Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Bundespolizei-Trojan

Bundespolizei-Trojan


Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojan

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.07.2012, 20:18   #1
Neven
 
Bundespolizei-Trojan - Standard

Bundespolizei-Trojan


Ich bin heute von dem Mist infiziert worden (Win XP sp3). Habe System Restore im Safe Mode gemacht. Konnte dann wieder im Normal Mode starten und habe dann mit Malwarebytes gescannt:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Neven :: ACROPOLIS [administrator]

19.07.2012 18:45:52
mbam-log-2012-07-19 (21-08-09).txt

Scan type: Full scan (C:\|D:\|F:\|M:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342550
Time elapsed: 1 hour(s), 10 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Neven\Local Settings\Temp\toip0_tmp.exe (Spyware.Zbot.DG) -> No action taken.

(end)
Also Spyware.Zbot.DG gefunden. Ich habe noch nichts gemacht.

Habe auch mit OTL gescannt:

Code:
ATTFilter
OTL logfile created on: 19.07.2012 21:09:00 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\Neven\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 26,43% Memory free
3,60 Gb Paging File | 2,58 Gb Available in Paging File | 71,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 4,63 Gb Free Space | 11,84% Space Free | Partition Type: NTFS
Drive D: | 20,55 Gb Total Space | 1,63 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive F: | 53,83 Gb Total Space | 13,89 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
Drive M: | 132,47 Gb Total Space | 15,95 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
 
Computer Name: ACROPOLIS | User Name: Neven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 20:03:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neven\Desktop\OTL.exe
PRC - [2012.07.18 11:09:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.07.18 10:57:47 | 000,400,352 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.05.20 17:00:57 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.07.24 09:51:16 | 004,334,272 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.19 02:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
PRC - [2007.06.27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.02.07 00:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2006.02.02 22:11:22 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006.01.22 12:45:08 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2005.02.16 16:15:20 | 000,581,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 18:38:48 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Neven\Local Settings\Temp\sfamcc00001.dll
MOD - [2012.07.19 18:38:47 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Neven\Local Settings\Temp\sfareca00001.dll
MOD - [2012.07.19 09:06:41 | 001,784,320 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12071901\algo.dll
MOD - [2012.07.18 11:09:18 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.07.18 10:58:01 | 001,936,352 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2012.07.18 10:58:00 | 000,162,784 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.07.18 10:58:00 | 000,021,984 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.07.12 13:26:39 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.04.30 22:17:11 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.11.03 17:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.08 17:15:40 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010.09.07 17:27:52 | 000,188,976 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll
MOD - [2010.09.07 17:13:40 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll
MOD - [2010.08.16 00:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008.03.19 02:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\jsd.dll
MOD - [2008.03.19 02:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\js32.dll
MOD - [2008.01.09 00:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files\Yahoo!\Widgets\sqlite3.dll
MOD - [2006.01.25 11:27:42 | 000,241,664 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\iptk.dll
MOD - [2006.01.22 12:47:36 | 000,684,032 | ---- | M] () -- C:\WINDOWS\system32\lxcrdrs.dll
MOD - [2006.01.22 12:45:08 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
MOD - [2006.01.22 12:44:34 | 000,274,432 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrscw.dll
MOD - [2006.01.12 09:20:04 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
MOD - [2005.12.29 10:34:22 | 000,143,360 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrdrec.dll
MOD - [2005.12.20 11:54:04 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\lxcrcnv4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 11:09:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 13:26:40 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006.02.02 22:11:22 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\system32\lxcrcoms.exe -- (lxcr_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.07.19 18:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.12.03 11:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.10.25 09:11:34 | 000,010,828 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbkey.sys -- (USBKey)
DRV - [2010.09.11 04:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.07.09 13:18:54 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010.05.11 12:00:34 | 000,020,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009.07.20 13:08:26 | 005,795,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.05.25 09:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.04.22 14:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009.04.22 14:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.02.09 02:32:16 | 000,022,328 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007.10.11 15:40:00 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.01.31 14:21:48 | 000,025,900 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.guardian.co.uk/environment
IE - HKCU\..\SearchScopes,DefaultScope = {1900ED55-EEF8-400E-986C-A7E248558580}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1900ED55-EEF8-400E-986C-A7E248558580}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.guardian.co.uk/environment"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Neven\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.30 11:50:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 11:09:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 13:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.19 10:46:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.12 13:28:53 | 000,000,000 | ---D | M]
 
