: NTFS
Drive D: | 9,77 Gb Total Space | 2,77 Gb Free Space | 28,32% Space Free | Partition Type: NTFS
Drive E: | 58,99 Gb Total Space | 58,99 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: H5N1-PC | User Name: H5N1 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15A65F25-B4B8-4D65-AEC0-0FF4EEAD55C7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18A2676C-6B01-4AA4-A17A-24C21CEEE3C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A4FF481-0A94-4AD1-88A4-6864ACD8A255}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33610005-406E-4075-8EA3-FE5B92F59073}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40083E52-9FE0-48CC-8339-BDDA9C60E5ED}" = lport=10243 | protocol=6 | dir=in | app=system |
"{52A8DF47-58EF-4E72-981C-BD614CAEEE46}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5CFCFD4D-F365-41E0-9650-63FF01E434D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60736848-B0BE-4749-8BED-1A953B44990F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7067BD81-8110-4497-984C-20E93384D254}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{718E802F-C668-42C6-9930-0899985C87B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A52311F-90FB-403D-B352-7BA524C0AF4C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D1F4DF8-A4FD-460B-B904-DB99A95C5184}" = lport=5031 | protocol=17 | dir=in | name=avm tapi services for fritz!box - udp 5031 |
"{88BBC038-38E1-4080-BC86-64761774F252}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96F97A64-B443-4310-8CD4-849D5DB63BBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BC429D8-A8F7-4180-A895-73BD66CF1475}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AAEB5AD0-867E-4058-8571-D306742C35B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD958AB-2B66-449E-A995-1728F3ABA94E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CDF79256-6DAD-4A0D-BD00-518DBB2290CA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F89853A2-7072-4DD4-9EA9-814211CAC691}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE9A68E8-FBF2-493F-AFC1-DA38C012D55D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01265F57-F5A4-4E6B-A22B-561753E93FBB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{025B2541-31AA-4F0C-97DF-A1F203C7DEDF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08DFE640-D10C-481F-A95D-713200403F6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A8878A8-D9AF-4E21-9E9F-62C9F136E3B4}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{16DAF8ED-51FC-482A-A793-0317A24DE7C0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1873B207-F569-4BA6-AD79-2899A7D0D233}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{1C6A1BB5-1C21-4E4E-87F3-38062E26631E}" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"{1F4D1CDE-D9C9-47AA-8ABC-C5213ECE7CB2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2401B6EE-2193-4722-840B-34C5D3678497}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{273B9769-C52C-49B3-8C98-AC7E8291105D}" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"{2984F3F9-3284-4C2E-B854-8971F2694FE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{301095E1-6D29-4CFA-A227-03B19FF9CC22}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{3C9FCC4E-02EA-4B34-A861-9F45C09D14A9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3D8B89F3-9ED2-402E-ADDA-77D52AC02B1C}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{43320E8A-D2B8-46CE-8DE3-A107030938B7}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{4D9D2A4E-D640-4874-96A3-D66E37192678}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{54BD3257-A16E-47C2-A008-02AE2F9C9935}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{5761AEEF-561B-4D26-9C72-C63B97315E65}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5CB77536-A400-4C92-9C71-3304E310D464}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{5D399613-380A-41A7-A561-A5511289F6C7}" = protocol=17 | dir=in | app=c:\users\h5n1\appdata\roaming\dropbox\bin\dropbox.exe |
"{5E2D990D-7F94-4788-95F8-3652C29906CC}" = protocol=17 | dir=in | app=c:\users\h5n1\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"{62C40BC7-B5C5-41DE-A344-FA98A783DBE1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{67388531-32A1-47BF-8BDE-A1B83CF4A9DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A36A3CB-AE01-4F77-B2DD-840FC41E1F38}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{78BC0C4A-C011-4F63-B0D2-E929092155A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78F679F0-C0CC-4782-BC3C-F6616C8F0C13}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{7A34BACB-E827-483B-A224-1FD3DA5454A8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{7B3681E4-36E4-4480-A491-DB85A738897F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{802C1661-F838-4EBF-9A97-818E8ADE3845}" = protocol=6 | dir=in | app=c:\users\h5n1\appdata\roaming\dropbox\bin\dropbox.exe |
"{8068703D-7C70-4029-9E0F-FDEE11F12E0F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{852777E7-A9EF-4E9C-AB06-26234220E331}" = protocol=6 | dir=in | app=c:\users\h5n1\appdata\roaming\dropbox\bin\dropbox.exe |
