| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner eingefangen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.08.2012, 10:08
| #1 |
| |  GVU Trojaner eingefangen! Habe mir nun auch den GVU Trojaner eingefangen! Meine Bildschirm wird gesperrt... Habe dies umgangen, indem ich neugestartet habe und meinen Rechner von Netzwerk getrennt habe. Habe nun einen Quicksan mit Malwarebytes durchgeführt und es wurden 2 Funde angezeigt (siehe Log) Bitte um Hilfe! Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.29.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christoph :: ***** [Administrator] 29.08.2012 16:49:41 mbam-log-2012-08-29 (16-49-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214228 Laufzeit: 3 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christoph\AppData\Local\Temp\install_0_msi.exe (Trojan.Ransom) -> Löschen bei Neustart. (Ende) Code:
ATTFilter OTL logfile created on: 30.08.2012 11:21:27 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Christoph\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 54,45% Memory free 7,99 Gb Paging File | 6,00 Gb Available in Paging File | 75,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 314,97 Gb Total Space | 233,00 Gb Free Space | 73,97% Space Free | Partition Type: NTFS Drive D: | 19,98 Gb Total Space | 9,80 Gb Free Space | 49,02% Space Free | Partition Type: FAT32 Drive F: | 596,54 Gb Total Space | 220,00 Gb Free Space | 36,88% Space Free | Partition Type: NTFS Computer Name: ****** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () MOD - c:\program files (x86)\adobe\acrobat 9.0\acrobat\exlang32.deu () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\plug_ins\Updater.DEU () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\plug_ins\EScript.DEU () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\plug_ins\Annots.DEU () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\plug_ins\Capture3D.DEU () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\sqlite.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Autodesk Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (OODefragAgent) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (SearchAnonymizer) -- C:\Users\Christoph\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (CSRBC) -- C:\Windows\SysNative\drivers\csrbcx64.sys (CSR/PLT) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (vncmirror) -- C:\Windows\SysNative\drivers\vncmirror.sys (RealVNC Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Christoph\Desktop IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 9D 9D 81 BB 51 CC 01 [binary data] IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes,DefaultScope = {59F79B82-199D-488E-B0B3-25E423D5B292} IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&k=0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{16A4EF36-CA23-4CEF-B27B-DF0934369B92}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{2350698B-7F66-46E4-B89B-55961E2C3C0B}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{59F79B82-199D-488E-B0B3-25E423D5B292}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&k=0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{792F4A65-DAC8-4130-BE8F-9165358F1157}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{7EB89859-64D6-471B-8DFC-888469F1A0D1}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{AB4F3EDE-41FA-46AB-A753-4A2C9E995028}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{B5C8957B-6FC2-4010-ACCA-3BE8DE77725D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=e0dfae60-bc22-4bda-bdc1-4d6cd073d3d2&apn_sauid=2AA508B1-AA0E-4A13-A517-DE2EAA9DC429 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{FA5EE920-A1EB-4C8C-ABE9-DC684F5CCDEA}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=e0dfae60-bc22-4bda-bdc1-4d6cd073d3d2&apn_ptnrs=^ABT&apn_sauid=2AA508B1-AA0E-4A13-A517-DE2EAA9DC429&apn_dtid=^YYYYYY^YY^DE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.30 10:25:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.08.03 11:34:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.30 10:25:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.03 11:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2012.08.01 10:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\emnx16je.default\extensions [2012.08.24 13:41:17 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\emnx16je.default\extensions\toolbar@ask.com [2012.08.30 10:24:02 | 000,002,413 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\emnx16je.default\searchplugins\askcom.xml [2011.12.30 18:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.30 10:25:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:07:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.28 17:07:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.28 17:07:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 17:07:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 17:07:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 17:07:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.10.25 00:56:18 | 000,001,961 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 14 more lines... O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com) O3 - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Christoph\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-981284708-2432398663-2729383355-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-981284708-2432398663-2729383355-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Christoph\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0BD74DA-F013-43BB-A95F-AEF02D738243}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6338DC4-37D1-488E-BDAA-68FED9814C14}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6904dc82-bdae-11e0-a589-002421071d74}\Shell - "" = AutoRun O33 - MountPoints2\{6904dc82-bdae-11e0-a589-002421071d74}\Shell\AutoRun\command - "" = I:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.29 17:29:54 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.08.29 17:02:42 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\backups [2012.08.29 16:59:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Christoph\Desktop\HiJackThis204.exe [2012.08.29 16:32:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes [2012.08.29 16:32:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.29 16:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.29 16:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.29 16:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.27 18:32:46 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\DCIM [2012.08.16 00:06:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.16 00:06:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.16 00:06:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.16 00:06:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.16 00:06:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.16 00:06:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.16 00:06:30 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.08.16 00:06:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.08.16 00:06:29 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.08.16 00:06:29 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.08.16 00:06:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.08.16 00:06:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.16 00:06:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.15 07:50:32 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.15 07:50:27 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.15 07:50:27 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.15 07:50:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.15 07:50:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.15 07:50:26 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.15 07:50:26 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.15 07:50:22 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.14 16:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QUIZPro V4.3.1 [2012.08.14 16:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QUIZPro IV [2012.08.13 20:03:03 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\scool [2012.08.12 00:45:20 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Katze [2012.08.12 00:34:20 | 000,000,000 | ---D | C] -- C:\Users\Christoph\Desktop\Fuchs 10.08.2012 [2012.08.06 10:47:23 | 000,000,000 | ---D | C] -- C:\Output [2012.08.06 10:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFPasswordRemover [2012.08.06 10:46:53 | 000,000,000 | ---D | C] -- C:\PDFPasswordRemover [2012.08.03 11:41:02 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Skype [2012.08.03 11:40:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.08.03 11:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.03 11:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.08.03 11:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.08.01 10:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.01 10:04:40 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\AskToolbar [2012.08.01 10:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.02.22 13:18:13 | 208,138,224 | ---- | C] (NVIDIA Corporation) -- C:\Users\Christoph\295.73-desktop-win7-winvista-64bit-international-whql.