| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei Trojaner sperrt RechnerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.09.2012, 12:49
| #1 |
 |  Bundespolizei Trojaner sperrt Rechner Hallo, eine Bekannte hat mir gerade angerufen und erzählt, daß sie diesen Bundespolizei Trojaner (GVU) hat, der den Desktop sperrt und Geld haben will. Ich habe mich dann versucht im Internet schlau zu machen und bin bei euch gelandet. Ich habe bei euch einige Lösungswege angeschaut und habe großes Vertrauen daß ihr mir helfen könnt. Die Bekannte hat den Rechner zu mir gebracht, damit ich mit eurer Hilfe das Ding wieder sauber bekomme. Die Anleitungen habe ich auch schon durchgelesen. Defogger und OTL habe ich schon mal runtergeladen. Combofix noch nicht. Meine erste Frage ist, kann ich den infizierten Rechner per LAN in mein Netzwerk lassen (ich glaube lieber nicht) oder soll ich offline erstmal OTL auf dem Desktop laufen lassen? Kann ich die USB-Sticks bedenkenlos auf dem infizierten Rechner und meinem benutzen, oder hol ich mir auf dem Weg das Chaos auch auf meinen Rechner? Grüße Tscho Geändert von tschobeuter (16.09.2012 um 13:04 Uhr) |
|
16.09.2012, 16:42
| #2 |
| |  Bundespolizei Trojaner sperrt Rechner Hallo,
__________________habe hier noch die Log's: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.10.04 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 7.0.5730.11 Reiner :: COMPUTER [Administrator] Schutz: Aktiviert 16.09.2012 16:53:09 mbam-log-2012-09-16 (16-53-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 318297 Laufzeit: 2 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{C724AEB1-C1D7-4039-0001-DD8306BD9906} (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{C724AEB1-C1D7-4039-0001-DD8306BD9906} (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Dokumente und Einstellungen\Christine\Lokale Einstellungen\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Programme\mindmanps.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\Christine\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 16.09.2012 17:00:24 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Dokumente und Einstellungen\Reiner\Desktop\Bundestrojaner Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,09% Memory free 5,84 Gb Paging File | 5,10 Gb Available in Paging File | 87,27% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 96,78 Gb Total Space | 47,82 Gb Free Space | 49,41% Space Free | Partition Type: FAT32 Drive D: | 201,28 Gb Total Space | 115,58 Gb Free Space | 57,42% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: Reiner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.16 11:27:44 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Reiner\Desktop\Bundestrojaner\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.07.27 22:51:36 | 000,035,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 10.0\Reader\reader_sl.exe PRC - [2012.07.27 22:51:26 | 000,919,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012.07.26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.07.22 16:33:44 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012.07.22 16:33:38 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.03.19 21:21:48 | 001,494,216 | ---- | M] (SpeedBit LTD) -- C:\Programme\SpeedBit Video Accelerator\VideoAccelerator.exe PRC - [2012.03.19 21:21:48 | 000,265,928 | ---- | M] (SpeedBit Ltd.) -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2011.11.04 14:29:24 | 001,370,224 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.10.16 22:37:24 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2010.07.04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2010.03.24 15:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.01.08 01:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Programme\Search Settings\SearchSettings.exe PRC - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.05.08 12:04:58 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Mouse Driver\KMProcess.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.03.10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2008.02.22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.09.11 00:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe PRC - [2007.09.11 00:34:36 | 000,401,408 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Mouse Driver\KMCONFIG.exe PRC - [2007.09.07 22:22:24 | 000,204,800 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Mouse Driver\KMWDSrv.exe PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Multimedia Mouse Driver\StartAutorun.exe PRC - [2007.01.19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe PRC - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.08.09 14:27:48 | 000,036,864 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe PRC - [2006.05.23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2003.02.21 13:16:16 | 000,061,440 | R--- | M] (Tracker Software Products) -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe PRC - [2001.08.18 04:55:00 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe ========== Modules (No Company Name) ========== MOD - [2012.07.27 22:51:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.07.22 16:33:46 | 000,132,704 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012.07.22 16:33:44 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe MOD - [2012.07.22 16:33:38 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2012.06.16 08:54:46 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll MOD - [2012.06.15 10:48:28 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll MOD - [2012.06.15 10:48:16 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll MOD - [2012.06.15 10:46:56 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.05.11 18:21:04 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.11 18:12:40 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.11 18:12:26 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.11.04 14:30:58 | 001,868,912 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wfvie12.dll MOD - [2011.11.04 14:29:50 | 007,559,792 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wgui12.dll MOD - [2011.11.04 14:29:24 | 001,370,224 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe MOD - [2011.11.04 14:29:02 | 004,278,896 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wauff12.dll MOD - [2011.11.04 14:29:02 | 000,135,792 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsodbc47.dll