[2011.03.24 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Extensions
[2010.10.24 08:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.05 19:09:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions
[2012.03.30 16:04:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.17 12:57:19 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2012.02.20 10:26:20 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\dictionary-switcher@design-noir.de
[2011.04.17 12:57:19 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011.10.08 11:49:46 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
[2012.03.21 20:54:12 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Documents and Settings\Neven\Application Data\Mozilla\Firefox\Profiles\qikr6udx.default\extensions\nl-NL@dictionaries.addons.mozilla.org
[2012.05.27 21:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.02.20 14:08:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.07.07 17:55:18 | 000,041,878 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\NEVEN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QIKR6UDX.DEFAULT\EXTENSIONS\{546D2A00-2BBF-11DC-8314-0800200C9A66}.XPI
[2011.12.30 11:50:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2010.10.25 14:27:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.07.18 11:09:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.09 10:37:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2012.02.25 16:00:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.25 16:00:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\Application\9.0.597.98\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Neven\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Current Commodities = C:\Documents and Settings\Neven\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmjbibcbljbkocjhkdhpgpnpfampcijn\1.0_0\
 
O1 HOSTS File: ([2010.10.24 06:43:48 | 000,000,781 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Neven\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Neven\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Neven\Start Menu\Programs\Startup\SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - Startup: C:\Documents and Settings\Neven\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287897241375 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1AF8241-64D8-4D49-A8FE-58567792EBF5}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Neven\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Neven\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.06 00:04:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 20:03:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Neven\Desktop\OTL.exe
[2012.07.19 18:44:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.14 14:06:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neven\Desktop\Eden's Island – Eden Ahbez
[2012.07.10 17:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neven\Desktop\mano negra - discographie
[2012.07.02 13:32:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neven\Start Menu\Programs\Tivola
[2012.06.27 09:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Neven\Application Data\Opera
[2010.11.09 16:39:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Neven\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 21:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.19 20:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.19 20:09:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 20:05:45 | 000,624,883 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\adwcleaner.exe
[2012.07.19 20:03:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Neven\Desktop\OTL.exe
[2012.07.19 20:00:37 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Data.job
[2012.07.19 18:45:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.19 18:44:52 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.19 18:38:21 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012.07.19 18:38:20 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.07.19 18:33:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.19 18:27:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.19 18:21:27 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012.07.19 18:21:22 | 004,503,728 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pmt_0piot.pad
[2012.07.19 14:57:51 | 000,109,056 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\AUX QUATRE COINS DU MONDE_SAISON2_EP1_LA GUERRE DES SAINTES - DUT.STL
[2012.07.19 10:35:18 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.18 16:08:44 | 000,010,810 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\rhhf.jpeg
[2012.07.18 14:26:50 | 000,627,624 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b+GW.skp
[2012.07.17 16:21:11 | 000,625,637 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\AutoSave_MBS 59b.skp
[2012.07.17 00:05:19 | 000,122,368 | ---- | M] () -- C:\Documents and Settings\Neven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.16 21:05:35 | 004,810,027 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59a.skp
[2012.07.16 21:05:23 | 004,810,243 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59a.skb
[2012.07.16 21:05:09 | 000,625,555 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b.skp
[2012.07.14 20:35:50 | 000,631,205 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b.skb
[2012.07.14 14:46:04 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.13 19:39:07 | 000,096,640 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Carnets du bourlingueur - Ep03 - Naufrage gare aux requins VM.STL
[2012.07.12 13:26:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.12 13:26:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.12 11:15:34 | 000,573,877 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Kienast2.jpg
[2012.07.12 11:11:34 | 000,529,086 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Kienast1.jpg
[2012.07.11 19:42:41 | 000,131,456 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - Ep16 - DUT.STL
[2012.07.11 19:17:57 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.11 10:39:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.10 19:22:16 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\AUX QUATRE COINS DU MONDE_SAISON2_EP1_LA GUERRE DES SAINTES - VM simulé.stl
[2012.07.10 12:44:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012.07.10 10:28:56 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Passe-moi les jumelles - EP 02 - La vie des autres - DUT.STL
[2012.07.09 20:30:27 | 000,022,522 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Brandstof Combo.ods
[2012.07.05 19:41:04 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\Passe-moi les jumelles - EP 02 - La vie des autres - VM.stl
[2012.07.05 19:39:45 | 000,134,784 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - Ep16 VM.STL
[2012.07.05 04:21:48 | 000,115,584 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - EP 15 - DUT.STL
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.02 13:32:16 | 000,000,033 | ---- | M] () -- C:\WINDOWS\Oscar4.ini
[2012.07.01 13:41:32 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - EP 15 - VM.STL
