|
Log-Analyse und Auswertung: BKA-Trojaner - Der Computer ist gesperrt!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.08.2012, 17:46 | #1 |
| BKA-Trojaner - Der Computer ist gesperrt! Hallo an alle Experten, heute Morgen hat mich mein "Vordergrund-Bildschirm" etwas überrascht. Überschrift das der Bundesregierung nachempfundenen Bundes Trojaners: "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert" ist halt nicht so ganz Deutsch aber so steht's da, nach etwas Suche bin ich hier auf das Forum aufmerksam geworden und hab auch direkt einen Scan mit "MALWAREBYTES" durchgeführt, hier ist die Logdatei: (danach werde ich den Rechner neu starten und mit OTL by OldTimer durchforsten und das Ergebnis auch hier posten!) (ok Logfile poste ich gleich, muss erst neu starten!) Vielen Dank Sascha Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.03.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 sonic-warrior :: SW_LAPTOP [Administrator] Schutz: Deaktiviert 03.08.2012 12:55:44 mbam-log-2012-08-03 (12-55-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 457226 Laufzeit: 1 Stunde(n), 58 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iqpy.exe (Trojan.Apppatch) -> Daten: C:\Users\sonic-warrior\AppData\Roaming\Xakeyq\iqpy.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wmcodecdspps (Trojan.Cridex) -> Daten: C:\Users\sonic-warrior\AppData\Local\Microsoft\Windows\420\wmcodecdspps.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Time (Trojan.Agent) -> Daten: rundll32.exe "C:\ProgramData\OwxidbeSfazm.dll",EntryPoint -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Users\sonic-warrior\AppData\Roaming\Xakeyq\iqpy.exe (Trojan.Apppatch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\sonic-warrior\AppData\Local\Microsoft\Windows\420\wmcodecdspps.exe (Trojan.Cridex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\downloads\MPLSetup(1).exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\sonic-warrior\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\sonic-warrior\AppData\Local\Temp\33866288.exe (Trojan.Phex.THAGen6) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\sonic-warrior\AppData\Local\Temp\33869330.exe (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\n (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\sonic-warrior\Documents\Downloads\asterisk\astlog\astlog.exe (HackTool.Asterisk) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\OwxidbeSfazm.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 03.08.2012 19:03:53 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\sonic-warrior\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,84% Memory free 6,18 Gb Paging File | 4,71 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 4,88 Gb Free Space | 3,39% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 122,18 Gb Free Space | 84,85% Space Free | Partition Type: NTFS Computer Name: SW_LAPTOP | User Name: sonic-warrior | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\sonic-warrior\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () PRC - C:\Programme\AVG Secure Search\vprot.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe () PRC - C:\Programme\1&1 Surf-Stick\AssistantServices.exe () PRC - C:\Programme\1&1 Surf-Stick\UIExec.exe () PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll () MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll () MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll () MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll () MOD - C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll () MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll () MOD - C:\Programme\AVG Secure Search\vprot.exe () MOD - C:\Programme\Orbitdownloader\wtlctrl.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe () MOD - C:\Programme\1&1 Surf-Stick\UIExec.exe () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll () MOD - C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll () MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll () MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater11.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (UI Assistant Service) -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{1B5FD3EB-9BC6-4E67-98FB-3B418CAE7E73}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={56D040F4-40CC-4887-9BD4-75F0E028FE96}&mid=b60486c4e7bb47d0a3d7d16b2f36a22a-482a46353c7a6e0c2ad6bba4d6884df62370fbb1&lang=de&ds=od011&pr=sa&d=2012-06-08 22:28:14&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\sonic-warrior\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\sonic-warrior\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\sonic-warrior\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sonic-warrior\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sonic-warrior\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:59:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.12 21:44:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.12 