| |
| |||||||
Log-Analyse und Auswertung: 20. BKA-Klon als Osterreich-AusgabeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.08.2012, 17:52
| #1 |
 |  20. BKA-Klon als Osterreich-Ausgabe Hallo zusammen! Jetzt ist die "Polizei" auch meinen üblen Machenschaften auf die Schliche gekommen und will mich mit 100EUR davonkommen lassen. Die sind ganzschön dumm bei dem was ich alles auf dem Kerbholz habe! Spaß beiseite .. hab mir was eingefangen und will mir das neu Aufsetzen sparen, da Original-CD momentan nicht auffindbar. Da hier schon diversen Leuten mit dem gleichen Problem geholfen wurde .. vielleicht geht noch einer mehr? Büüüddeeee  Malwarebytes Antimalware hat interessanterweise nichts gefunden, aber sobald ich Internet anstecke kommt die typische Einblendung und ich kann nur mehr über den Affengriff runterfahren. Beim Ausführen von Antimalware kamen beim Laden des programms 2 Fehlermeldungen mit kryptischen Infos ... denke aber das war weil das Update nicht gefunzt hat. Der Scan lief dann ganz normal durch. Hier die OTL-Logs (Das da Namen drinstehn is mir egal, da das nur der Vorbesitzer ist  )OTL.txt Code:
ATTFilter OTL logfile created on: 02.08.2012 16:29:46 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Werner Beyer\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,66% Memory free 5,98 Gb Paging File | 4,98 Gb Available in Paging File | 83,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 296,10 Gb Total Space | 209,80 Gb Free Space | 70,86% Space Free | Partition Type: NTFS Drive D: | 1,99 Gb Total Space | 1,96 Gb Free Space | 98,71% Space Free | Partition Type: NTFS Drive F: | 120,73 Mb Total Space | 105,09 Mb Free Space | 87,04% Space Free | Partition Type: FAT Computer Name: WERNERBEYER-PC | User Name: Werner Beyer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.31 19:40:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Werner Beyer\Desktop\OTL.exe PRC - [2012.07.11 12:50:47 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.07.11 12:50:46 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.06.02 11:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2012.01.17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe PRC - [2011.09.09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe PRC - [2011.08.18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.05.23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe PRC - [2011.03.16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.03.03 06:12:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.03.03 06:11:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Programme\AirPort\APAgent.exe PRC - [2009.08.19 14:41:26 | 003,618,104 | ---- | M] (brother) -- C:\Programme\Brownie\BrStsWnd.exe PRC - [2009.07.26 16:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2007.11.19 04:19:35 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE PRC - [2007.09.14 10:26:44 | 001,695,744 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe ========== Modules (No Company Name) ========== MOD - [2012.07.31 18:48:07 | 000,278,952 | ---- | M] () -- C:\Users\WERNER~1\AppData\Local\Temp\deo0_sar.exe MOD - [2012.07.11 12:50:48 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.07.11 12:50:46 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2012.06.17 17:09:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.06.17 17:08:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.17 17:08:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.11 14:14:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 14:13:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.11 14:13:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.11 14:13:22 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.11 14:13:04 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.07 13:47:54 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.04.13 16:11:38 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3713.40579__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.04.13 16:11:38 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3713.40390__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.04.13 16:11:38 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3713.40421__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.04.13 16:11:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3713.40502__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.04.13 16:11:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3713.40413__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.04.13 16:11:38 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3713.40403__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.04.13 16:11:38 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3713.40550__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2010.04.13 16:11:38 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3713.40550__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2010.04.13 16:11:38 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3713.40555__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2010.04.13 16:11:38 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3713.40550__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2010.04.13 16:11:37 | 001,294,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3713.40574__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3713.40458__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,655,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3713.40549__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3713.40531__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.04.13 16:11:37 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3713.40492__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.04.13 16:11:37 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3713.40478__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3713.40422__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3713.40479__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.04.13 16:11:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3713.40457__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3713.40465__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3713.40547__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3713.40402__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3713.40470__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3713.40532__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:37 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3713.40477__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3713.40454__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3713.40465__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.04.13 16:11:37 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3713.40579__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3713.40423__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:36 