"{893DD1EC-25F9-4BF7-A18E-FB5102239919}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{8FB40081-DEEC-4BB5-9FFF-B2C983C84297}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{9220FB8F-2775-4732-ADAB-49452B00C1D1}" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"{9D15A9D8-E3C6-46A0-94F0-82C26102727F}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{9D512825-252A-4558-A676-44C414710F9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0D2193D-F994-403A-8BFB-138ABA1BC0DE}" = protocol=6 | dir=in | app=c:\users\h5n1\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"{B3CB6F70-A208-4A76-A237-C3BA57CA90F2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B777AD75-DC17-41C6-B782-483B63D4D58E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B862E207-87E8-4411-8C4E-9C10D01CC030}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C953783E-3C3B-4E45-A320-21A4E00206F2}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{CBEDB772-2DCC-4D90-AAC7-33F74942A2F3}" = protocol=6 | dir=out | app=system |
"{CCF7D754-CA76-45CA-B7F9-34DC86D067F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DEBD8699-16A3-471A-BF5D-08CACBAC6A24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DF85D3E8-BD3F-4297-9ADD-83935FF47A4F}" = protocol=17 | dir=in | app=c:\users\h5n1\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0CCC8D6-2FE1-4EE2-893E-76B18B4086E7}" = protocol=6 | dir=in | app=c:\users\h5n1\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"{E2EE1BB1-1725-4315-817E-86B4C42F7B1F}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{E41CE29A-6CCC-48BC-814E-CAC85BB86E12}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E5F78E25-BFD4-47AA-9592-B4D08508A5FA}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{E89AFB31-3C70-4508-A224-46E9B9E3E9C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F6DCEF89-2333-4C55-ACD7-79DF2E0647E6}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{F791AC33-BDCB-447B-AD44-2DD0E1ED92BA}" = protocol=17 | dir=in | app=c:\users\h5n1\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe |
"{FA35FC01-45C2-46F2-B14B-2C5375A6EF26}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{FD72CB54-3B83-45EA-BABF-016A0C9C6114}" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"{FE61280C-B878-4C45-80EA-C4EAD0B5159F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF349A30-EF61-47F5-A487-E08D30159EDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0E50699E-C4D1-4E35-9585-0987D1BC11EE}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{16588292-33B0-425C-AECA-F015DFB1E237}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{17615676-053E-4172-B992-3F8898A8746D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{232ED3CB-7645-45E8-B4C2-20C7423FDF02}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"TCP Query User{4F3679C4-6F1C-4E98-A5A5-10216EAA4EC6}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{61632AE0-53ED-49E5-AAD1-9974918F08C9}C:\utorrentportable\app\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\utorrentportable\app\utorrent\utorrent.exe |
"TCP Query User{9DC98AFD-CA12-4839-A7B7-26AF434C63D9}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{C5A9E9D7-F6F0-41DB-A329-DD5C27B86F3A}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{EB82957A-A764-4B09-BC5B-FC3604BF612D}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{3AD30358-17EE-4EA9-B19F-1BA8C6548935}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"UDP Query User{59C1B0D7-7E88-471A-BC48-99DE867326C6}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{6902ADF9-8E01-467F-8301-8F70E0CF62F2}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"UDP Query User{7AF72C45-0406-4F63-8665-EF2F306C3B61}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{84AF159C-C821-4FD3-9CC0-D57B5ECDEC90}C:\program files\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"UDP Query User{8677E073-A429-4D26-BF15-FE822A4F347C}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"UDP Query User{87033996-6592-491F-8DBF-507F07AE06F4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A83DC2E1-6046-4F47-9768-FFD0ED6BE83A}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{C2A69008-CDAF-4339-9DC8-E1E0EACBAD9F}C:\utorrentportable\app\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\utorrentportable\app\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0BC8B21E-EB38-4174-827B-89A5F80E8DDA}" = GraphicsSwitch
"{1143F758-929B-4EEB-8784-46CCB622F037}_is1" = Repetier-Host Version 0.50
"{13C4E8F0-B747-4C7C-9090-884832F9F90A}" = Proteus 7 Professional
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.0000
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1843F3-84BE-4D87-9B4E-AA0BF7611DC4}" = WinDS3
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1" = BASCOM-AVR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{611E3800-CE31-4953-8AD4-5657B6EE7ACF}" = Oracle VM VirtualBox 4.1.8
"{666524AE-8EFB-4992-ABE5-C52A62C92407}" = ET Starter Pro
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{75F509C3-5F01-48C1-ACB9-B9B38A952E6C}" = Unified Remote
"{7A5508A1-15C9-4755-B9E8-2C6C6E0EDF14}_is1" = NetServer 1.03
"{7D6DDE45-FE2F-4D11-A7E7-BC2C2910536C}" = USB/DVD-Downloadtool für Windows 7
"{7F52EF76-87BF-4C1F-81E1-CC330E73C908}" = DynIP Client for Windows 5.51
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8F3F769D-E9C4-42E5-9B35-82DDCE0790C1}" = Virtual Serial Ports Emulator
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C15D85A8-F74D-41C5-B596-7F9D2FE59F06}" = Google SketchUp Pro 8
"{C30FA2C9-6740-4485-A164-858D2884E154}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG" = AVG 2012
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.19
"DAEMON Tools Lite" = DAEMON Tools Lite
"EAGLE 6.0.0" = EAGLE 6.0.0