21:44:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.03.08 11:48:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 13:03:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 14:30:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 23:23:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.31 10:53:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 14:30:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 23:23:59 | 000,000,000 | ---D | M] [2011.01.04 15:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Extensions [2011.01.04 15:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.03 12:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions [2011.06.28 22:57:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.02 12:23:16 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.06.28 22:57:46 | 000,000,000 | ---D | M] (CheckFox) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87} [2009.08.18 13:42:06 | 000,000,000 | ---D | M] (CheckBoxMate) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{dc0fa143-3db3-73ee-e852-912722c852fd} [2012.08.03 12:40:35 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.01.30 10:50:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}(23) [2011.09.25 19:04:56 | 000,000,000 | ---D | M] (preisspion.de) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\finder@meingutscheincode.de [2011.06.07 01:58:53 | 000,000,000 | ---D | M] (WKW Stuff) -- C:\Users\sonic-warrior\AppData\Roaming\mozilla\Firefox\Profiles\00aijy08.default\extensions\WKW_Stuff@mozdev.org [2012.04.25 19:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.18 14:30:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.15 22:33:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.17 15:37:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.09 13:02:55 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.17 15:37:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 15:37:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 15:37:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 15:37:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 15:37:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://isearch.avg.com/?cid={56D040F4-40CC-4887-9BD4-75F0E028FE96}&mid=b60486c4e7bb47d0a3d7d16b2f36a22a-482a46353c7a6e0c2ad6bba4d6884df62370fbb1&lang=de&ds=od011&pr=sa&d=2012-06-08 22:28:14&v=11.1.0.7&sap=hp CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://isearch.avg.com/?cid={56D040F4-40CC-4887-9BD4-75F0E028FE96}&mid=b60486c4e7bb47d0a3d7d16b2f36a22a-482a46353c7a6e0c2ad6bba4d6884df62370fbb1&lang=de&ds=od011&pr=sa&d=2012-06-08 22:28:14&v=11.1.0.7&sap=hp CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Orbit Downloader (Enabled) = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\sonic-warrior\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\sonic-warrior\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\sonic-warrior\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: XJZ Survey Remover = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\cghbpbbbdbdcljgdhfpfhkpknlaefjhl\3.1.2_0\ CHR - Extension: Google-Suche = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SEO Site Tools = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\diahigjngdnkdgajdbpjdeomopbpkjjc\2.91_0\ CHR - Extension: Stream Downloader = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\eojhdpnbgmkklikppknobdghfdfcligf\1.0_0\ CHR - Extension: Uncircle Uncirclers+ = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnckobddbbbgfabnhogmncmghngohflh\1.5_0\ CHR - Extension: DivX HiQ = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: Videos = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnpgkkflofmonpakbihlnlloompbfald\1.0_0\ CHR - Extension: avast! WebRep = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\ CHR - Extension: Social Fixer = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.741_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ CHR - Extension: SEO for Chrome = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\ CHR - Extension: Google Mail = C:\Users\sonic-warrior\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CDAServer] C:\Programme\Common Files\Common Desktop Agent\CDASrv.exe () O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003..\Run: [Facebook Update] C:\Users\sonic-warrior\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2828624098-4232976946-4174206805-1003..