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3713.40456__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:36 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3713.40450__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:36 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.04.13 16:11:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3713.40455__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3713.40456__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3713.40428__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3713.40467__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.04.13 16:11:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3713.40375__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.04.13 16:11:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.04.13 16:11:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.04.13 16:11:36 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3713.40376__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.04.13 16:11:36 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3713.40382__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.04.13 16:11:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.04.13 16:11:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3713.40377__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.04.13 16:11:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3713.40529__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.04.13 16:11:36 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3713.40382__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.04.13 16:11:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3713.40380__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.04.13 16:11:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3713.40540__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.04.13 16:11:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3713.40389__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.04.13 16:11:36 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3713.40383__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.04.13 16:11:35 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3713.40571__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.04.13 16:11:35 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3713.40515__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.04.13 16:11:35 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3713.40412__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.04.13 16:11:35 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3713.40379__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3713.40523__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.04.13 16:11:35 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3713.40376__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.04.13 16:11:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3713.40520__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.04.13 16:11:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3713.40501__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3713.40386__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.04.13 16:11:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3713.40547__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3713.40444__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3713.40388__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.04.13 16:11:35 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3713.40477__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3713.40417__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3713.40455__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3713.40382__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.04.13 16:11:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3713.40402__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.04.13 16:11:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3713.40540__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.04.13 16:11:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3713.40381__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.04.13 16:11:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3713.40530__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3713.40469__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3713.40379__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.04.13 16:11:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3713.40403__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3713.40522__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.04.13 16:11:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3713.40403__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3713.40417__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3713.40378__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.04.13 16:11:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3713.40464__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3713.40380__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.04.13 16:11:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3713.40378__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.04.13 16:11:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3713.40388__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3713.40377__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.04.13 16:11:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.04.13 16:11:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3713.40412__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.04.13 16:11:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3713.40401__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.04.13 16:11:35 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3713.40411__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.04.13 16:11:35 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3713.40531__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.04.13 16:11:35 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3713.40377__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.04.13 16:11:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3713.40387__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.04.13 16:11:35 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3713.40383__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.04.13 16:11:35 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3713.40388__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.04.13 16:11:35 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3713.40384__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.04.13 16:11:35 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3713.40381__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.04.13 