MOD - [2011.11.04 14:29:00 | 000,028,672 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsdcom47.dll MOD - [2011.11.04 14:26:38 | 002,943,600 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wcore12.dll MOD - [2011.11.04 14:26:36 | 001,607,792 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wreli12.dll MOD - [2011.11.04 14:26:30 | 001,537,136 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\wsteu12.dll MOD - [2011.11.04 14:26:30 | 000,318,064 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rsguiwinapi47.dll MOD - [2011.11.04 14:26:28 | 000,261,232 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\rscorewinapi47.dll MOD - [2011.11.04 13:47:20 | 000,865,280 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcluceners47.dll MOD - [2011.11.04 13:47:18 | 000,271,872 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\phononrs47.dll MOD - [2011.11.04 13:47:16 | 011,163,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtwebkitrs47.dll MOD - [2011.11.04 13:47:14 | 000,108,544 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qttestrs47.dll MOD - [2011.11.04 13:47:12 | 001,340,416 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtscriptrs47.dll MOD - [2011.11.04 13:47:12 | 000,704,000 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsqlrs47.dll MOD - [2011.11.04 13:47:12 | 000,281,088 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtsvgrs47.dll MOD - [2011.11.04 13:47:10 | 008,934,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtguirs47.dll MOD - [2011.11.04 13:47:10 | 002,395,648 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qt3supportrs47.dll MOD - [2011.11.04 13:47:10 | 000,990,208 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtnetworkrs47.dll MOD - [2011.11.04 13:47:10 | 000,358,400 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtxmlrs47.dll MOD - [2011.11.04 13:47:08 | 002,356,736 | ---- | M] () -- C:\Programme\WISO\Steuersoftware 2012\qtcorers47.dll MOD - [2010.04.03 18:28:48 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.03 18:28:46 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2008.10.09 22:06:42 | 000,253,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2993.28395__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.10.09 22:06:42 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2993.28671__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.10.09 22:06:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2993.28626__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.10.09 22:06:42 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2993.28569__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.10.09 22:06:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2993.28416__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.10.09 22:06:24 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2993.28745__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2008.10.09 22:06:24 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2993.28635__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.10.09 22:06:24 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2993.28449__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2008.10.09 22:06:22 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2993.28580__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.10.09 22:06:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2993.28570__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.10.09 22:06:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2993.28480__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.10.09 22:06:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2993.28579__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.10.09 22:06:22 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2993.28600__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.10.09 22:06:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2993.28617__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.10.09 22:06:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.10.09 22:06:22 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.10.09 22:06:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.10.09 22:06:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.10.09 22:06:22 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.10.09 22:06:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2939.23747__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.10.09 22:06:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.10.09 22:06:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.10.09 22:06:20 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.10.09 22:06:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.10.09 22:06:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.10.09 22:06:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.10.09 22:06:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.10.09 22:06:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2008.10.09 22:06:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.10.09 22:06:20 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.10.09 22:06:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.10.09 22:06:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.10.09 22:06:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.10.09 22:06:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.10.09 22:06:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.10.09 22:06:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.10.09 22:06:20 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.10.09 22:06:14 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2993.28700__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.10.09 22:06:14 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2993.28697__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.10.09 22:06:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.10.09 22:06:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2993.28736__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.10.09 22:06:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.10.09 22:06:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.10.09 22:06:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.10.09 22:06:14 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2993.28385__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.10.09 22:06:12 