[2012.07.01 12:41:35 | 003,623,009 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\04 Everything Remains Raw.mp3
[2012.06.27 08:39:14 | 781,410,304 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\BBC.Horizon.2009.How.Many.People.Can.Live.on.Planet.Earth.PDTV.XviD.AC3.MVGroup.org.avi
[2012.06.26 17:11:50 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\Neven\Desktop\URBANIA_QUEBEC_S3_Episode 5 VM Simulé.stl
[2012.06.22 17:58:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.19 20:05:45 | 000,624,883 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\adwcleaner.exe
[2012.07.19 18:15:20 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pmt_0piot.pad
[2012.07.18 16:08:43 | 000,010,810 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\rhhf.jpeg
[2012.07.18 14:26:50 | 000,627,624 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b+GW.skp
[2012.07.17 16:21:11 | 000,625,637 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\AutoSave_MBS 59b.skp
[2012.07.14 20:40:21 | 000,109,056 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\AUX QUATRE COINS DU MONDE_SAISON2_EP1_LA GUERRE DES SAINTES - DUT.STL
[2012.07.14 20:35:50 | 000,631,205 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b.skb
[2012.07.14 11:56:58 | 000,625,555 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\MBS 59b.skp
[2012.07.13 19:39:06 | 000,096,640 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Carnets du bourlingueur - Ep03 - Naufrage gare aux requins VM.STL
[2012.07.12 11:15:32 | 000,573,877 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Kienast2.jpg
[2012.07.12 11:11:30 | 000,529,086 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Kienast1.jpg
[2012.07.10 10:47:19 | 000,131,456 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - Ep16 - DUT.STL
[2012.07.09 11:07:15 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\AUX QUATRE COINS DU MONDE_SAISON2_EP1_LA GUERRE DES SAINTES - VM simulé.stl
[2012.07.07 14:06:42 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Passe-moi les jumelles - EP 02 - La vie des autres - DUT.STL
[2012.07.05 19:41:04 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\Passe-moi les jumelles - EP 02 - La vie des autres - VM.stl
[2012.07.05 19:39:44 | 000,134,784 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - Ep16 VM.STL
[2012.07.03 13:09:25 | 000,183,040 | ---- | C] () -- C:\WINDOWS\PI.EXE
[2012.07.02 13:32:16 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Oscar4.ini
[2012.07.01 13:41:49 | 000,115,584 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - EP 15 - DUT.STL
[2012.06.30 10:13:04 | 003,623,009 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\04 Everything Remains Raw.mp3
[2012.06.29 18:34:24 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\D6bels on stage - EP 15 - VM.STL
[2012.06.26 17:11:49 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\URBANIA_QUEBEC_S3_Episode 5 VM Simulé.stl
[2012.06.24 13:35:06 | 781,410,304 | ---- | C] () -- C:\Documents and Settings\Neven\Desktop\BBC.Horizon.2009.How.Many.People.Can.Live.on.Planet.Earth.PDTV.XviD.AC3.MVGroup.org.avi
[2012.06.22 17:58:10 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012.02.16 17:48:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.11 16:42:02 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Neven\Local Settings\Application Data\PUTTY.RND
[2011.06.28 17:44:15 | 000,001,795 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\SAS7_000.DAT
[2011.06.28 17:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2011.05.27 12:54:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.27 12:54:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011.04.17 10:36:51 | 000,000,014 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2010.11.22 19:12:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.11.09 16:45:32 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\AutoGK.ini
[2010.11.09 16:39:46 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\inst.exe
[2010.11.09 16:39:46 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\pcouffin.cat
[2010.11.09 16:39:45 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Neven\Application Data\pcouffin.inf
[2010.10.26 13:08:41 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2010.10.26 13:08:40 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2010.10.26 13:08:40 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2010.10.26 13:08:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2010.10.26 13:08:23 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2010.10.26 13:08:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2010.10.26 13:08:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2010.10.26 13:08:10 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2010.10.26 13:08:10 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2010.10.26 13:08:10 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2010.10.26 13:08:10 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2010.10.26 13:08:10 | 000,495,616 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcoms.exe
[2010.10.26 13:08:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2010.10.26 13:08:10 | 000,380,928 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrih.exe
[2010.10.26 13:08:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2010.10.26 13:08:10 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2010.10.26 13:08:10 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2010.10.26 11:16:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.25 21:49:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.25 21:03:04 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.10.25 21:03:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.10.25 20:59:42 | 001,663,488 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010.10.25 20:59:42 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010.10.25 20:59:42 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010.10.25 20:59:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010.10.25 20:59:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010.10.25 18:14:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.10.25 18:14:21 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010.10.25 18:14:21 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010.10.25 18:14:21 | 000,224,342 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.10.25 18:14:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010.10.25 18:14:21 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.10.25 18:08:35 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.25 17:44:55 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.10.25 09:11:34 | 000,010,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbkey.sys
[2010.10.25 09:11:34 | 000,004,990 | ---- | C] () -- C:\WINDOWS\System32\ukeyvdd.dll
[2010.10.24 23:20:00 | 000,122,368 | ---- | C] () -- C:\Documents and Settings\Neven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.06 00:49:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Neven\initdebug.nfo