\Run: [iqpy.exe] C:\Users\sonic-warrior\AppData\Roaming\Xakeyq\iqpy.exe File not found O4 - Startup: C:\Users\sonic-warrior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Programme\SmarThru 4\WEBCapture.dll1.htm () O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Programme\SmarThru 4\WEBCapture.dll2.htm () O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Programme\SmarThru 4\WEBCapture.dll.htm () O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8ABBBC40-5F9B-4C7C-9BFA-57B09F350444}: DhcpNameServer = 212.39.90.42 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62D1E93-79F4-4A31-B03C-1571B9347C39}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c83c3e5-03d4-11df-a8d6-002269d24bd9}\Shell - "" = AutoRun O33 - MountPoints2\{0c83c3e5-03d4-11df-a8d6-002269d24bd9}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{7a2d78fb-a6a0-11de-895d-002269d24bd9}\Shell - "" = AutoRun O33 - MountPoints2\{7a2d78fb-a6a0-11de-895d-002269d24bd9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7a2d7922-a6a0-11de-895d-002269d24bd9}\Shell - "" = AutoRun O33 - MountPoints2\{7a2d7922-a6a0-11de-895d-002269d24bd9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.03 13:32:11 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\sonic-warrior\Desktop\OTL.exe [2012.08.03 12:54:44 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\Malwarebytes [2012.08.03 12:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.03 12:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.03 12:54:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.03 12:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.02 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\hellomoto [2012.07.30 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\TEST [2012.07.23 14:25:20 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\FOTOS [2012.07.19 18:57:37 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\ebay [2012.07.18 20:49:01 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\Artisteer [2012.07.18 20:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 3 [2012.07.18 20:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 3 [2012.07.18 20:36:35 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\joomla [2012.07.16 20:55:36 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\Xakeyq [2012.07.16 20:55:36 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\AppData\Roaming\Fazi [2012.07.12 21:42:50 | 000,000,000 | ---D | C] -- C:\Users\sonic-warrior\Desktop\closing [2012.07.12 03:07:57 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.12 03:02:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.12 03:02:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.12 03:02:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.12 03:02:44 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.12 03:02:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.12 03:02:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.12 03:02:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 17:33:55 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.07 12:44:00 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.07.07 12:43:59 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.07.07 12:43:59 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.07.07 12:43:59 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.07.07 12:43:59 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.07.07 12:43:36 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.07.07 12:43:36 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe ========== Files - Modified Within 30 Days ========== [2012.08.03 18:48:36 | 000,071,749 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.08.03 18:48:30 | 000,071,749 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.08.03 18:48:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.03 18:48:21 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.03 18:48:20 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.03 18:48:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.03 18:47:15 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.03 18:44:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.03 18:14:21 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003UA.job [2012.08.03 18:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.03 17:12:01 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003UA.job [2012.08.03 14:13:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.03 14:13:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.01 23:12:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003Core.job [2012.08.01 10:14:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003Core.job [2012.07.29 22:06:19 | 000,047,903 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\u60311.jpg [2012.07.28 10:16:07 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\sonic-warrior\Desktop\OTL.exe [2012.07.26 22:27:01 | 000,040,717 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\markus.jpg [2012.07.20 11:36:27 | 000,210,095 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\HI_mousepad.JPG [2012.07.16 12:04:14 | 000,010,885 | ---- | M] () -- C:\Users\sonic-warrior\.recently-used.xbel [2012.07.13 17:09:15 | 000,239,796 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\P1013134.jpg [2012.07.12 03:26:20 | 000,400,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.07 20:17:35 | 000,026,924 | ---- | M] () -- C:\Users\sonic-warrior\Desktop\Anmeldungen.ods ========== Files Created - No Company Name ========== [2012.07.29 22:06:19 | 000,047,903 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\u60311.jpg [2012.07.26 22:27:01 | 000,040,717 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\markus.jpg [2012.07.21 12:46:28 | 000,013,312 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\U\80000000.