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2993.28386__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.10.09 22:06:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2993.28387__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.10.09 22:06:12 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2993.28383__90ba9c70f846762e\APM.Server.dll MOD - [2008.10.09 22:06:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.10.09 22:06:12 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2993.28384__90ba9c70f846762e\AEM.Server.dll MOD - [2008.10.09 22:06:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2993.28699__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.10.09 22:06:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.10.09 22:06:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.04.27 12:49:08 | 000,053,248 | ---- | M] () -- C:\Programme\Multimedia Mouse Driver\MouseHook.dll MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.10 09:58:18 | 000,130,560 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe MOD - [2008.02.22 09:11:02 | 000,120,320 | ---- | M] () -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe MOD - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe MOD - [2007.08.20 17:41:12 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Multimedia Mouse Driver\keydll.dll MOD - [2006.08.09 10:32:56 | 001,261,568 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\HerDocdll.dll MOD - [2006.06.13 11:09:08 | 000,118,784 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uTextUser.dll MOD - [2006.06.13 11:08:46 | 000,028,672 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uTimeCode.dll MOD - [2006.04.25 12:05:36 | 000,049,152 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\DMFHost.dll MOD - [2006.03.29 11:23:06 | 000,040,960 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uTextToolRc.dll MOD - [2006.03.07 00:43:12 | 000,024,576 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\DMFExportAPI.dll MOD - [2006.03.07 00:41:36 | 000,028,672 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\ShareCommData.dll MOD - [2006.03.06 23:49:50 | 000,028,672 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uVeCfg.dll MOD - [2006.03.06 23:43:32 | 000,032,839 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\GridOptDlg.dll MOD - [2006.03.06 23:43:02 | 000,114,688 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uTextTool.dll MOD - [2006.03.06 23:42:00 | 000,028,672 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uTextCfg.dll MOD - [2006.03.06 23:38:38 | 000,036,864 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\ufckey.dll MOD - [2006.03.06 23:37:06 | 000,045,056 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uDrawingTool.dll MOD - [2006.03.06 23:19:12 | 000,049,152 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\DrawImageMgr.dll MOD - [2006.03.06 23:10:06 | 000,045,056 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\UFCCOLOR.dll MOD - [2006.03.06 23:09:56 | 000,053,248 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\UFCVECOMM.dll MOD - [2006.03.06 23:09:48 | 000,036,864 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uAfxUnknown.dll MOD - [2006.03.06 22:59:16 | 000,024,576 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uSurround.dll MOD - [2005.10.06 10:59:10 | 002,236,416 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uipp.dll MOD - [2005.09.05 23:07:14 | 000,708,608 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uviplW7.dll MOD - [2005.09.05 23:07:10 | 000,020,480 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvipl.dll MOD - [2005.09.05 19:08:22 | 000,040,960 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\upliabox2.dll MOD - [2005.09.05 19:08:16 | 000,032,768 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\upl.dll MOD - [2005.09.05 19:08:12 | 000,024,576 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uplcpuinf.dll MOD - [2004.06.15 03:05:34 | 001,658,972 | ---- | M] () -- C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\libmmd.dll MOD - [2003.04.27 15:02:28 | 000,011,264 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_xmf.dll MOD - [2003.02.05 15:22:04 | 000,017,920 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\xc_local.dll MOD - [2003.01.23 13:55:00 | 000,018,944 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_xcx.dll MOD - [2003.01.22 17:29:32 | 000,024,576 | R--- | M] () -- C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\fmt_jb2.dll MOD - [2002.07.03 17:38:00 | 000,053,248 | ---- | M] () -- C:\Programme\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- K:\VNC4\VNC4\WinVNC4.exe -- (WinVNC4) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe -- (de_serv) SRV - File not found [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.14 21:50:00 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.07.22 16:33:44 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012.07.18 17:36:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.19 21:21:48 | 000,265,928 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Programme\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService) SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.01.08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.10.10 21:52:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.09.07 22:22:24 | 000,204,800 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Multimedia Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2007.01.19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2001.08.18 04:55:00 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRAMME\NORMAN\nvc\BIN\nvcoarc51.sys -- (nvcoarc51) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRAMME\NORMAN\nvc\BIN\nvcoafl51.sys -- (nvcoafl51) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.05.12 12:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlashUSB.sys -- (FlashUSB) DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2009.11.17 19:51:38 | 005,956,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029unic.sys -- (s1029unic) DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029bus.sys -- (s1029bus) DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029mgmt.sys -- (s1029mgmt) DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1029nd5.sys -- (s1029nd5) DRV - [2008.10.10 21:26:12 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008.08.05 20:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008.06.18 11:23:38 | 003,692,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService) DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008.03.13 00:09:36 | 002,870,784 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.01.15 21:50:52 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73) DRV - [2008.01.04 08:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.12.28 18:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService) DRV - [2006.11.15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini) DRV - [2006.06.27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan) DRV - [2006.01.04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2005.11.03 15:40:08 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02) DRV - [2005.08.10 13:44:06 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2005.05.16 14:20:40 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) DRV - [2004.07.16 16:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI) DRV - [2003.09.19 16:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2001.11.28 10:18:00 | 000,162,304 | ---- | M] (NVIDIA® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) DRV - [2001.11.28 10:18:00 | 000,013,056 | ---- | M] (NVIDIA® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) DRV - [2001.11.20 19:20:00 | 000,013,502 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp) DRV - [2001.08.17 13:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom) DRV - [2001.08.17 13:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice) DRV - [2001.08.17 13:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem) DRV - [2001.08.17 13:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp) DRV - [2001.08.17 12:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {510D9FB1-B50F-4B4D-81A5-23655474DC2A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{2EB5D0A4-90B5-434A-A3F3-DE492D815145}: "URL" = hxxp://go.1und1.de/suchbox/1und1suche?su={searchTerms} IE - HKCU\..\SearchScopes\{510D9FB1-B50F-4B4D-81A5-23655474DC2A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={C12D33B7-53A1-46EA-848A-A6AC79C188C8}&mid=af1e04e899f947d0b701d15edc5cfa45-5e152cbfd45cbc58c155cd03afb1fd0f74c7444c&lang=de&ds=AVG&pr=fr&d=2012-05-27 12:55:52&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A42E06CC-6C32-456A-943A-F9F6DFFC39EC}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-ober&type=gamenextde&p={searchTerms} IE - HKCU\..\SearchScopes\{E59FA6AF-986F-4597-9196-310659A15010}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms} IE - HKCU\..\SearchScopes\{FB0684CD-9707-4FBA-9FE4-C020B8F68521}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2189 FF - prefs.js..extensions.enabledAddons: avg@toolbar:11.1.0.12 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B889d85ae-6d4f-47cc-ab42-b1712c88ad85%7D&mid=af1e04e899f947d0b701d15edc5cfa45-5e152cbfd45cbc58c155cd03afb1fd0f74c7444c&ds=AVG&v=11.1.0.12&lang=de&pr=fr&d=2012-05-27%2012%3A55%3A52&sap=ku&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.29 16:28:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG2012\Firefox4\ [2012.05.27 12:55:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.05.27 12:55:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\11.1.0.12\ [2012.07.22 16:33:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2006.11.15 18:49:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2006.11.15 18:49:42 | 000,000,000 | ---D | M] [2008.06.21 17:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\Mozilla\Extensions [2006.11.19 11:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\Mozilla\Firefox\Profiles\q091o1qh.default\extensions [2010.05.15 12:39:26 | 000,000,000 | ---D | M] ("Microsoft .NET Framework Assistant") -- C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\Mozilla\Firefox\Profiles\q091o1qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.06.11 18:34:36 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\Mozilla\Firefox\Profiles\q091o1qh.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} [2011.01.25 22:46:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\Mozilla\Firefox\Profiles\q091o1qh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.07.27 10:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2006.11.15 18:50:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.07.22 16:33:54 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\11.1.0.12 [2012.05.27 12:55:08 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAMME\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.07.18 17:36:52 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2009.10.26 16:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll [2011.05.04 04:52:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.07.22 16:33:28 | 000,003,767 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.11 18:34:30 | 000,002,515 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml [2012.06.15 00:46:58 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:58 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:58 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:58 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Yahoo! Deutschland () CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms} CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms} CHR - homepage: hxxp://www.google.com/ O1 HOSTS File: ([2010.12.20 17:18:28 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (iUserbar Toolbar) - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Programme\iUserbar\tbiUs2.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll () O3 - HKLM\..\Toolbar: (iUserbar Toolbar) - {51d37496-c262-4d13-a8c1-c93e59bf50b9} - C:\Programme\iUserbar\tbiUs2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (iUserbar Toolbar) - {51D37496-C262-4D13-A8C1-C93E59BF50B9} - C:\Programme\iUserbar\tbiUs2.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [KMCONFIG] C:\Programme\Multimedia Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [PhilipsSongbirdLauncher] C:\Programme\Philips\Philips Songbird\extensions\philips-autoplay@philips.com\application\PhilipsSongbirdLauncher.exe File not found O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Programme\SpeedBit Video Accelerator\VideoAccelerator.exe (SpeedBit LTD) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2012\mshaktuell.