< End of report >
Ich hoffe jemand kann mir helfen. Vielen Dank im Voraus.

Da war auch noch einen Extras.txt von OLT dabei:

Code:
ATTFilter
OTL Extras logfile created on: 19.07.2012 21:09:00 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Documents and Settings\Neven\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,46 Gb Available Physical Memory | 26,43% Memory free
3,60 Gb Paging File | 2,58 Gb Available in Paging File | 71,67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,07 Gb Total Space | 4,63 Gb Free Space | 11,84% Space Free | Partition Type: NTFS
Drive D: | 20,55 Gb Total Space | 1,63 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
Drive F: | 53,83 Gb Total Space | 13,89 Gb Free Space | 25,80% Space Free | Partition Type: NTFS
Drive M: | 132,47 Gb Total Space | 15,95 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
 
Computer Name: ACROPOLIS | User Name: Neven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LeechFTP\Leechftp.exe" = C:\Program Files\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP -- (jan debis)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\WINDOWS\system32\lxcrcoms.exe" = C:\WINDOWS\system32\lxcrcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\Neven\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Neven\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023C9E50-C216-4E7A-A8A5-3457DE58106C}" = Catalyst Control Center - Branding
"{03D8A0D6-8455-B550-A808-391C82127447}" = CCC Help Greek
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{09756AF6-AFAD-EF82-AB78-3297FD81E821}" = CCC Help Japanese
"{10CD9AF7-5D3A-2772-F617-8BD9D82EC3A3}" = CCC Help Dutch
"{1447E6D2-1015-AE95-5976-E15EF8684347}" = CCC Help Portuguese
"{17B4113F-D6AA-3970-127A-C09D10886EB0}" = CCC Help German
"{187DC7F2-3C76-62C6-575B-03EC8B9B0BC8}" = Catalyst Control Center Graphics Full Existing
"{1A4B2698-683C-769B-7E67-339F23858DEB}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200BFFBD-3B5F-47C7-F6DB-3162EF559880}" = Skins
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2964F96C-FC72-4F97-9A71-88795BFD91A1}_is1" = 2011c
"{337A4845-48F0-3363-4424-5047FD6AB456}" = CCC Help Hungarian
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511CD3D6-8A90-8D4F-B16B-DA80BD0E0FBE}" = CCC Help Turkish
"{53C06EDE-6FB0-643E-7193-7053F9C7190A}" = ccc-utility
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C9C1AD9-CBA2-8EBD-8252-D39F40C29F4B}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63717D97-103F-4310-E8E9-22F26F9E2C38}" = CCC Help Korean
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A13436F-4D18-D4B5-181E-B6AC603BFED7}" = CCC Help Czech
"{6C878433-FDDC-6C9E-2E6C-55F979761B30}" = Catalyst Control Center Core Implementation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E0696CF-2869-578B-F8AB-C82B80F9EF12}" = CCC Help Italian
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90A8E958-F3F9-CE7C-B084-F90B8F40F3C3}" = Catalyst Control Center Graphics Light
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A51026AB-F833-413F-5BB3-AE1B3CF3F539}" = ccc-core-static
"{A879106A-9275-0397-CA14-76B24943ACE3}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{B22C04E5-C923-94E2-A33A-25B988686934}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7C58F3A-7E49-453E-918D-587FEA66CA0D}" = Spot 4.4
"{BB6BB891-CA30-060D-5D63-860F59DBD29D}" = CCC Help Spanish
"{BFB91468-460B-68B6-C666-BB5CC09BC93B}" = Catalyst Control Center Localization All