@ [2012.07.21 12:46:28 | 000,001,712 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\U\00000001.@ [2012.07.20 09:36:10 | 000,210,095 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\HI_mousepad.JPG [2012.07.16 12:04:14 | 000,010,885 | ---- | C] () -- C:\Users\sonic-warrior\.recently-used.xbel [2012.07.13 17:07:51 | 000,239,796 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\P1013134.jpg [2012.07.12 21:42:31 | 004,619,648 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\P1013123.JPG [2012.07.12 21:35:50 | 004,588,281 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\P1013117.JPG [2012.07.07 20:10:38 | 000,026,924 | ---- | C] () -- C:\Users\sonic-warrior\Desktop\Anmeldungen.ods [2012.06.10 01:06:46 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb6mlm.dll [2012.04.11 21:59:37 | 000,000,194 | ---- | C] () -- C:\Windows\System32\dmlg.dat [2012.01.24 08:49:41 | 000,002,048 | -HS- | C] () -- C:\Users\sonic-warrior\AppData\Local\{76fd9690-fce2-f13b-de75-8b844e3ee0ac}\@ [2011.12.09 22:24:59 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.02.18 19:45:26 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe [2011.02.18 19:45:08 | 000,010,805 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Roaming\SmarThruOptions.xml [2011.02.18 19:44:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe [2011.02.18 19:44:13 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll [2011.02.18 19:44:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\SamFaxPort.dll [2011.02.18 19:44:04 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini [2011.02.18 19:44:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll [2011.02.18 19:40:21 | 000,110,592 | R--- | C] () -- C:\Windows\Wiainst.exe [2011.02.18 19:39:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2011.02.18 19:39:02 | 000,027,136 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2011.02.18 19:39:02 | 000,011,264 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2011.02.18 19:39:02 | 000,010,752 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2011.02.18 16:13:56 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sst1cl3.dll [2011.01.24 21:05:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.01.24 21:05:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.01.24 21:05:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.01.12 18:13:27 | 000,000,600 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\PUTTY.RND [2010.10.29 02:43:56 | 000,063,488 | ---- | C] () -- C:\Windows\System32\CDASpl.dll [2010.03.07 17:15:17 | 000,007,592 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\d3d9caps.dat [2010.02.20 22:15:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.11.10 15:05:13 | 000,092,160 | ---- | C] () -- C:\Users\sonic-warrior\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.25 07:36:36 | 000,071,749 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.25 07:36:12 | 000,071,749 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== LOP Check ========== [2012.08.01 23:12:00 | 000,001,148 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003Core.job [2012.08.03 17:12:01 | 000,001,170 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2828624098-4232976946-4174206805-1003UA.job [2012.08.03 18:47:15 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.08.2012 19:03:53 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\sonic-warrior\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 50,84% Memory free 6,18 Gb Paging File | 4,71 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 4,88 Gb Free Space | 3,39% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 122,18 Gb Free Space | 84,85% Space Free | Partition Type: NTFS Computer Name: SW_LAPTOP | User Name: sonic-warrior | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera_new\Opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D8A82E3-FB25-467E-B5A7-30BE3D0DC581}" = lport=138 | protocol=17 | dir=in | app=system | "{13EA71DE-862B-4A74-BD2E-D53528D06230}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2C661C94-A73C-4682-93F7-E6C0F9A26A1B}" = rport=138 | protocol=17 | dir=out | app=system | "{32DDD508-5184-4D9A-9121-D4E6C8228179}" = rport=137 | protocol=17 | dir=out | app=system | "{37D23100-90D5-482D-892A-A8D21970D893}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{3FBB5024-8DB4-4FCF-9C98-4356637138C4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4DD3C196-063D-4D69-A1E6-E727130F9532}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{584342B5-BC81-409A-B236-17278483CD02}" = rport=139 | protocol=6 | dir=out | app=system | "{5F36338E-5E66-436B-9965-E642A3395866}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6D2BDDC7-5B37-4E60-95BC-921F2BDA2081}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9C14D0BB-C30D-4B37-9328-1FDF851F5A8E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9F85A3D1-30BD-43B9-92D2-7DD30AD9DD9E}" = lport=2869 | protocol=6 | dir=in | app=system | "{A75C3297-EC91-4445-BDAC-B0500CEF650E}" = lport=137 | protocol=17 | dir=in | app=system | "{AA31B417-EE46-4EFF-8885-12524BD02158}" = lport=139 | protocol=6 | dir=in | app=system | "{C72611AF-2000-49D5-B768-91B00989F67D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D8103230-24F6-4581-9FD6-433EDD985BC7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D8AC4681-D0AD-47B1-8D2F-A2C27617607C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DCAB2756-7503-4795-A1B6-FF834279B9B5}" = lport=445 | protocol=6 | dir=in | app=system | "{E6681B1D-D4FE-4440-BD4E-5378193C738C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F40EB487-BC14-43AB-84BA-E8ADF8011404}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00F58D86-44A0-45C7-940E-4F60B0A292A3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{072BEAD4-F23F-4B94-8916-07681F41AB09}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{0B2C75CE-D27D-4CF6-A2B7-6A8FFD11038B}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe | "{1E6DB577-F35C-4A70-8994-514CFEFBE700}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{245E3E57-BA0E-4BBC-B669-22910E64C443}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{2D3345F1-1DC7-4343-96B0-75001FEAACF4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{2E02E03E-FCDB-42C6-B05A-554958841D4B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "{2E4C29DA-2E14-4846-9CBF-659DBF5963C9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{316874E4-01E8-499D-8FA4-6CBF67065BB4}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\cdas2pc\cdas2pc.exe | "{35840F05-D87F-4E77-97FE-A5E8CC03AA01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{393DBBF1-D762-4C4C-8F0C-191D4B61B4E0}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe | "{3C1D51EF-C78C-4E1B-9794-116EB5C22F2E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{3FCE4DCF-2464-45AD-87EA-20638ED03A0C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{412F1F9B-60E8-474F-8150-F191CBA94B3B}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | "{445749A4-9740-4F97-97A0-30B63B13257B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{47ECA27F-8D15-4B1D-9688-E6D19FD8827F}" = protocol=17 | dir=in | app=c:\program files\opera_new\opera.exe | "{4A6A3898-B9AA-4043-9676-76A9592FA5BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4FEAB0AB-C834-4351-9592-94F6B846DFA3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{56AC680A-E249-4CDF-ACD4-74C3D54D7A73}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | "{60F81639-3395-4394-AD37-1AE2BD52F76A}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | "{6979CE7F-0896-4C98-8E45-A9AF534C4A79}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{706B8824-035A-4952-AB13-95D7B3E5BA4F}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\idsalert.exe | "{70B8D58A-330C-42E1-ADF0-019C68F8C640}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{7217C6B6-372B-463C-A3F1-E12C05CB66B3}" = dir=in | app=c:\users\sonic-warrior\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{7B1F9957-70C9-4A15-8DAA-556DFE5199D1}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\sscan2io.exe | "{88185038-9093-4EE9-A362-2DE060D5DC8D}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scanmgr.exe | "{95E3D332-21A7-4793-862A-AE21348B1FF8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9D08E2A5-CE69-4589-90D0-62E83761494D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9E13EDE3-E63A-45F5-8E11-E97F5C66EF11}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{A1FCABE7-61AD-4FE0-9FB5-2EAE1C889AE2}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | "{A7627FB3-CD0F-4696-8648-A2E5BFA4BD3D}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | "{AF1286B2-5FA4-40BC-A705-59CE1DCB9F63}" = protocol=17 | dir=in | app=c:\program files\opera_new\pluginwrapper\opera_plugin_wrapper.exe | "{B3C5D727-2D1F-4BEB-BAE5-3FBBF06FC7BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BAD98BFC-03F9-4F77-9B6B-A37C9692EE53}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe | "{BB0EF20C-D31A-430C-9090-4A2E7DC898D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BF5ADEE4-D752-45ED-8017-422FA5830261}" = protocol=6 | dir=in | app=c:\program files\opera_new\pluginwrapper\opera_plugin_wrapper.exe | "{C05F7E11-328E-4260-BDC4-85070CC47DD1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{C2E0684E-B8A1-4AA0-BC0A-4A61BBAEC942}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | "{C4FAA69D-800E-4809-96C6-2CFC994FC2CD}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | "{C9E0A85A-4DDB-4636-BD5E-9406770BDF93}" = protocol=17 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe | "{CA77AB0F-6129-448D-8D7D-71D5EC54014D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{CB760512-6183-4E84-AD75-C085DDC75AB9}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ordersupplies.exe | "{D2028EED-E893-4EBD-9EE1-10F14762B881}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{D2438BC7-BB4A-4CE4-B1C0-BB97351B3F57}" = protocol=6 | dir=in | app=c:\program files\opera_new\opera.exe | "{D661DC00-18D1-4D79-A79F-6E568CE44506}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{D7DB2B5C-9716-4BAE-B62D-91C6D730F267}" = dir=in | app=c:\program files\itunes\itunes.exe | "{DB5B1154-CF67-4713-9516-3C839F8DD4FF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{DB75AB3A-F77B-450E-BAD4-05CFFBE949CF}" = protocol=6 | dir=in | app=c:\program files\samsung\easy printer manager\ids.application.exe | "{DE4EBC95-E075-4C9F-8276-37532ED1ADFD}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "{E6E89A1F-B8B2-4308-8EE5-D7F1122FBA18}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\clx3170\scan2pc.exe | "{F9DBD0C6-FA75-4940-8EC2-B703A0A6A4BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FE8B93F5-CB0A-45F8-9326-85A3B9E25469}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{1D6C0BBC-F37A-42D5-9570-A6C0F5A17623}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{3C151146-FEA0-4144-995F-B521362795CA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{73B26BF9-EB51-495D-9BBE-82B7C3509D6A}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{7885B946-8B13-4D56-81EA-A2C8C33821A2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{CBD7E41C-107D-4321-87F0-FBDC3B3ED393}C:\program files\opera_new\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera_new\opera.exe | "TCP Query User{D0236F67-3CD1-4C96-866E-95E1E1895849}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{EFBF589F-261E-49E1-88FF-76A907B1E77D}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{FD4B65B9-5D97-4E2D-8262-A17334750638}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{050F3E63-8C11-467D-8E81-2C4298F8DF27}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{09BF668F-FA53-47F7-9DB7-8AA593142F41}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{13E36413-985F-419B-839A-CF92156A11E5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{26AC6088-2286-4AB4-91AE-D0DC6C11C334}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{3461E091-B07C-4630-889A-B3AB284ACE78}C:\program files\opera_new\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera_new\opera.exe | "UDP Query User{837C89BA-E3A0-432A-BE5B-4BFF9B5418A3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{A6A383BA-D03C-494A-91DC-612775CA0C0A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{F317EFDB-3B29-451D-B915-A3420DE342E2}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "%ProgramName%" = picture-shark 1.0 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam "{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2 "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{82C19692-571C-45D2-BAF2-278225787A35}" = ImageMixer 3 SE "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin "{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0 "{DEB23231-0851-4E3E-A2DB-EED8A40B0883}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FB52602E-CA90-430F-8BD8-F197CFAB5503}" = Web-Picture-Picker "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Agere Systems Soft Modem" = Agere Systems HDA Modem "Artisteer 3" = Artisteer 3 "avast" = avast! Free Antivirus "AVG Secure Search" = AVG Security Toolbar "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2 "CanonMyPrinter" = Canon My Printer "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "FileZilla Client" = FileZilla Client 3.5.0 "FLV Player" = FLV Player 2.0 (build 25) "Free Video to iPod Converter_is1" = Free Video to iPod Converter version 5.0.6.221 "FriendBlasterPro_is1" = FriendBlasterPro "iLivid" = iLivid "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements "LameACM" = LameACM "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mobile Partner" = Mobile Partner "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator 1.0" = Canon MP Navigator 1.0 "MyCamera" = Canon Utilities MyCamera "NVIDIA Drivers" = NVIDIA Drivers "Opera 11.60.1185" = Opera 11.60 "Opera 12.00.1467" = Opera 12.00 "Orbit_is1" = Orbit Downloader "PremElem70" = Adobe Premiere Elements 7.0 "ProInst" = Intel PROSet Wireless "Recuva" = Recuva "Samsung CLX-3170 Series" = Samsung CLX-3170 Series "Samsung Easy Printer Manager" = Samsung Easy Printer Manager "Samsung ML-1860 Series" = Samsung ML-1860 Series "Samsung Printer Live Update" = Samsung Printer Live Update "SmarThru PC Fax" = SmarThru PC Fax "SuperMailer_is1" = SuperMailer 5.40 "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam "VLC media player" = VLC media player 1.0.1 "Webcam Video Capture_is1" = Webcam Video Capture 4.8.0 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "XviD" = XviD MPEG-4 Codec ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2828624098-4232976946-4174206805-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Antivirus Events ] Error - 23.05.2009 09:47:55 | Computer Name = sw_laptop | Source = avast! | ID = 33554522 Description = Error - 18.06.2009 12:50:00 | Computer Name = sw_laptop | Source = avast! | ID = 33554522 Description = Error - 13.08.2009 09:48:52 | Computer Name = sw_laptop | Source = avast! | ID = 33554522 Description = Error - 07.04.2010 21:36:43 | Computer Name = sw_laptop | Source = avast! | ID = 33554522 Description = Error - 09.08.2010 20:37:01 | Computer Name = sw_laptop | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 03.08.2012 06:38:42 | Computer Name = sw_laptop | Source = EventSystem | ID = 4609 Description = Error - 03.08.2012 06:39:33 | Computer Name = sw_laptop | Source = WinMgmt | ID = 10 Description = Error - 03.08.2012 06:42:37 | Computer Name = sw_laptop | Source = LoadPerf | ID = 3001 Description = Error - 03.08.2012 06:50:36 | Computer Name = sw_laptop | Source = WinMgmt | ID = 10 Description = Error - 03.08.2012 06:57:32 | Computer Name = sw_laptop | Source = LoadPerf | ID = 3001 Description = Error - 03.08.2012 12:37:13 | Computer Name = sw_laptop | Source = Perflib | ID = 1010 Description = Error - 03.08.2012 12:37:15 | Computer Name = sw_laptop | Source = Perflib | ID = 1008 Description = Error - 03.08.2012 12:37:23 | Computer Name = sw_laptop | Source = LoadPerf | ID = 3001 Description = Error - 03.08.2012 12:48:24 | Computer Name = sw_laptop | Source = WinMgmt | ID = 10 Description = Error - 03.08.2012 12:54:37 | Computer Name = sw_laptop | Source = LoadPerf | ID = 3001 Description = [ System Events ] Error - 03.08.2012 06:50:36 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7034 Description = Error - 03.08.2012 06:51:14 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7011 Description = Error - 03.08.2012 06:51:34 | Computer Name = sw_laptop | Source = DCOM | ID = 10016 Description = Error - 03.08.2012 06:53:52 | Computer Name = sw_laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 03.08.2012 12:37:26 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7023 Description = Error - 03.08.2012 12:48:24 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7000 Description = Error - 03.08.2012 12:48:24 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7000 Description = Error - 03.08.2012 12:48:24 | Computer Name = sw_laptop | Source = Service Control Manager | ID = 7034 Description = Error - 03.08.2012 12:49:29 | Computer Name = sw_laptop | Source = DCOM | ID = 10016 Description = Error - 03.08.2012 12:51:27 | Computer Name = sw_laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Naja dann warte ich jetzt mal ab, was mir die Experten jetzt raten ;-) |
03.08.2012, 18:27 | #2 |
/// Malware-holic | BKA-Trojaner - Der Computer ist gesperrt! hi,
__________________für eine weitere analyse benötige ich mal folgendes. c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte Trojaner-Board Upload Channel wenn dies erledigt ist, bittemelden.
__________________ |
03.08.2012, 18:40 | #3 |
| BKA-Trojaner - Der Computer ist gesperrt! Hat kurz gedauert, aber die 17MB sind jetzt hochgeladen
__________________ |
03.08.2012, 18:58 | #4 |
/// Malware-holic | BKA-Trojaner - Der Computer ist gesperrt! ane, 17 mb ist zu groß File-Upload.net - Ihr kostenloser File Hoster! dort mal hochladen, link als private nachicht an mich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.08.2012, 19:32 | #5 |
/// Malware-holic | BKA-Trojaner - Der Computer ist gesperrt! danke wird der pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches genutzt?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.08.2012, 19:59 | #6 |
| BKA-Trojaner - Der Computer ist gesperrt! ja der Rechner wird eigentlich nur für solche Zwecke genutzt! Online-Banking, Excel Tabellen Kalkulation und Textverarbeitung! und sehr viel im Online Bereich (Veranstaltungsmarketing!) Also ich hab jetzt mal ein Java update gemacht, hab gesehen das war auf einem sehr alten Softwarestand |
08.08.2012, 18:00 | #7 |
/// Malware-holic | BKA-Trojaner - Der Computer ist gesperrt! hi bitte die bank anrufen, onlinebanking sperren lassen der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu BKA-Trojaner - Der Computer ist gesperrt! |
800000cb.@, avg secure search, avg security toolbar, blockiert, canon, computer, der computer ist für die verletzung, deutschland, direkt, durchgeführt, ergebnis, experte, experten, forum, gesetze, gesperrt, hacktool.asterisk, install.exe, limited.com/facebook, logdatei, logfile, malwarebytes, microsoft office 2003, morgen, msimg32.dll, neu, office 2007, officejet, plug-in, poste, posten, rechner, recuva, recycle.bin, scan, secure search, starte, starten, suche, troja, trojan.apppatch, trojan.phex.thagen, trojaners, verletzung der gesetze der bundesrepublik deutschland wurde blockiert, vtoolbarupdater, wrapper, zugemüllt |