16:11:34 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3713.40397__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.04.13 16:11:34 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3713.40386__90ba9c70f846762e\APM.Server.dll MOD - [2010.04.13 16:11:34 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3713.40384__90ba9c70f846762e\AEM.Server.dll MOD - [2010.04.13 16:11:34 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3713.40395__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.04.13 16:11:34 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.04.13 16:11:34 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3713.40522__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.04.13 16:11:34 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3713.40395__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.04.13 16:11:34 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3713.40419__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.11.24 13:36:36 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2007.09.14 10:26:44 | 001,695,744 | ---- | M] () -- C:\Programme\NETGEAR\WG111v3\WG111v3.exe ========== Win32 Services (SafeList) ========== SRV - [2012.07.11 12:50:47 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.20 15:18:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.03 06:11:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009.04.17 10:09:46 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WERNER~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2011.05.27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.02.22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011.02.10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.02.10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.03.03 06:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2010.03.03 06:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.03.03 05:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.01.28 16:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.11.18 10:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.16 13:53:02 | 000,201,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1295349632&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=3079&id=64855&mkt=de-at&cbcxt=mai&snsc=1 IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 8B A4 AD 01 B7 CB 01 [binary data] IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\SearchScopes,DefaultScope = {8D1C9923-D613-4A30-B8D8-B2C5CE498D46} IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\SearchScopes\{8D1C9923-D613-4A30-B8D8-B2C5CE498D46}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={4820FC2A-2639-4288-B7F4-74BF93500ADB}&mid=d1b280f71b4147d693a2318208b219b1-ee0ab04aca1922b104a4361adfe30cb3ca42d9a7&lang=de&ds=AVG&pr=fr&d=2011-12-12 14:15:32&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012.02.03 15:20:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.11 12:50:54 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-3272449592-697967546-3180331835-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Brdefprn] C:\Program Files\Brother\BRHL2170\Brdefprn.exe () O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [Remote Control Editor] C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TerraTec Remote Control] C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-3272449592-697967546-3180331835-1000..\Run: [] C:\Users\Werner Beyer\AppData\Local\Temp\vohigzkbcn.exe () O4 - HKU\S-1-5-21-3272449592-697967546-3180331835-1000..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B340E25-2430-4CBC-8811-0D0C381438ED}: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC188091-8EFF-4A82-B945-02794776F8BC}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 16:26:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Werner Beyer\Desktop\OTL.exe [2012.07.12 18:03:40 | 000,000,000 | ---D | C] -- C:\babumusik [2012.07.11 17:42:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.11 17:41:59 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.11 17:41:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.11 17:41:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.11 17:41:59 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.11 17:41:58 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 17:41:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.11 17:40:15 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 12:55:00 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.11 12:54:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.11 12:54:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2011.08.23 12:09:11 | 019,893,710 | ---- | C] (Österreichischer Kachelofenverband ) -- C:\Users\Werner Beyer\kob1602_DE_setup.exe ========== Files - Modified Within 30 Days ========== [2012.08.02 16:28:19 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.02 16:28:19 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.02 16:28:19 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.02 16:28:19 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.02 16:26:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 16:26:00 | 000,000,995 | ---- | M] () -- C:\Windows\Brownie.ini [2012.08.02 16:20:01 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 16:20:01 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 16:12:26 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.08.02 16:12:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 16:12:11 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.08.02 16:09:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.08.02 16:07:50 | 102,814,610 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.07.31 19:40:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Werner Beyer\Desktop\OTL.exe [2012.07.31 18:48:29 | 000,001,894 | ---- | M] () -- C:\Users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.31 18:37:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.12 16:57:37 | 000,252,388 | ---- | M] () -- C:\Users\Werner Beyer\Desktop\Beckefeld.skp [2012.07.12 12:56:12 | 000,096,532 | ---- | M] () -- C:\Users\Werner Beyer\Desktop\hgfgfxddf.skp [2012.07.11 18:03:58 | 000,323,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.07.31 18:48:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 18:48:29 | 000,001,894 | ---- | C] () -- C:\Users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.12 16:57:37 | 000,252,388 | ---- | C] () -- C:\Users\Werner Beyer\Desktop\Beckefeld.skp [2012.07.12 12:56:11 | 000,096,532 | ---- | C] () -- C:\Users\Werner Beyer\Desktop\hgfgfxddf.skp [2011.07.21 17:41:39 | 000,000,000 | ---- | C] () -- C:\Users\Werner Beyer\AppData\Local\{89159D74-1E89-4EE8-B3A8-8731D54AA00C} [2011.05.31 17:38:41 | 000,000,000 | ---- | C] () -- C:\Users\Werner Beyer\AppData\Local\{9F542968-B450-4C38-A3E9-5E6E9E7E1BD6} [2011.05.17 