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.30 10:49:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 09:19:16 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 09:19:16 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 09:17:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.30 09:17:54 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.30 09:17:54 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.30 09:17:54 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.30 09:17:54 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.30 09:11:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 09:11:05 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2012.08.30 09:11:04 | 000,311,344 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.08.29 17:29:54 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.08.29 16:59:36 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Christoph\Desktop\HiJackThis204.exe [2012.08.29 16:26:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.29 09:38:07 | 014,881,145 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.pdf [2012.08.24 14:56:59 | 000,213,482 | ---- | M] () -- C:\Users\Christoph\Documents\*****.pdf [2012.08.24 12:57:27 | 000,157,004 | ---- | M] () -- C:\Users\Christoph\Documents\*****.pdf [2012.08.23 17:18:22 | 000,204,430 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.pdf [2012.08.23 16:54:20 | 001,387,882 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.zip [2012.08.23 15:27:34 | 000,059,215 | ---- | M] () -- C:\Users\Christoph\Documents\*****.pdf [2012.08.16 08:47:12 | 004,982,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.15 13:01:57 | 006,418,333 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.pdf [2012.08.15 12:49:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 12:49:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.15 12:16:41 | 000,585,591 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.pdf [2012.08.14 12:29:16 | 000,158,205 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.jpg [2012.08.13 17:53:34 | 092,871,705 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.mp4 [2012.08.10 23:32:18 | 000,842,255 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.jpg [2012.08.10 14:19:08 | 000,273,134 | ---- | M] () -- C:\Users\Christoph\Desktop\*****.pdf [2012.08.06 16:58:33 | 000,210,181 | ---- | M] () -- C:\Users\Christoph\Desktop\Foto-0159.jpg [2012.08.06 10:42:10 | 000,011,443 | ---- | M] () -- C:\Users\Christoph\gsview64.ini [2012.08.03 11:40:54 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.31 14:59:11 | 000,310,480 | ---- | M] () -- C:\Users\Christoph\*****.mp3 [2012.07.31 14:58:56 | 000,420,920 | ---- | M] () -- C:\Users\Christoph\*****.mp3 [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.29 16:10:58 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.29 09:37:52 | 014,881,145 | ---- | C] () -- C:\Users\Christoph\Desktop\*****.pdf [2012.08.24 12:57:27 | 000,157,004 | ---- | C] () -- C:\Users\Christoph\Documents\*****.pdf [2012.08.23 18:08:53 | 000,213,482 | ---- | C] () -- C:\Users\Christoph\Documents\*****.pdf [2012.08.23 17:18:22 | 000,204,430 | ---- | C] () -- C:\Users\Christoph\Desktop\*****.pdf [2012.08.23 16:54:20 | 001,387,882 | ---- | C] () -- C:\Users\Christoph\Desktop\*****.zip [2012.08.23 15:23:53 | 000,059,215 | ---- | C] () -- C:\Users\Christoph\Documents\*****.pdf [2012.08.15 13:01:57 | 006,418,333 | ---- | C] () -- C:\Users\Christoph\Desktop\*****.pdf [2012.08.15 12:16:41 | 000,585,591 | ---- | C] () -- C:\Users\Christoph\Desktop\******.pdf [2012.08.14 12:29:13 | 000,158,205 | ---- | C] () -- C:\Users\Christoph\Desktop\*****.jpg [2012.08.13 17:51:23 | 092,871,705 | ---- | C] () -- C:\Users\Christoph\Desktop\*****.mp4 [2012.08.11 18:55:44 | 000,842,255 | ---- | C] () -- C:\Users\Christoph\Desktop\2012-08-10 23.32.17.jpg [2012.08.10 14:19:07 | 000,273,134 | ---- | C] () -- C:\Users\Christoph\Desktop\newsletter_07_2010.pdf [2012.08.06 16:59:34 | 000,210,181 | ---- | C] () -- C:\Users\Christoph\Desktop\Foto-0159.jpg [2012.08.03 11:40:54 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.31 14:59:10 | 000,310,480 | ---- | C] () -- C:\Users\Christoph\*****.mp3 [2012.07.31 14:58:54 | 000,420,920 | ---- | C] () -- C:\Users\Christoph\*****.mp3 [2012.07.10 15:05:56 | 005,713,261 | ---- | C] () -- C:\Users\Christoph\guideGER.pdf [2012.05.07 16:14:02 | 000,011,443 | ---- | C] () -- C:\Users\Christoph\gsview64.ini [2012.03.09 10:13:57 | 028,943,412 | ---- | C] () -- C:\Users\Christoph\Profi.pdf [2012.03.05 15:54:05 | 005,387,503 | ---- | C] () -- C:\Users\Christoph\******.pdf [2012.03.02 12:15:35 | 000,402,432 | ---- | C] () -- C:\Windows\SysWow64\C4fox.dll [2012.03.02 12:15:35 | 000,314,368 | ---- | C] () -- C:\Windows\SysWow64\Mdi32kh.dll [2012.03.02 12:15:35 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\Mview.dll [2012.03.01 16:04:14 | 000,097,476 | ---- | C] () -- C:\Users\Christoph\lwr.jpg [2012.02.21 13:50:45 | 001,030,994 | ---- | C] () -- C:\Users\Christoph\ETCatalog2012.pdf [2012.02.15 16:53:57 | 001,198,421 | ---- | C] () -- C:\Users\Christoph\*****.jpg [2012.02.15 16:53:03 | 001,394,876 | ---- | C] () -- C:\Users\Christoph\*****.jpg [2012.02.13 15:29:37 | 000,408,074 | ---- | C] () -- C:\Users\Christoph\386986.jpg [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.31 14:47:52 | 001,631,669 | ---- | C] () -- C:\Users\Christoph\*****.jpg [2012.01.31 14:46:52 | 001,159,090 | ---- | C] () -- C:\Users\Christoph\*****.jpg [2012.01.31 11:15:01 | 001,831,934 | ---- | C] () -- C:\Users\Christoph\*****.jpg [2012.01.23 10:48:02 | 001,220,815 | ---- | C] () -- C:\Users\Christoph\*******.pdf [2011.12.03 15:13:59 | 000,004,156 | ---- | C] () -- C:\Users\Christoph\cc_20111203_141357.reg [2011.12.03 15:13:22 | 000,017,784 | ---- | C] () -- C:\Users\Christoph\cc_20111203_141317.reg [2011.12.01 10:45:00 | 000,710,578 | ---- | C] () -- C:\Users\Christoph\*********.pdf [2011.11.12 00:29:00 | 000,000,769 | ---- | C] () -- C:\Windows\Edofma.INI [2011.10.19 11:20:09 | 000,289,297 | ---- | C] () -- C:\Users\Christoph\*******.pdf [2011.09.06 13:08:26 | 000,044,887 | ---- | C] () -- C:\Users\Christoph\3464415_4_4e5cbdc2b304b.jpg [2011.09.06 13:08:21 | 000,050,658 | ---- | C] () -- C:\Users\Christoph\3464415_3_4e5cbdc2b20af.jpg [2011.09.06 13:07:37 | 000,042,905 | ---- | C] () -- C:\Users\Christoph\3464415_4e5cbdc2b0133.jpg [2011.08.23 09:59:47 | 000,042,837 | ---- | C] () -- C:\Users\Christoph\*****.pdf [2011.08.07 23:54:34 | 001,772,787 | ---- | C] () -- C:\Users\Christoph\*****.pdf [2011.08.03 11:17:21 | 000,000,760 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\setup_ldm.iss ========== LOP Check ========== [2012.05.24 15:55:02 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Autodesk [2011.08.03 13:12:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Canon [2012.05.24 15:28:56 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite [2012.08.30 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Dropbox [2012.02.13 12:20:29 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\FileZilla [2012.07.02 21:31:43 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ [2011.08.03 11:17:26 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Leadertech [2012.05.02 15:48:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mh-software [2012.07.29 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\MyPhoneExplorer [2011.08.03 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\OCS [2011.08.03 11:34:14 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Opera [2012.08.28 18:56:16 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TVgenial [2012.02.05 23:50:25 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Xilisoft [2012.04.16 16:18:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 340 bytes -> C:\Users\Christoph\Desktop\2012-08-10 23.32.17.jpg:com.dropbox.attributes < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.08.2012 11:21:27 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Christoph\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 54,45% Memory free
7,99 Gb Paging File | 6,00 Gb Available in Paging File | 75,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 314,97 Gb Total Space | 233,00 Gb Free Space | 73,97% Space Free | Partition Type: NTFS
Drive D: | 19,98 Gb Total Space | 9,80 Gb Free Space | 49,02% Space Free | Partition Type: FAT32