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MindManager PDF Writer.lnk = C:\Programme\Mindjet\MindManager 5\sys\PDF\ENU\W2K\PDFSaver.exe (Tracker Software Products) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145 O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: chip.de ([www] http in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2F0D96B4-7D9D-4767-A657-F7ECC9114887} hxxp://haustein.dyndns.org/IPCamPluginDMPT.cab (EDIMAX IPCamPluginDMPT Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37361.2830671296 (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0E1E16A-59D3-4429-82A7-353D7EEE174D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Reiner\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Reiner\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002.04.13 13:54:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{3d888470-fff7-11e1-94d6-e5a0a0689281}\Shell - "" = AutoRun O33 - MountPoints2\{3d888470-fff7-11e1-94d6-e5a0a0689281}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3d888470-fff7-11e1-94d6-e5a0a0689281}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{ad4a14b6-82e9-11d6-9c49-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{ad4a14b6-82e9-11d6-9c49-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ad4a14b6-82e9-11d6-9c49-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.16 16:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\Malwarebytes [2012.09.16 16:27:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.09.16 16:27:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.09.16 16:27:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.09.16 16:27:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.09.16 16:26:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Reiner\Desktop\Bundestrojaner [2012.09.11 07:20:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG [2007.06.04 10:54:26 | 005,810,216 | ---- | C] (Mozilla) -- C:\Programme\Firefox Setup 2.0.0.4.exe [2007.05.11 19:18:04 | 005,804,232 | ---- | C] (Mozilla) -- C:\Programme\Firefox Setup 2.0.0.3.exe [2007.01.19 21:55:40 | 014,843,696 | ---- | C] (Microsoft Corporation) -- C:\Programme\IE7-WindowsXP-x86-deu.exe [2007.01.19 21:43:09 | 027,066,664 | ---- | C] (Microsoft Corporation) -- C:\Programme\PowerPointViewer.exe [2005.12.05 18:00:46 | 002,247,888 | ---- | C] (Microsoft Corporation) -- C:\Programme\dsetup32.dll [2005.12.05 18:00:46 | 000,484,560 | ---- | C] (Microsoft Corporation) -- C:\Programme\DXSETUP.exe [2005.12.05 18:00:46 | 000,074,448 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll [2004.11.20 16:31:32 | 003,207,168 | ---- | C] (Mindjet) -- C:\Programme\MindMan.exe [2004.11.20 16:31:32 | 001,171,456 | ---- | C] (Mindjet) -- C:\Programme\mmlang-ger.dll [2004.11.20 16:31:31 | 000,761,856 | ---- | C] (Sub Systems, Inc. ) -- C:\Programme\Ter32mm.dll [2004.11.20 16:31:31 | 000,262,144 | ---- | C] (Inner Media, Inc.) -- C:\Programme\adfactry.dll [2004.11.20 16:31:31 | 000,221,184 | ---- | C] (Catenary Systems) -- C:\Programme\Vic32.dll [2004.11.20 16:31:31 | 000,172,032 | ---- | C] (Wintertree Software Inc.) -- C:\Programme\Ssce5332.dll [2004.11.20 16:31:31 | 000,124,416 | ---- | C] (Inner Media, Inc.) -- C:\Programme\dzip32.dll [2004.11.20 16:31:31 | 000,096,768 | ---- | C] (Inner Media, Inc.) -- C:\Programme\dunzip32.dll [2004.11.20 16:31:31 | 000,077,312 | ---- | C] (Inner Media, Inc.) -- C:\Programme\sfxbe322.dll [2004.11.20 16:31:31 | 000,053,760 | ---- | C] (Inner Media, Inc.) -- C:\Programme\sfxfe32.exe [2004.11.20 16:31:30 | 000,290,816 | ---- | C] (Sub Systems, Inc. ) -- C:\Programme\Hts32mm.dll [2002.11.05 05:00:00 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\INSTMSIW.EXE [2002.11.05 05:00:00 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\INSTMSIA.EXE [2002.11.05 05:00:00 | 000,102,400 | ---- | C] (Installshield Software Corporation ) -- C:\Programme\SETUP.EXE [18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.16 16:59:16 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME [2012.09.16 16:59:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.09.16 16:59:00 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-874574627-2650805779-3784137826-1007.job [2012.09.16 16:58:52 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.09.16 16:58:52 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-874574627-2650805779-3784137826-1018.job [2012.09.16 16:58:52 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-874574627-2650805779-3784137826-1006.job [2012.09.16 16:58:52 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-874574627-2650805779-3784137826-1019.job [2012.09.16 16:58:52 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-874574627-2650805779-3784137826-1017.job [2012.09.16 16:58:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.09.16 16:49:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.16 16:45:46 | 000,000,660 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.16 16:12:12 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.09.16 10:07:22 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012.09.16 10:02:18 | 000,000,010 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{79CBCEC7-42D8-49E9-AC5D-0957EF2826BF} [2012.09.16 10:02:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-874574627-2650805779-3784137826-1006.job [2012.09.16 10:02:14 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-874574627-2650805779-3784137826-1007.job [2012.09.14 10:10:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2012.09.12 20:40:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2012.09.11 19:21:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2012.09.11 14:00:02 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2012.09.11 07:20:46 | 000,000,602 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2012.lnk [2012.09.09 13:08:12 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [18 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.16 16:45:44 | 000,000,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.14 10:30:37 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012.02.15 13:51:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.09.15 20:20:31 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2011.04.05 12:11:17 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\$_hpcst$.hpc [2011.03.29 08:09:16 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll [2011.01.30 14:18:22 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll [2011.01.30 14:18:22 