15:36:05 | 000,000,208 | ---- | C] () -- C:\ProgramData\e3455EjLoOkA1368 [2010.12.13 14:26:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE ========== LOP Check ========== [2011.01.21 11:41:03 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\AVG10 [2010.05.07 12:41:20 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Bump Technologies, Inc [2011.12.01 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Canneverbe Limited [2012.07.31 12:13:00 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Canon [2011.03.19 22:30:01 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\FileMaker [2011.03.23 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\FileMaker Pro [2010.12.13 14:31:22 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\FreeCommander [2011.07.07 12:25:40 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Leadertech [2010.05.07 13:48:24 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\OpenOffice.org [2010.05.07 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\TerraTec [2010.05.07 14:56:46 | 000,000,000 | ---D | M] -- C:\Users\Werner Beyer\AppData\Roaming\Uniblue [2012.06.22 15:20:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8C35AEA7 < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 16:29:46 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Werner Beyer\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,66% Memory free
5,98 Gb Paging File | 4,98 Gb Available in Paging File | 83,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 296,10 Gb Total Space | 209,80 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
Drive D: | 1,99 Gb Total Space | 1,96 Gb Free Space | 98,71% Space Free | Partition Type: NTFS
Drive F: | 120,73 Mb Total Space | 105,09 Mb Free Space | 87,04% Space Free | Partition Type: FAT
Computer Name: WERNERBEYER-PC | User Name: Werner Beyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A6204B-FB0D-4738-8131-06E25BB73317}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0EF63493-1E73-4BB1-928B-0016CC1991E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0F1F5AFC-E7F7-4322-B9B5-0826E3D9F0FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C34D574-81FA-4BDC-B917-93291BB5EB19}" = rport=445 | protocol=6 | dir=out | app=system |
"{35D765A6-438B-45D7-9FD2-B5B1FF073E8D}" = lport=445 | protocol=6 | dir=in | app=system |
"{36457F3C-A9A3-41CC-A614-10AA0664F0EA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45658E32-2235-4CBA-B67E-42043C1A4EE1}" = rport=138 | protocol=17 | dir=out | app=system |
"{59C60466-E2A5-4475-BF4B-29C6F742F63F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{615027A1-2B65-4C74-94CB-CDB561A7ED71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{745866D2-CB77-456C-A10C-BE7DF7626CEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8075D2A7-322E-439D-A139-9E69767AA7E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9CA75516-3488-4FD9-8BA2-5E6342ADCB00}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D07A6C5-9639-4E52-A958-2C4BE44DFC19}" = rport=137 | protocol=17 | dir=out | app=system |
"{A0734C74-2D88-4C3E-9558-A3B2AE14CE78}" = lport=137 | protocol=17 | dir=in | app=system |
"{AE25FCC0-C055-42D5-B983-B106BC2F6F38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CDC5407F-74A5-43A5-ACE3-D5DB4433DD67}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF448A81-F81D-4BE9-8BC0-76DBED5E9340}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF542BFE-100B-4892-B1D0-E6E864F18F6A}" = rport=139 | protocol=6 | dir=out | app=system |
"{E05E8DCD-8637-4014-9E95-E68FE21094B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA9EC85E-E654-4A03-81C0-A9FEFEA35E22}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAEDB136-2C07-490A-BB5C-C788855A7A34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB9A81D0-30C9-49CA-A1BF-E362E13125E1}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2A1A339-062C-4C03-BE95-DCCCD2ED7875}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F9E08B65-3FC8-467A-A077-72AD80B4E473}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F14023-9CA7-4EEA-BDE0-220143B6E673}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0D9D6972-8963-4A12-A142-54C52C647D2D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{0F7B14F2-F4A4-4A9C-BAE4-1224FD464D36}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{15F1C6EE-E196-46F8-A2A9-FE5EFC28CF9C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{1794618C-B419-4EA6-8E97-1A473F8635C7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{2240A501-0A95-43EA-A630-7A2E7DD3945C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2B177F1D-2CA3-4B7E-9B3A-1F0ADD083846}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{3B45D4C0-E651-4099-A34F-D9E90F682973}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4B5ACB97-C083-4E43-A969-A92023011141}" = protocol=17 | dir=in | app=c:\users\werner beyer\appdata\local\temp\{2eedb09f-eaee-4a90-a15d-c93cb94a2f93}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{4B797AED-7174-47AA-9964-F55BC9B20D20}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{56E8FF9F-342A-40D8-B2B0-D3074EAB28E0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{57590A36-B486-4727-BE59-85289D311EF2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{59107423-3554-4D33-AC45-A7193587FFEC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{5CE53957-AAD0-41E0-A0EB-3B0C5C9C7259}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5F158955-F8D8-42ED-81C7-CE70E8AA5E7D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{6C5EB12D-115B-4BD7-9A65-4C4C33910B2B}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{754FEAEC-BD02-43A1-8519-69ECB748A5B2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7C981E99-7E16-4B21-B29A-5EB74FCE71A0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{87616DC8-3367-41FF-99AC-266F644269D5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{87DD33D7-8E29-4800-A4F4-A121C9278B17}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8F2135A3-EFA2-47D6-BE42-F0D50E752A57}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A1E3F3CA-D317-439E-9432-96891313533B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A76C3FBF-2623-4E8F-BD76-10974C2537DA}" = protocol=6 | dir=in | app=c:\users\werner beyer\appdata\local\temp\{2eedb09f-eaee-4a90-a15d-c93cb94a2f93}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe |
"{A8F91888-FF83-474A-AE0A-7D141E8657CF}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{BBF4ECD3-650A-4F5F-8DF2-5E3D28E887FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BE6155BA-EA4A-4C0A-8033-7FBCF70CA17E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0F3C0BD-A1DF-4F66-A594-33A9BC871642}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C2507D43-F4C7-4B88-A060-6AA614E2C1EA}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{C93E9E1A-BCDD-4E0D-9B89-00C3F5A1ED2D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CAEDA296-12AF-4E23-9571-0C45CC0BA845}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBB1B5F6-897F-498A-94DE-686BE00CA2AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDFF6154-A3FA-47C2-975B-15EDCAD23AC6}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{D2B2A52E-2F79-4454-A306-830697C1C6CF}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{D5C36848-6EDB-47DB-9C83-693327FCCFF7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{E051B44F-80F0-47C2-B643-FE84F92FB75A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E37C02E3-AC80-4868-9988-7063BAEF82A3}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe |
"{E65290A9-92B4-4DA8-9BF1-F3DF1E0BCF37}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E9B23B4E-3FB5-41AC-A35F-2B121D2C9A26}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F2054B30-7649-4BF9-B93F-BBE692100F4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F30268EC-CAE1-49AF-B5C4-63F5A2246E0D}" = dir=in | app=c:\program files\airport\apagent.exe |
"{F5457762-44C0-4708-AFE4-5F9B89F4B333}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F7262E47-9492-4421-8051-7138901C92D0}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{FDE00EB9-C5E3-4C21-96C1-DC9C94101AB7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01144BEA-886C-067C-5879-4773516F9A8F}" = Catalyst Control Center Graphics Previews Vista
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FC27548-D4DB-8039-456B-D9E743FEF86F}" = CCC Help English
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 23
"{28996689-E20A-E63B-2BDA-B662AB807C87}" = ATI Catalyst Install Manager
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E18D88A-5067-324B-382C-9166D4388ED0}" = ccc-core-static
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B07D8FE-CC01-23CE-3961-751687074E54}" = Catalyst Control Center Graphics Previews Common
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F817DD0-D103-196F-5D63-365DC87B43EE}" = Catalyst Control Center HydraVision Full
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DDF7334-8CCD-4077-86B7-8D8E6E0AAB5D}" = Tweaker for Outlook Express
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FE1465B-059A-420D-A884-D28B84F910A3}" = Brother HL-2170W
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90aa6430-6a3a-4f3a-a15d-ed5ed74752cc}" = Nero 9 Essentials
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9903001D-2728-9D9B-3D8B-F593A502A972}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B535DA73-AAD1-51E8-9232-9358D2A20E9B}" = Catalyst Control Center Graphics Full Existing
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{C91BC5DF-C6BD-388B-FEB8-2721B9D5C97B}" = Catalyst Control Center Core Implementation
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{D575E1CA-56BB-2944-744E-E7CD1EDB9C82}" = Catalyst Control Center Graphics Full New
"{D6AAE701-6EA9-FAA1-AB38-227AA94531A1}" = Catalyst Control Center Graphics Light
"{D8508208-4591-2964-3DDB-16A4BE871230}" = ccc-utility
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.18.0001
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EACCC991-8E8C-4397-8854-349506741FC9}" = FileMaker Pro 11
"{EACCC991-8E8C-4397-8854-349506741FC9}_FileMaker" = FileMaker Pro 11
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Auto Update Service" = Canon Auto Update Service
"AVG" = AVG 2011
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DPP" = Canon Utilities Digital Photo Professional 3.11
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FreeCommander_is1" = FreeCommander 2009.02b
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Kachelofenberechnung Basic 1.0_is1" = Kachelofenberechnung Basic 1.0
"MapUtility" = Canon Utilities Map Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel(R) Network Connections Drivers
"ViceVersa Pro 2_is1" = ViceVersa Pro 2 (Build 2.0.0.9)
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.07.2012 06:55:06 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\TerraTec\Remote\TTTvRc.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.07.2012 06:55:07 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 11.07.2012 07:08:56 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 11.07.2012 07:09:31 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 11.07.2012 07:10:23 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\TerraTec\Remote\TTTvRc.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.07.2012 07:10:24 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 12.07.2012 06:05:15 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 12.07.2012 06:05:27 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\freecommander\DelZip179.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\freecommander\DelZip179.dll"
in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 12.07.2012 06:06:11 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\TerraTec\Remote\TTTvRc.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.07.2012 06:06:11 | Computer Name = WernerBeyer-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
[ OSession Events ]
Error - 05.09.2011 10:51:43 | Computer Name = WernerBeyer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5782
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.07.2012 12:34:55 | Computer Name = WernerBeyer-PC | Source = bowser | ID = 8003
Description =
Error - 31.07.2012 02:50:46 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 12:22:20 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 12:51:24 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 12:55:23 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 13:05:17 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 13:08:21 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 31.07.2012 13:36:04 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 02.08.2012 10:03:19 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
Error - 02.08.2012 10:13:33 | Computer Name = WernerBeyer-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Kommt das über eine Lücke im IE8/9 daher oder kann man sich davor garnicht schützen? danke für alle Tipps! |
|
02.08.2012, 18:41
| #2 |
| /// Malware-holic   |  20. BKA-Klon als Osterreich-Ausgabe zb illegale streamings wie kinox.to.
__________________du hattest shcon mal so eine infektion, richtig, ende juli. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. [CODE] :OTL O4 - HKU\S-1-5-21-3272449592-697967546-3180331835-1000..\Run: [] C:\Users\Werner Beyer\AppData\Local\Temp\vohigzkbcn.exe () [2012.08.02 16:09:57 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 18:48:29 | 000,001,894 | ---- | C] () -- C:\Users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk :Files C:\Users\Werner Beyer\AppData\Local\Temp\vohigzkbcn.exe :Commands [purity] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn dies erledigt ist, bittemelden.