Drive F: | 596,54 Gb Total Space | 220,00 Gb Free Space | 36,88% Space Free | Partition Type: NTFS
Computer Name: ******| User Name: *****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001ABF7A-F92A-4971-9A49-8B472EDA3FA4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0AC37D59-B43E-45BC-B162-33973786E995}" = rport=445 | protocol=6 | dir=out | app=system |
"{108A0D4D-175D-4BA9-AF6E-DF4C1379C66D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1EF42ECD-22B3-4014-8CAD-1E3B18F45DBB}" = rport=137 | protocol=17 | dir=out | app=system |
"{20CBD133-FC95-4663-866E-3646091A2C7B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{25CB1994-BEBA-4406-A46F-B7753CAB12DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{42D61933-0D2A-4F44-89BE-96A1E67C1A89}" = lport=139 | protocol=6 | dir=in | app=system |
"{51FCAD81-89FF-48DD-86BD-CE16F5F290BD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64F86690-6F48-4C29-84B5-E9F7352C8F22}" = lport=137 | protocol=17 | dir=in | app=system |
"{67942024-9FAD-43AC-9C86-264AE3AC130C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70D04AB5-C98B-4FDD-9FC7-947459FFD047}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{79B57358-5683-4484-974C-045BA42E819C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8982E8AE-984F-4A3A-87CE-FE3123A983F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90CC4191-613F-443E-8538-CDED6197CB90}" = lport=138 | protocol=17 | dir=in | app=system |
"{9E15E920-B2ED-42A0-BCEF-353E0DDCA2FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABDBAE26-4CBF-47D4-96B6-9E4C28F04F9F}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE6C8053-6D46-4243-AF02-56CFE05CB0FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E04CEE47-96CA-4E93-A9B0-4902E6C37673}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7C5E5F4-E95F-4AD0-8A3F-50C150B079E4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E91D6832-3801-4001-B25F-61B06B804EDC}" = rport=138 | protocol=17 | dir=out | app=system |
"{EC24977B-28E1-4282-8AB5-5112806074D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{F415E3D3-7CAD-4F68-BC86-FA0BDCAC6439}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EF82B9-B3C8-493D-A417-CC0FDD2C0EE7}" = protocol=6 | dir=out | app=system |
"{01CFFB7B-A4E0-41BD-8CF3-DB0F45593AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{02BFCAA2-B2DA-4E63-BE8B-EF0B9F08AB97}" = protocol=6 | dir=in | app=c:\users\christoph\appdata\roaming\dropbox\bin\dropbox.exe |
"{0C472C0C-1608-4075-A477-B342F52CFF57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E50BC69-7C0D-4A6B-88E0-C13AC97A794A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13F91B9E-811C-47DC-AA67-2FEDEEB5E9A8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{2161AA2F-F0AE-4BF6-B2B1-02B0CF005717}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2CD608CC-62DF-4671-ACCA-AF5A34107A3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30F68CAB-9925-48A2-9C4D-BE5E168894BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36E5C02A-2081-4CE2-98EE-3A399523DC39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D991A1E-F322-440A-BE89-B534C389C44B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{533D29CA-5ED0-4A2E-8BF7-11777E001921}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{57F17B87-1B64-4CAB-B7D6-202EEF633C7A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{72975925-B937-45FF-B2F4-DD31C25955A7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{83AF2611-E1D8-40D6-B699-F2DE0400B151}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{981B8ED4-51DC-490B-99FE-60F70BACDA75}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{9A1365DF-8D6A-4932-BCE8-E4FC66097EAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9A54733D-768C-4A2B-8413-BFABF4F91A84}" = protocol=17 | dir=in | app=c:\users\christoph\appdata\roaming\dropbox\bin\dropbox.exe |