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{CF287D73-E32C-19C1-E895-2EC4BC7334AE}" = CCC Help Chinese Traditional
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D85D835B-E26E-99E0-CB4E-9DEA34EC19FD}" = CCC Help Russian
"{DA57EFCC-90DA-A202-9AC8-A1278918F481}" = CCC Help Polish
"{DCB51FBC-68AD-42FF-8426-199F1FE2C4F5}" = AMD USB Filter Driver
"{DD97597E-7AB9-8A67-5C18-31015D91B337}" = ccc-core-preinstall
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{E2958428-E345-CB5E-239D-FE031BDA3A89}" = CCC Help Chinese Standard
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA36EFF1-DFB9-E5A7-29C0-9DBAF7EBAEF6}" = CCC Help English
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3A4A3DA-D7E8-C3CD-966D-9B57762739FF}" = CCC Help French
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8C3DA4D-3837-50E7-10B2-0EE0D656B63C}" = CCC Help Danish
"{F943B1DF-711F-7D8E-3257-ED05026895E1}" = Catalyst Control Center InstallProxy
"{FFB7426F-1531-6AB4-BFB9-3CC1336FE406}" = CCC Help Norwegian
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AMP Font Viewer" = AMP Font Viewer
"Audacity_is1" = Audacity 1.2.6
"AutoBauDeinstKey" = Autos bauen mit Willy Werkel
"AutoGK" = Auto Gordian Knot 2.55
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Cool Timer_is1" = Cool Timer 3.6
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"Easy GIF Animator Cracked by zoo_is1" = Easy GIF Animator 5.2
"Easy Thumbnails_is1" = Easy Thumbnails (Remove only)
"ExtractNow_is1" = ExtractNow
"FileZilla Client" = FileZilla Client 3.3.0.1
"FormatFactory" = FormatFactory 2.50
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.22.602
"Glary Utilities_is1" = Glary Utilities 2.44.0.1450
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Lexmark 2400 Series" = Lexmark 2400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Thunderbird 14.0 (x86 en-US)" = Mozilla Thunderbird 14.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"Oscar der Ballonfahrer und die Abenteuer der Wiese" = Oscar der Ballonfahrer und die Abenteuer der Wiese
"PowerISO" = PowerISO
"Recordpad" = RecordPad Sound Recorder
"SopCast" = SopCast 3.5.0
"SpeedFan" = SpeedFan (remove only)
"Switch" = Switch Sound File Converter
"SyncBack_is1" = SyncBack
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"Van Dale Grote woordenboeken Duits" = Van Dale Grote woordenboeken Duits
"Van Dale Grote woordenboeken Engels" = Van Dale Grote woordenboeken Engels
"Van Dale Grote woordenboeken Frans" = Van Dale Grote woordenboeken Frans
"Van Dale Grote woordenboeken Spaans" = Van Dale Grote woordenboeken Spaans
"vdegwn.exe" = Van Dale Groot woordenboek van de Nederlandse taal 14
"VLC media player" = VLC media player 1.1.11
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WXDecoder" = WXDecoder
"XMedia Recode" = XMedia Recode 3.0.5.6
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Integrated Data Viewer" = Integrated Data Viewer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2012 13:26:01 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 04.07.2012 07:26:03 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
 
Error - 07.07.2012 10:26:01 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 11.07.2012 07:26:02 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.262,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 14.07.2012 15:26:02 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113c0.
 