__________________ |
|
02.08.2012, 20:39
| #3 |
| | 20. BKA-Klon als Osterreich-Ausgabe Bumm, das ging ja fix! gerade erst vom Abendsport zurückgekommen ^^
__________________"zb illegale streamings wie kinox.to." Habe meines Wissens auf dem Rechner nichts gestreamt, aber heißt das, daß ein Browserwechsel davor schützen würde? "du hattest shcon mal so eine infektion, richtig, ende juli." Ja, das ist die Kagge, die hier momentan am Dampfen ist ... seit paar Tagen wütet das Ding hier. Hatte leider keine zeit mich früher drum zu kümmern, weil ich noch 2 XP Rechner von Freunden hier mit demselben problem hatte. Aber bei denen war es ohnehin Zeit mal neu aufzusetzen, also bin ich einfach drübergefahren :P Sooo zurück zum Thema. Ich glaub es hat alles soweit geklappt und ich hab alles wie beschrieben hochgeladen. An dieser Stelle gleich mal ein dickes DANKESCHÖN. Obwohl du das ganze sicher schon x-mal durchgespielt hast machst du dir die Mühe jeden Schritt haargenau zu beschreiben .. so glasklar, daß sogar der größte Volltrottel es hinbekommt! Sieht man leider selten sowas .. eigentlich seh ich das zum ersten Mal .. gibt nicht mal was nachzufragen! :P |
|
02.08.2012, 20:57
| #4 |
| /// Malware-holic | 20. BKA-Klon als Osterreich-Ausgabe hi das mit dem cache ordner passt, aber moved files nicht, erneut hochladen bitte und, gern gescheen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.08.2012, 21:29
| #5 |
| | 20. BKA-Klon als Osterreich-Ausgabe Ok, nochmal hochgeladen .. kA was da schiefging. |
|
02.08.2012, 21:58
| #6 |
| /// Malware-holic | 20. BKA-Klon als Osterreich-Ausgabe ist doch noch mal das selbe, du sollst den ordner _MOVEd filespacken und hochladen steht doch oben so....
__________________ --> 20. BKA-Klon als Osterreich-Ausgabe |
|
02.08.2012, 22:32
| #7 |
| | 20. BKA-Klon als Osterreich-Ausgabe Hm, das hat man davon, wenn man versucht selbst zu denken und deswegen Zeilen überspringt :P Sollte jetzt passen, sorry. |
|
02.08.2012, 23:27
| #8 | |
| /// Malware-holic | 20. BKA-Klon als Osterreich-Ausgabe danke Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.08.2012, 23:48
| #9 |
| | 20. BKA-Klon als Osterreich-Ausgabe Beim Scan hat sich 3x der AVG quergelegt, obwohl ich ihn deaktiviert hatte .. hab jedesmal auf zulassen geklickt - hoffe das reicht. Soll ich ihn einfach mal deinstallieren um sicher zu gehn? Combofix.txt Code:
ATTFilter ComboFix 12-07-31.03 - Werner Beyer 03.08.2012 0:38.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.3063.1709 [GMT 2:00]
ausgeführt von:: c:\users\Werner Beyer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\e3455EjLoOkA1368
c:\users\Werner Beyer\AppData\Local\Temp\deo0_sar.exe
c:\users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\users\WERNER~1\AppData\Local\Temp\deo0_sar.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-02 bis 2012-08-02 ))))))))))))))))))))))))))))))
.
.
2012-08-02 22:42 . 2012-08-02 22:42 -------- d-----w- c:\users\Werner Beyer\AppData\Local\temp
2012-08-02 22:42 . 2012-08-02 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 19:20 . 2012-08-02 21:29 -------- d-----w- C:\_OTL
2012-08-02 15:53 . 2012-08-02 15:53 -------- d-----w- c:\users\Werner Beyer\AppData\Roaming\Malwarebytes
2012-08-02 15:53 . 2012-08-02 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-02 15:53 . 2012-08-02 15:53 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 15:53 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 16:03 . 2012-07-12 16:13 -------- d-----w- C:\babumusik
2012-07-11 15:42 . 2012-06-02 09:08 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-11 15:42 . 2012-06-02 08:22 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-07-11 15:42 . 2012-06-02 08:21 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-07-11 15:42 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-11 15:40 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:55 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:55 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 10:55 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 10:55 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 10:55 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 10:54 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 10:54 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 10:54 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 10:54 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 10:54 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 10:54 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 10:54 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 10:54 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 10:54 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 10:54 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 22:19 . 2012-06-26 12:34 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 12:34 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 12:34 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 12:34 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 12:34 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 12:34 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 12:34 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-26 12:34 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-26 12:34 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-11 10:50 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"TerraTec Remote Control"="c:\program files\Common Files\TerraTec\Remote\TTTVRC.exe" [2009-09-22 1658368]
"Remote Control Editor"="c:\program files\Common Files\TerraTec\Remote\TTTVRC.exe" [2009-09-22 1658368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"Brdefprn"="c:\program files\Brother\BRHL2170\Brdefprn.exe" [2009-07-08 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Werner Beyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 13:36]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 13:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1295349632&rver=6.1.6206.0&wp=MBI&wreply=hxxp:%2F%2Fmail.live.com%2Fdefault.aspx&lc=3079&id=64855&mkt=de-at&cbcxt=mai&snsc=1
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-03 00:43:52
ComboFix-quarantined-files.txt 2012-08-02 22:43
.
Vor Suchlauf: 13 Verzeichnis(se), 225.725.669.376 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 226.140.315.648 Bytes frei
.