"{A187A786-7763-4653-8F39-3EF37A6430AB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A25CC750-9C40-405D-87AD-FB83A741DBF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6AF08CE-7613-4285-B06E-2B3ABC08AB87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1EC4401-67BF-4292-B97E-EBBA60DFFB7A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5091EF9-5CD8-4262-8365-1DD6744D9726}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C01E91C2-0367-4F09-A383-A3114D4ADFAD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CA64DED7-AAA3-4EA1-81FD-2DEFE60CB39B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{CAC9B3E5-584D-4745-A2AE-1992C234BF62}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{DCF09562-0746-4153-9E21-9BBF8D6FCBBF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E09016ED-301E-40FD-A3FE-02FA6F22530F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E29C35BC-31CA-4FD2-B7BB-14E299081592}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3FCB0AE-4ADD-4651-B37D-05F5E8BAB374}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5140458-013A-44D9-81BD-B775AB9816A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFB2716F-1D77-42E1-942D-5D176F8E46C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F01D7822-CDB9-4830-9F6A-AB94AB22D83D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{079AEF32-AA9E-4A58-83F9-05E86C1E8CA8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{0B14CD0E-E51F-45C8-AA8A-9CB083F7AEB0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2F6D157A-D2B7-4D25-BD37-6FE76D3194E1}C:\program files (x86)\valve\hltv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hltv.exe |
"TCP Query User{4A7DCA71-6858-42C2-B6DE-D7E9270F1D23}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{4FD10982-31AB-4E54-9394-FFACD11BDF06}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"TCP Query User{560DDB00-4987-4DB6-B526-329FA9AE0417}C:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe |
"TCP Query User{799D44B0-47E3-480A-8690-B39E96A64073}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe |
"TCP Query User{970806EA-DF32-4066-A68F-5F65658B55A7}C:\program files (x86)\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"TCP Query User{A0426CC2-E27D-42C9-BFA2-744D1CE24FC1}K:\server\musik\rammstein - mutter\filme 2\warsow_0.072alpha_win32\warsow.exe" = protocol=6 | dir=in | app=k:\server\musik\rammstein - mutter\filme 2\warsow_0.072alpha_win32\warsow.exe |
"TCP Query User{F385AEB6-2FE3-4457-BC89-C60559DDE561}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{1EC7AA05-F100-4BD4-8C7D-2D9EB8F9C676}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe |
"UDP Query User{2BCE9655-C04C-4946-AB20-52934DEF5A7E}C:\program files (x86)\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hl.exe |
"UDP Query User{3FD38A73-ACBE-4EB6-9C09-6155FE7F5B76}C:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe |
"UDP Query User{417158CF-B8F5-4548-80B3-4A714A84D94D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4E28344B-15FC-44B3-BBD7-77E267961D19}K:\server\musik\rammstein - mutter\filme 2\warsow_0.072alpha_win32\warsow.exe" = protocol=17 | dir=in | app=k:\server\musik\rammstein - mutter\filme 2\warsow_0.072alpha_win32\warsow.exe |
"UDP Query User{60FC2BE2-26E3-4011-8E6F-CC3136F8824D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{87BF3679-6273-4891-AD4F-C336F2EE5CF3}C:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hobbyist software\vlc setup helper\mdnsresponder.exe |
"UDP Query User{CABEB3B4-58FB-4AFA-B86E-281706203A6B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{E7B2EE92-47AD-47A6-B09D-A1A98CBDB799}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{FE3BF2AE-198F-4EFA-A734-811217040976}C:\program files (x86)\valve\hltv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\hltv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5783F2D7-7001-0407-0102-0060B0CE6BBA}" = AutoCAD 2009 - Deutsch
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{EF53A7C8-AEEA-4C79-B409-9B035B1566E3}" = Plantronics MyHeadset Updater (x64)
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0799181C3332EF8BCBD444BC080F9CA0737F8279" = Windows-Treiberpaket - Cambridge Silicon Radio (CSRBC) USB (08/15/2010 2.1.0.2)
"AutoCAD 2009 - Deutsch" = AutoCAD 2009 - Deutsch
"CCleaner" = CCleaner
"GPL Ghostscript 9.05" = GPL Ghostscript
"GSview 5.0" = GSview 5.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"RealVNC_is1" = VNC Enterprise Edition E4.3.1
"SearchAnonymizer" = SearchAnonymizer
"VNCMirror_is1" = VNC Mirror Driver 1.7
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.9
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Lite" = DAEMON Tools Lite
"Empires Dawn of the Modern World" = Empires Dawn of the Modern World
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"Formelsammlung Roloff-Matek" = Formelsammlung Roloff-Matek
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PDFPasswordRemover_is1" = PDFPasswordRemover 1.1
"QUIZPro_is1" = QUIZPro V4.3.1