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini [2010.11.07 17:50:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.09.17 20:42:59 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2009.10.09 15:13:13 | 000,000,045 | ---- | C] () -- C:\Dokumente und Einstellungen\Reiner\jagex_runescape_preferences2.dat [2009.10.09 15:12:37 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Reiner\jagex_runescape_preferences.dat [2008.10.16 20:24:27 | 000,000,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Reiner\default.pls [2008.10.11 10:06:30 | 000,001,604 | ---- | C] () -- C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\wklnhst.dat [2006.11.15 18:48:08 | 006,042,312 | ---- | C] () -- C:\Programme\FirefoxGoogleToolbarSetup.exe [2006.11.14 19:49:09 | 000,155,648 | ---- | C] () -- C:\Programme\Symantec Security.exe [2006.11.14 19:48:02 | 000,000,637 | ---- | C] () -- C:\Programme\Symantec Security.htm [2006.05.23 16:20:47 | 000,000,021 | ---- | C] () -- C:\Programme\AVPersonalAVWIN.INI [2006.05.23 16:18:55 | 000,144,198 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat [2005.12.05 18:28:30 | 003,673,932 | ---- | C] () -- C:\Programme\Dec2005_MDX1_x86_Archive.cab [2005.12.05 18:28:04 | 001,358,864 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2005.12.05 18:28:02 | 000,086,925 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2005.12.05 18:28:02 | 000,046,247 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2005.12.05 18:28:02 | 000,041,888 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2005.12.05 18:28:00 | 000,916,806 | ---- | C] () -- C:\Programme\Dec2005_MDX1_x86.cab [2005.12.05 18:27:58 | 001,080,344 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2005.12.05 18:00:46 | 000,081,092 | ---- | C] () -- C:\Programme\dxupdate.cab [2005.12.05 18:00:44 | 001,351,430 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2005.12.05 18:00:44 | 001,336,890 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2005.12.05 18:00:44 | 001,248,387 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2005.12.05 18:00:44 | 001,078,532 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2005.12.05 18:00:44 | 001,065,813 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2005.12.05 18:00:44 | 001,014,113 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2005.12.05 18:00:42 | 013,265,040 | ---- | C] () -- C:\Programme\dxnt.cab [2005.12.05 18:00:40 | 015,493,481 | ---- | C] () -- C:\Programme\DirectX.cab [2005.12.05 18:00:40 | 001,156,363 | ---- | C] () -- C:\Programme\BDANT.cab [2005.12.05 18:00:40 | 000,976,020 | ---- | C] () -- C:\Programme\BDAXP.cab [2005.12.05 18:00:40 | 000,703,080 | ---- | C] () -- C:\Programme\BDA.cab [2005.10.27 18:50:12 | 000,002,487 | ---- | C] () -- C:\Programme\Microsoft PowerPoint.lnk [2004.11.20 16:40:18 | 000,073,664 | -H-- | C] () -- C:\Programme\MindMan.GID [2004.11.20 16:31:32 | 001,379,900 | ---- | C] () -- C:\Programme\MMConferenceProvider.dll [2004.11.20 16:31:31 | 000,081,468 | ---- | C] () -- C:\Programme\MindMan.tlb [2004.11.20 16:31:30 | 000,157,149 | ---- | C] () -- C:\Programme\WiseUpdt.exe [2004.11.20 16:31:30 | 000,133,988 | R--- | C] () -- C:\Programme\GER_ReleaseNotes.rtf [2004.11.20 16:31:30 | 000,078,708 | R--- | C] () -- C:\Programme\Versionshinweise.mmp [2004.11.20 16:31:30 | 000,043,693 | ---- | C] () -- C:\Programme\DeveloperResources.mmp [2004.11.20 16:31:30 | 000,028,714 | R--- | C] () -- C:\Programme\Open Interface Release Notes.mmp [2004.11.20 16:31:30 | 000,017,271 | ---- | C] () -- C:\Programme\MindManager 2002 License Agreement.rtf [2004.11.20 16:31:30 | 000,006,855 | ---- | C] () -- C:\Programme\UNWISE.INI [2004.11.20 16:31:29 | 000,162,304 | ---- | C] () -- C:\Programme\UNWISE.EXE [2003.07.01 19:32:34 | 004,073,984 | ---- | C] () -- C:\Programme\Antivir.exe [2002.11.05 05:00:00 | 018,135,040 | ---- | C] () -- C:\Programme\QCL.MSI [2002.11.05 05:00:00 | 001,452,803 | ---- | C] () -- C:\Programme\QCL.PDF [2002.11.05 05:00:00 | 000,320,618 | ---- | C] () -- C:\Programme\LICENSE.PDF [2002.11.05 05:00:00 | 000,062,686 | ---- | C] () -- C:\Programme\SETUP.INI [2002.11.05 05:00:00 | 000,021,094 | ---- | C] () -- C:\Programme\EXTRA.CAB [2002.08.29 20:19:35 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\Reiner\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.09.2012 17:00:24 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Dokumente und Einstellungen\Reiner\Desktop\Bundestrojaner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,09% Memory free
5,84 Gb Paging File | 5,10 Gb Available in Paging File | 87,27% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 96,78 Gb Total Space | 47,82 Gb Free Space | 49,41% Space Free | Partition Type: FAT32
Drive D: | 201,28 Gb Total Space | 115,58 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: Reiner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Programme\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm-Fotowelt] -- "C:\Programme\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\WINDOWS\System32\dpnsvr.exe" = C:\WINDOWS\System32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"E:\StrongholdLegends.exe" = E:\StrongholdLegends.exe:*:Enabled:Stronghold Legends
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Programme\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Geräteeinrichtung -- (Hewlett-Packard Co.)
"K:\iTunes.exe" = K:\iTunes.exe:*:Enabled:iTunes
"C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\AVG\AVG2012\avgmfapx.exe" = C:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"C:\Programme\AVG\AVG2012\avgnsx.exe" = C:\Programme\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgdiagex.exe" = C:\Programme\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgemcx.exe" = C:\Programme\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{013BE9DC-2E1A-7E95-15D9-C81E91A19510}" = Catalyst Control Center Graphics Full Existing
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E06D3-487A-8ED4-1672-B060C0A97D24}" = Skins
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06542CA3-F90C-BE75-656E-83A0B076213A}" = Catalyst Control Center Localization Czech
"{074C0987-378C-5E80-15F6-437B8717A16D}" = ccc-core-preinstall
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{11D7D4D9-5136-405B-80D7-F3097AAAAD63}" = Multimedia Mouse Driver
"{1583C7B3-5D84-4E62-9C55-BCB795EE7B19}" = Catalyst Control Center Core Implementation