Error - 15.07.2012 05:41:42 | Computer Name = ACROPOLIS | Source = Application Hang | ID = 1002
Description = Hanging application spot.exe, version 4.4.0.20, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 15.07.2012 11:26:01 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 16.07.2012 11:26:02 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 16.07.2012 19:26:00 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
Error - 17.07.2012 15:26:02 | Computer Name = ACROPOLIS | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerUpdateService.exe, version 11.3.300.265,
 faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000113b5.
 
[ System Events ]
Error - 19.07.2012 04:35:54 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 19.07.2012 12:21:33 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 19.07.2012 12:30:02 | Computer Name = ACROPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 19.07.2012 12:30:56 | Computer Name = ACROPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 19.07.2012 12:38:14 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.
 
Error - 19.07.2012 12:38:14 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
 error:   %%1058
 
Error - 19.07.2012 12:38:19 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 19.07.2012 12:38:20 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 19.07.2012 12:38:20 | Computer Name = ACROPOLIS | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 19.07.2012 14:29:51 | Computer Name = ACROPOLIS | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000007F'
 while processing the file 'desktop.ini' on the volume 'HarddiskVolume5'.  It has
 stopped monitoring the volume.
 
 
< End of report >

 

Themen zu Bundespolizei-Trojan
7-zip, ad-aware, administrator, adobe, adobe flash player, antivirus, audacity, avast, cpu-z, desktop.ini, explorer, file, firefox, flash player, format, google earth, helper, infiziert, installation, mozilla, ntdll.dll, plug-in, poweriso, realtek, registry, remote control, searchscopes, sketchup, software, starten, system, temp, win32:sirefef-btt, windows internet


« GVU Trojaner eingefangen | GVU - Trojaner »


Ähnliche Themen: Bundespolizei-Trojan


  1. [Win XP] botnet: ntp-muliplier; desinfect: Trojan.Script.Iframer, Trojan.Heur.TP, Win.Trojan.Iniduoh, Win.Trojan.Ramnit
    Log-Analyse und Auswertung - 08.02.2014 (16)
  2. Bundespolizei, cache.dat (Trojan.Gen), Advertising Center?
    Log-Analyse und Auswertung - 25.10.2013 (5)
  3. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  4. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  5. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  6. Bundespolizei-Trojaner, Trojan.Ransom.SUGen und Exploit.Drop.GS
    Log-Analyse und Auswertung - 07.01.2013 (10)
  7. Trojan.Ramson / Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (15)
  8. Verschlüsselungstrojaner "Bundespolizei" Trojan.Vundo
    Log-Analyse und Auswertung - 08.10.2012 (17)
  9. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  10. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  11. Gesperrt durch Bundespolizei (Trojan.Phex.THAGen7 gefunden)
    Log-Analyse und Auswertung - 06.08.2012 (11)
  12. Viren (EXP/CVE-2012-0507.BR; Trojan.Agent.Gen; HEUR/SystemFile.modified) nach Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 30.07.2012 (9)
  13. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  14. Trojan.Ransom.Gen (Bundespolizei-Virus)
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (19)
  15. Trojan.Agent, Trojan.FakeAltert, Trojan.Hiloti.Gen gefunden und gelöscht,aber wirklich weg?
    Log-Analyse und Auswertung - 27.04.2011 (11)
  16. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  17. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei-Trojan - Ich bin heute von dem Mist infiziert worden (Win XP sp3). Habe System Restore im Safe Mode gemacht. Konnte dann wieder im Normal Mode starten und habe dann mit Malwarebytes - Bundespolizei-Trojan...
Archiv
Du betrachtest: Bundespolizei-Trojan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19