- - End Of File - - B1C5BEC9737C60AF03E104F640B3A212
Ich bin bis Sonntag auswärts unterwegs und kann daher nicht an den Rechner. Bitte Thread NICHT schließen! Ich melde mich garantiert wieder  Geändert von Akil (03.08.2012 um 00:04 Uhr) |
|
04.08.2012, 22:26
| #10 |
| | 20. BKA-Klon als Osterreich-Ausgabe Bin wieder da Bin ich fertig oder gibts noch was zu tun? Trau mich irgendwie nicht das Inet an dem Rechner wieder anzustecken :P |
|
07.08.2012, 13:36
| #11 |
| | 20. BKA-Klon als Osterreich-Ausgabe Ich will nicht rumstressen, aber ich muß den PC noch die Woche fertigbekommen ... sonst krieg ichs mit dem Nudelholz! Läßt sich da vielleicht was machen?  |
|
08.08.2012, 14:16
| #12 |
| /// Malware-holic | 20. BKA-Klon als Osterreich-Ausgabe lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.08.2012, 17:09
| #13 |
| | 20. BKA-Klon als Osterreich-Ausgabe Juhuuu du bist wieder da  Da hatt ich ja mal richtig was zu tun Code:
ATTFilter Acrobat.com Adobe Systems Incorporated 07.05.2010 1.1.377 unbekannt Adobe AIR Adobe Systems Inc. 07.05.2010 1.0.4990 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 01.12.2011 6,00MB 11.1.102.55 notwendig Adobe Reader 9 Adobe Systems Incorporated 07.05.2010 202MB 9.0.0 notwendig AirPort Apple Inc. 12.06.2012 11,6MB 5.6.1.2 notwendig Apple Application Support Apple Inc. 12.06.2012 60,9MB 2.1.9 notwendig Apple Mobile Device Support Apple Inc. 12.06.2012 24,2MB 5.2.0.6 notwendig Apple Software Update Apple Inc. 28.07.2011 2,38MB 2.1.3.127 notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 13.04.2010 16,3MB 3.0.765.0 notwendig AVG 2011 AVG Technologies 03.02.2012 10.0.1424 notwendig Bonjour Apple Inc. 14.10.2011 1,02MB 3.0.0.10 notwendig Brother BRAdmin Light 1.18.0001 Brother 22.12.2010 1.18.0001 notwendig Brother HL-2170W Brother 28.05.2010 notwendig 1.00 Canon Auto Update Service Canon Inc. 17.12.2011 1.1.0.13 notwendig Canon IJ Network Scan Utility 12.05.2010 notwendig Canon IJ Network Tool 12.05.2010 notwendig CANON iMAGE GATEWAY MyCamera Download Plugin Canon Inc. 17.12.2011 3.1.1.2 notwendig CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 17.12.2011 1.9.0.9 notwendig Canon MOV Decoder Canon Inc. 17.12.2011 1.9.0.8 notwendig Canon MOV Encoder Canon Inc. 17.12.2011 1.8.0.1 notwendig Canon MovieEdit Task for ZoomBrowser EX Canon Inc. 17.12.2011 3.9.0.6 unbekannt Canon MP Navigator EX 2.0 12.05.2010 notwendig Canon MP620 series Benutzerregistrierung 12.05.2010 unnötig Canon MP620 series MP Drivers 12.05.2010 notwendig Canon ScanGear Starter 25.06.2010 notwendig Canon Utilities CameraWindow DC 8 Canon Inc. 17.12.2011 8.6.0.11 notwendig Canon Utilities CameraWindow Launcher Canon Inc. 17.12.2011 7.6.0.1 notwendig Canon Utilities Digital Photo Professional 3.11 Canon Inc. 17.12.2011 3.11.0.0 notwendig Canon Utilities Easy-PhotoPrint EX 12.05.2010 notwendig Canon Utilities Map Utility Canon Inc. 17.12.2011 1.1.0.4 notwendig Canon Utilities Movie Uploader for YouTube Canon Inc. 17.12.2011 1.3.0.3 unnötig Canon Utilities My Printer 12.05.2010 notwendig Canon Utilities MyCamera Canon Inc. 17.12.2011 7.5.0.1 notwendig Canon Utilities PhotoStitch Canon Inc. 17.12.2011 3.1.22.46 notwendig Canon Utilities Solution Menu 12.05.2010 notwendig Canon Utilities ZoomBrowser EX Canon Inc. 17.12.2011 6.8.0.10 notwendig Canon ZoomBrowser EX Memory Card Utility Canon Inc. 17.12.2011 1.6.0.15 notwendig CCleaner Piriform 24.07.2012 3.21 notwendig CDBurnerXP CDBurnerXP 01.12.2011 12,1MB 4.3.9.2809 notwendig FileMaker Pro 11 FileMaker, Inc. 19.03.2011 275MB 11.0.1.0 notwendig FreeCommander 2009.02b Marek Jasinski 13.12.2010 2009.02 notwendig Google SketchUp 8 Google, Inc. 13.09.2010 73,2MB 3.0.3196 notwendig Google Toolbar for Internet Explorer Google Inc. 27.03.2012 7.3.2710.138 unnötig iCloud Apple Inc. 15.03.2012 24,2MB 1.1.0.40 notwendig