"{18070238-0B24-6C19-52B8-368D26E8F1BC}" = Catalyst Control Center Localization Italian
"{1D341BEB-869D-E150-1A18-10B02B7E10BF}" = Catalyst Control Center Localization Finnish
"{1D544865-1A49-C99A-7189-ADD5464D8381}" = Catalyst Control Center Localization Thai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus XtremeG DWL-G122
"{2EE09C14-D1C8-D38C-B8BD-4A5DDA31A33C}" = CCC Help Danish
"{2F6D51D7-F65C-840D-69B3-F9CDC4D1C2CC}" = CCC Help Turkish
"{3187E3CF-A2C8-F15F-ADEE-3A966CCAB69E}" = CCC Help Thai
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D84CD86-8A47-D0BF-CD0D-AC1749D1B895}" = CCC Help Norwegian
"{44BABF05-8ED2-CEE4-D59F-17E605C4B6FE}" = CCC Help Chinese Traditional
"{469231D8-0FBD-82A8-4DC6-DDC664A77629}" = Catalyst Control Center Localization Portuguese
"{49899342-3922-06B5-E38E-17DE462A18C3}" = CCC Help Russian
"{49F10BCB-9587-6C5B-51F8-BE18A732183F}" = Catalyst Control Center Localization Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A545288-D1F5-0C0F-BC97-8179E6FF1794}" = CCC Help Japanese
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{510D967A-B190-C5B9-D2F8-D2009EB2EF93}" = Catalyst Control Center Localization Russian
"{521AD900-A91B-11D5-BBEC-00D0B740900A}" = Hotkey driver
"{59B84475-BEA1-CCBB-36C0-A7CD804F821F}" = Catalyst Control Center Localization Spanish
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AFAF0D6-E4FB-CB2C-CAA1-AF78055CD951}" = CCC Help Italian
"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3
"{60469B62-EB5C-D37E-D473-4F763F541783}" = Catalyst Control Center Localization Norwegian
"{6087F45E-358C-4173-8CB1-DE0AE26FFAE1}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A78AEF-7D16-0917-778E-1E04D486FB9E}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770A65D6-F37E-7447-517A-E62282C7EA18}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7B2387B2-63DC-5F0D-3E44-130AB689F1A2}" = Catalyst Control Center Graphics Previews Common
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7D3CA676-421C-5854-1D80-535FD684E5BC}" = Catalyst Control Center Localization Hungarian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8041F412-ABCE-51DA-B8D4-E1BC75FDBF0D}" = Catalyst Control Center Localization Chinese Standard
"{8314CCDE-D301-CABC-EDE7-D391D3E1C7DC}" = CCC Help Spanish
"{8428DF28-CCAF-501E-25CD-1391CD2D5CC9}" = CCC Help Portuguese
"{86B03DBF-D97A-02D7-C6E0-64B1CF7998D8}" = Catalyst Control Center Localization German
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88FD4472-F950-4083-A6FA-A829AC785B04}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8AF06947-F556-D573-95D1-AB7A7440AAA1}" = CCC Help Greek
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8DC25D22-3957-4F3F-14F1-4413DB0ED51F}" = Catalyst Control Center Localization Polish
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{913CA370-6B97-3C12-F54D-1BBA8F41303A}" = CCC Help Czech
"{94175F2B-39EB-B64B-50B0-501EDD13D820}" = CCC Help Hungarian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{966077F9-4923-B3B1-73A6-593E4627B5F7}" = Catalyst Control Center Localization French
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA4749E-BF71-8DAE-948A-3A44408550D6}" = Catalyst Control Center Graphics Full New
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5227CA4-8613-CB80-EFC0-D90A424B5430}" = Catalyst Control Center Localization Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B197FA45-6A2A-8CA4-888B-38BF0DD5DC90}" = CCC Help Chinese Standard
"{B4F40112-0067-880A-C696-5E2ECC547F2B}" = Catalyst Control Center Localization Danish
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BA185841-9581-E711-8DB3-24FA5ADED6AD}" = CCC Help English
"{BB00789E-CDE5-0824-F8CB-ABF5EAA0BB1A}" = Catalyst Control Center Localization Chinese Traditional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2F6C1C8-36BC-449C-B018-4E84E4E08C90}" = MindManager X5 Pro
"{C6BA2362-C93F-73F5-29E9-CF4100C5CA02}" = Catalyst Control Center Localization Swedish
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C930BF21-C79B-C4DC-7092-2E7898FE5554}" = CCC Help Swedish
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9BC573D-3BB5-C839-409D-C964E874188D}" = CCC Help Polish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D121161E-AD64-4438-97A0-66A1AB7FFDE3}" = Works Suite-Betriebssystem-Pack
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{D657FAA8-9042-9CE7-14D9-048A5C88818D}" = Catalyst Control Center Localization Greek
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E1DED507-D03F-C0E4-ECE6-542541897A0C}" = CCC Help Finnish
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3B35466-F7B6-3BE0-EE8D-3DEE37492649}" = CCC Help German
"{E7F430A8-AADA-6F9C-CE37-E1174BAD27B0}" = ccc-utility
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC15C65D-4DE1-3AC7-93B5-D7B2FC02EC09}" = ccc-core-static
"{ECD2A0EE-7BAB-463A-F910-4FD7CE58FC00}" = Catalyst Control Center Localization Japanese
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2260E94-80F2-4CB1-B6B1-6043D9BFFA47}" = Works-Synchronisierung
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6C11B5C-0E30-E6F8-46B9-21EF9CE7995D}" = CCC Help Korean
"{F79E3C41-5367-5ADA-5C18-4C9E91FD9852}" = Catalyst Control Center Localization Korean
"{FEF74B44-EF2B-762C-3D69-4CA101E792B4}" = CCC Help Dutch
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AVG" = AVG 2012
"Defraggler" = Defraggler
"DiskAid_is1" = DiskAid 4.11
"dm-Fotowelt" = dm-Fotowelt
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iMesh" = iMesh
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"iUserbar Toolbar" = iUserbar Toolbar
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.6
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MindManager 2002" = MindManager 2002
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Shockwave" = Shockwave
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"TuneAid_is1" = TuneAid 3.73
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VLC media player" = VLC media player 2.0.2
"Waffenrecht" = Waffenrecht
"Wincore MediaBar" = Wincore MediaBar
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.07.2012 11:34:29 | Computer Name = COMPUTER | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14266954
Error - 22.07.2012 12:24:20 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung datamn~1.exe, Version 3.0.0.2790, fehlgeschlagenes
Modul datamn~1.exe, Version 3.0.0.2790, Fehleradresse 0x000e5583.