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader 5.1
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"IrfanView" = IrfanView (remove only)
"KMLCSV Converter" = KMLCSV Converter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 3.2.0-1
"PokerStars" = PokerStars
"PS3 Media Server" = PS3 Media Server
"PSPad editor_is1" = PSPad editor
"PunkBusterSvc" = PunkBuster Services
"Serial Port Monitor_is1" = Serial Port Monitor 4.1 (Build 4.1.2.293)
"SimpleOCR 3.1" = SimpleOCR 3.1
"SixaxisPairTool_is1" = SixaxisPairTool 0.2.3
"SMAC 2.7" = SMAC 2.7
"Sony Ericsson Easy Hw Tool V - 6.0" = Sony Ericsson Easy Hw Tool V - 6.0
"SpeedFan" = SpeedFan (remove only)
"Sprint-Layout_50_Demo_is1" = Sprint-Layout 5.0 (Demo)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"USB AVR-Lab Tool_is1" = USB AVR-Lab Tool 5.10
"uTorrent" = µTorrent
"Virtual Serial Ports Driver_is1" = Virtual Serial Port Driver 6.9 (6.9.1.134)
"VLC media player" = VLC media player 2.0.1
"WinAVR-20100110" = WinAVR 20100110 (remove only)
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.07.2012 19:24:57 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
Error - 10.07.2012 05:48:51 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
Error - 10.07.2012 19:07:39 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
Error - 11.07.2012 06:02:21 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
Error - 11.07.2012 18:41:31 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
Error - 12.07.2012 00:47:27 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
Error - 12.07.2012 04:36:51 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
Error - 12.07.2012 08:30:55 | Computer Name = H5N1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ET.exe, Version: 0.0.0.0, Zeitstempel:
0x3ed36bc2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x20f30b7f ID des fehlerhaften Prozesses:
0x1f98 Startzeit der fehlerhaften Anwendung: 0x01cd6027ec702c6c Pfad der fehlerhaften
Anwendung: C:\Program Files\Wolfenstein - Enemy Territory\ET.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 6c900d2e-cc1d-11e1-81e5-dcbcdf46d940
Error - 12.07.2012 11:23:19 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
Error - 12.07.2012 23:04:22 | Computer Name = H5N1-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 18.05.2012 05:29:58 | Computer Name = H5N1-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 18.05.2012 19:07:20 | Computer Name = H5N1-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst btwdins erreicht.
Error - 19.05.2012 02:17:31 | Computer Name = H5N1-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 20.05.2012 07:53:56 | Computer Name = H5N1-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.103 registriert werden. Der Computer mit IP-Adresse 192.168.2.102
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 20.05.2012 07:53:57 | Computer Name = H5N1-PC | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.103 registriert werden. Der Computer mit IP-Adresse 192.168.2.102
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 21.05.2012 09:51:34 | Computer Name = H5N1-PC | Source = BROWSER | ID = 8032
Description =
Error - 21.05.2012 14:46:05 | Computer Name = H5N1-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 22.05.2012 00:29:52 | Computer Name = H5N1-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 22.05.2012 04:11:31 | Computer Name = H5N1-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst btwdins erreicht.
Error - 22.05.2012 04:11:33 | Computer Name = H5N1-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-13 19:02:27
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250315AS rev.0003SDM1
Running: 4dfwrwj6.exe; Driver: C:\Users\H5N1\AppData\Local\Temp\kxldipog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82299599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822BE092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000063 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc9effb
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc9effb@000e07aae32e 0xF6 0xCC 0xEF 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dc9effb@902155218b71 0x89 0xF3 0x57 0x51 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc9effb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc9effb@000e07aae32e 0xF6 0xCC 0xEF 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dc9effb@902155218b71 0x89 0xF3 0x57 0x51 ...
---- EOF - GMER 1.0.15 ----
Ich hoffe ihr könnt mir helfen, ach da bin ich mir sicher! Bedanke mich schon mal und wünsche noch einen schönen Freitag. Gruss Mojo |
|
14.07.2012, 17:17
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei: Ihr Computer wurde.... wie entfernen? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
| Themen zu Bundespolizei: Ihr Computer wurde.... wie entfernen? |
| 7-zip, adblock, alternate, application/pdf:, bho, computer, converter, desktop, entfernen, error, firefox, flash player, format, google, google earth, helper, heuristiks/extra, heuristiks/shuriken, homepage, install.exe, internet, internet explorer, ip-adresse, jdownloader, langs, libusb0.sys, lightning, locker, logfile, mozilla, msiexec.exe, myphoneexplorer, nvpciflt.sys, plug-in, registry, registry cleaner, rundll, searchscopes, security, sketchup, software, spyware, super, svchost.exe, sweetpacks, teamspeak, trojan.agent.ge, trojaner/virus, udp, virtualbox, wie entfernen, wie entfernen?, windows |
Linear-Darstellung