Inkjet Printer/Scanner Extended Survey Program 12.05.2010 unnötig Intel(R) Network Connections Drivers Intel 07.05.2010 14.1 notwendig iTunes Apple Inc. 12.06.2012 181MB 10.6.3.25 notwendig Java(TM) 6 Update 23 Sun Microsystems, Inc. 07.05.2010 97,1MB 6.0.230 notwendig Kachelofenberechnung Basic 1.0 Österreichischer Kachelofenverband 23.08.2011 59,1MB notwendig Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 02.08.2012 18,7MB 1.62.0.1300 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 2,93MB 4.0.30319 notwendig Microsoft Office Home and Student 2007 Microsoft Corporation 14.04.2010 12.0.6425.1000 notwendig Microsoft Office Suite Activation Assistant Microsoft Corporation 13.04.2010 8,36MB 2.9 unbekannt Microsoft Silverlight Microsoft Corporation 14.04.2010 29,0MB 3.0.50106.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 13.04.2010 1,72MB 3.1.0000 notwendig Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 13.04.2010 625KB 1.0.1215.0 notwendig Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 13.04.2010 1,44MB 1.0.1215.0 notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 14.04.2010 252KB 8.0.50727.4053 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.05.2010 346KB 8.0.59193 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 13.04.2010 596KB 9.0.30729.4148 notwendig MobileMe Control Panel Apple Inc. 02.11.2011 12,2MB 3.1.8.0 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.04.2010 35,0KB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 14.04.2010 1,33MB 4.20.9876.0 notwendig Nero 9 Essentials Nero AG 13.04.2010 notwendig NETGEAR WG111v3 wireless USB 2.0 adapter NETGEAR 26.05.2010 8,03MB 1.00.0000 notwendig OpenOffice.org 3.2 OpenOffice.org 07.05.2010 370MB 3.2.9483 notwendig QuickTime Apple Inc. 17.05.2012 73,2MB 7.72.80.56 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 07.05.2010 6.0.1.5898 notwendig Safari Apple Inc. 17.05.2012 104MB 5.34.57.2 TerraTec Home Cinema 07.05.2010 6.11.5 notwendig Tweaker for Outlook Express MAPILab Ltd. 07.05.2010 542KB 1.0.1 unbekannt ViceVersa Pro 2 (Build 2.0.0.9) TGRMN Software 17.06.2010 2 notwendig Windows Live Anmelde-Assistent Microsoft Corporation 13.04.2010 1,93MB 5.000.818.5 notwendig Windows Live Essentials Microsoft Corporation 13.04.2010 14.0.8089.0726 notwendig Windows Live Sync Microsoft Corporation 13.04.2010 2,79MB 14.0.8089.726 notwendig Windows Live-Uploadtool Microsoft Corporation 13.04.2010 224KB 14.0.8014.1029 notwendig |
|
08.08.2012, 18:48
| #14 |
| /// Malware-holic | 20. BKA-Klon als Osterreich-Ausgabe deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Google Toolbar Java Download der kostenlosen Java-Software downloade java jre instalieren Tweaker öffne ccleaner,analysieren starten öffne otl, cleanup, pc startet neu testen wie er läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.08.2012, 00:53
| #15 |
| | 20. BKA-Klon als Osterreich-Ausgabe Alles gemacht und läuft wieder Spitze .. diesmal sogar MIT Internet  VIELEN DANK!! Ich hoffe, das Zeug kommt nicht mehr wieder ... Würde ja schon gerne wissen, wie man sich das genau einfängt. Weiß jetzt schon von über 10 Leuten in meinem Umkreis, die sich das Ding eingefangen haben. Kriegt man das eigentlich auch mit einer Systemwiederherstellung weg, oder besteht das auch aus Dateien, die das überleben? |
|
| Themen zu 20. BKA-Klon als Osterreich-Ausgabe |
| autorun, avg, avg secure search, avg security toolbar, bka-klon, branding, canon, cyber cryme investigation department, flash player, home, install.exe, internet, kinox.to, langs, logfile, netgear, neu aufsetzen, object, office 2007, paysafecard, plug-in, problem, realtek, registry, remote control, richtlinie, rundll, scan, secure search, security, senden, sketchup, software, svchost.exe, usb 2.0, vtoolbarupdater, windows, Österreich |
Linear-Darstellung