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TVgenial" = TVgenial 4.10
"VLC media player" = VLC media player 1.1.11
"VLC Setup Helper_is1" = VLC Setup Helper
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-981284708-2432398663-2729383355-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.5.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.08.2012 02:49:40 | Computer Name = Christoph-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.08.2012 03:31:33 | Computer Name = Christoph-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.08.2012 16:53:45 | Computer Name = Christoph-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 28.08.2012 17:34:51 | Computer Name = Christoph-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 29.08.2012 01:34:08 | Computer Name = Christoph-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.08.2012 10:19:31 | Computer Name = Christoph-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.08.2012 10:53:34 | Computer Name = Christoph-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16448,
Zeitstempel: 0x4fecf1b7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x1198 Startzeit der fehlerhaften Anwendung: 0x01cd85f27cc2b949 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 4e0313b6-f1e9-11e1-9dca-002421071d74
Error - 29.08.2012 10:56:31 | Computer Name = Christoph-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.08.2012 11:32:54 | Computer Name = Christoph-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.55.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: de4 Startzeit:
01cd85fb3050fcb2 Endzeit: 0 Anwendungspfad: C:\Users\Christoph\Desktop\OTL.exe Berichts-ID:
Error - 30.08.2012 03:12:52 | Computer Name = Christoph-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 11.11.2011 19:05:35 | Computer Name = Christoph-PC | Source = MCUpdate | ID = 0
Description = 00:05:35 - Fehler beim Herstellen der Internetverbindung. 00:05:35
- Serververbindung konnte nicht hergestellt werden..
Error - 11.11.2011 19:06:08 | Computer Name = Christoph-PC | Source = MCUpdate | ID = 0
Description = 00:06:04 - Fehler beim Herstellen der Internetverbindung. 00:06:04
- Serververbindung konnte nicht hergestellt werden..
Error - 11.11.2011 20:06:52 | Computer Name = Christoph-PC | Source = MCUpdate | ID = 0
Description = 01:06:52 - Fehler beim Herstellen der Internetverbindung. 01:06:52
- Serververbindung konnte nicht hergestellt werden..
Error - 11.11.2011 20:07:23 | Computer Name = Christoph-PC | Source = MCUpdate | ID = 0
Description = 01:07:21 - Fehler beim Herstellen der Internetverbindung. 01:07:21
- Serververbindung konnte nicht hergestellt werden..
Error - 11.11.2011 21:11:49 | Computer Name = Christoph-PC | Source = MCUpdate | ID = 0
Description = 02:11:49 - Fehler beim Herstellen der Internetverbindung. 02:11:49
- Serververbindung konnte nicht hergestellt werden..
Error - 11.11.2011 21:12:19 | Computer Name = Christoph-PC | Source = MCUpdate | ID = 0
Description = 02:12:18 - Fehler beim Herstellen der Internetverbindung. 02:12:18
- Serververbindung konnte nicht hergestellt werden..
Error - 11.11.2011 22:13:02 | Computer Name = Christoph-PC | Source = MCUpdate | ID = 0
Description = 03:13:02 - Fehler beim Herstellen der Internetverbindung. 03:13:02
- Serververbindung konnte nicht hergestellt werden..
Error - 11.11.2011 22:13:34 | Computer Name = Christoph-PC | Source = MCUpdate | ID = 0
Description = 03:13:31 - Fehler beim Herstellen der Internetverbindung. 03:13:31
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 19.02.2012 06:46:36 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 19.02.2012 06:46:36 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 19.02.2012 06:46:36 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 19.02.2012 06:46:36 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 19.02.2012 06:46:36 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Zugriff auf Eingabegeräte" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1115
Error - 19.02.2012 06:46:36 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1115
Error - 19.02.2012 06:46:36 | Computer Name = Christoph-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" ist vom Dienst
"DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1062
Error - 20.02.2012 04:47:56 | Computer Name = Christoph-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?02.?2012 um 09:46:20 unerwartet heruntergefahren.
Error - 07.03.2012 03:59:01 | Computer Name = Christoph-PC | Source = BTHUSB | ID = 327699
Description = Beim Speichern des Bluetooth-Verbindungsschlüssel für Adapteradresse
(00:07:61:c4:f9:23) auf dem lokalen Adapter ist ein Fehler aufgetreten. Das Ereignis
enthält den herstellerspezifischen Fehlercode.
Error - 07.03.2012 03:59:06 | Computer Name = Christoph-PC | Source = BTHUSB | ID = 327699
Description = Beim Speichern des Bluetooth-Verbindungsschlüssel für Adapteradresse
(00:07:61:c4:f9:23) auf dem lokalen Adapter ist ein Fehler aufgetreten. Das Ereignis
enthält den herstellerspezifischen Fehlercode.
< End of report >
Geändert von Brinki86 (30.08.2012 um 10:55 Uhr) |
|
30.08.2012, 18:19
| #2 |
| /// Helfer-Team  | GVU Trojaner eingefangen! Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL
SRV - (SearchAnonymizer) -- C:\Users\Christoph\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes,DefaultScope = {59F79B82-199D-488E-B0B3-25E423D5B292}
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&k=0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{16A4EF36-CA23-4CEF-B27B-DF0934369B92}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{2350698B-7F66-46E4-B89B-55961E2C3C0B}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{59F79B82-199D-488E-B0B3-25E423D5B292}: "URL" = http://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&k=0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{792F4A65-DAC8-4130-BE8F-9165358F1157}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{7EB89859-64D6-471B-8DFC-888469F1A0D1}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{AB4F3EDE-41FA-46AB-A753-4A2C9E995028}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{B5C8957B-6FC2-4010-ACCA-3BE8DE77725D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=e0dfae60-bc22-4bda-bdc1-4d6cd073d3d2&apn_sauid=2AA508B1-AA0E-4A13-A517-DE2EAA9DC429
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\SearchScopes\{FA5EE920-A1EB-4C8C-ABE9-DC684F5CCDEA}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=182fcb7e-30bf-420b-a300-6ebddc638adb&pid=murb&mode=bounce&k=0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=e0dfae60-bc22-4bda-bdc1-4d6cd073d3d2&apn_ptnrs=^ABT&apn_sauid=2AA508B1-AA0E-4A13-A517-DE2EAA9DC429&apn_dtid=^YYYYYY^YY^DE&&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-981284708-2432398663-2729383355-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Christoph\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-981284708-2432398663-2729383355-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6904dc82-bdae-11e0-a589-002421071d74}\Shell - "" = AutoRun
O33 - MountPoints2\{6904dc82-bdae-11e0-a589-002421071d74}\Shell\AutoRun\command - "" = I:\Setup.exe
[2012.08.29 16:59:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Christoph\Desktop\HiJackThis204.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.08.29 16:26:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
@Alternate Data Stream - 340 bytes -> C:\Users\Christoph\Desktop\2012-08-10 23.32.17.jpg:com.dropbox.attributes
[2012.08.01 10:04:40 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\AskToolbar
[2012.08.01 10:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
:Files
C:\Users\*****\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\*****\AppData\Local\Temp\*.exe
C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
17.10.2012, 14:58
| #3 |
| /// Helfer-Team | GVU Trojaner eingefangen! Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
|
| Themen zu GVU Trojaner eingefangen! |
| administrator, anti-malware, appdata, autostart, avira searchfree toolbar, bildschirm, canon, dateien, eingefangen, explorer, gelöscht, gen, install, install.exe, install_0_msi.exe, jdownloader, langs, log, löschen, malwarebytes, microsoft, netzwerk, nvidia update, office 2007, plug-in, quarantäne, rechner, roaming, service, speicher, temp, trojaner, version |
Linear-Darstellung