Error - 07.08.2012 13:03:35 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung datamn~1.exe, Version 3.0.0.2790, fehlgeschlagenes
Modul datamn~1.exe, Version 3.0.0.2790, Fehleradresse 0x000e5583.
Error - 13.08.2012 12:26:50 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung datamn~1.exe, Version 3.0.0.2790, fehlgeschlagenes
Modul datamn~1.exe, Version 3.0.0.2790, Fehleradresse 0x000e5583.
Error - 12.09.2012 13:36:43 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung datamn~1.exe, Version 3.0.0.2790, fehlgeschlagenes
Modul datamn~1.exe, Version 3.0.0.2790, Fehleradresse 0x000e5583.
Error - 16.09.2012 04:02:34 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17112, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x05581df5.
Error - 16.09.2012 04:57:57 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17112, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x04215175.
Error - 16.09.2012 08:50:19 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung datamn~1.exe, Version 3.0.0.2790, fehlgeschlagenes
Modul datamn~1.exe, Version 3.0.0.2790, Fehleradresse 0x000e5583.
Error - 16.09.2012 10:58:40 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 16.09.2012 11:00:14 | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung datamn~1.exe, Version 3.0.0.2790, fehlgeschlagenes
Modul datamn~1.exe, Version 3.0.0.2790, Fehleradresse 0x000e5583.
[ System Events ]
Error - 11.09.2012 02:17:59 | Computer Name = COMPUTER | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2686509)
Error - 11.09.2012 05:38:10 | Computer Name = COMPUTER | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00179AB813B6 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 11.09.2012 05:38:13 | Computer Name = COMPUTER | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 00179AB813B6 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 12.09.2012 13:36:44 | Computer Name = COMPUTER | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2686509)
Error - 13.09.2012 01:19:07 | Computer Name = COMPUTER | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2686509)
Error - 14.09.2012 03:21:58 | Computer Name = COMPUTER | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2686509)
Error - 16.09.2012 04:02:54 | Computer Name = COMPUTER | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2686509)
Error - 16.09.2012 08:52:23 | Computer Name = COMPUTER | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2686509)
Error - 16.09.2012 10:58:33 | Computer Name = COMPUTER | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 16.09.2012 11:01:37 | Computer Name = COMPUTER | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8007f0f4 fehlgeschlagen: Sicherheitsupdate für Windows XP (KB2686509)
< End of report >
Tscho |
|
22.09.2012, 10:36
| #3 |
| | Bundespolizei Trojaner sperrt Rechner Hallo, hallo,
__________________kann mir jemand helfen ??? Ich möchte den Rechner gerne wieder sauber bekommen. Danke !!! |
|
23.09.2012, 14:52
| #4 |
| | Bundespolizei Trojaner sperrt Rechner Hallo, wie schaffe ich es, das mir jemand hilft? Bitte wenigstens um eine Mitteilung wenn ich irgendeine Boardregel verletzt habe. |
|
23.09.2012, 15:46
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Trojaner sperrt Rechner Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.09.2012, 16:32
| #6 |
| | Bundespolizei Trojaner sperrt Rechner Hallo cosinus, danke für die Antwort, werde es für's nächste mal beachten. MalwareBytes läuft gerade. Der Rechner ist offline und ich habe den Update der Rules mit mbam-rules.exe gemacht. Die Posts hier schreibe ich von einem zweiten Rechner der online ist. Solange noch eine Frage zu dem online Scanner: Kann ich den infizierten Rechner per LAN in mein Netzwerk lassen (ich glaube lieber nicht)? Kann ich USB-Sticks bedenkenlos auf dem infizierten Rechner und meinem benutzen, oder hol ich mir auf dem Weg das Chaos auch auf meinen Rechner? Grüße Tscho |
|
23.09.2012, 18:32
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner sperrt Rechner Ich will erstmal die Ergebnisse sehen aber für ESET braucht der Rechner eine Internetverbindung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 19:36
| #8 |
| | Bundespolizei Trojaner sperrt Rechner Hallo cosinus, vergess die Frage von vorher, bin mit dem Rechner online. anbei die Logs: mbam-log-2012-09-16 (16-53-09).txt Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.10.04 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 7.0.5730.11 Reiner :: COMPUTER [Administrator] Schutz: Aktiviert 16.09.2012 16:53:09 mbam-log-2012-09-16 (16-53-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 318297 Laufzeit: 2 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{C724AEB1-C1D7-4039-0001-DD8306BD9906} (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{C724AEB1-C1D7-4039-0001-DD8306BD9906} (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Dokumente und Einstellungen\Christine\Lokale Einstellungen\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Programme\mindmanps.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\Christine\Startmenü\Programme\Autostart\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.17.07 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 7.0.5730.11 Reiner :: COMPUTER [Administrator] Schutz: Aktiviert 23.09.2012 17:22:34 mbam-log-2012-09-23 (17-22-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 537945 Laufzeit: 1 Stunde(n), 17 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=891823d53f4fbb4bbcbdcd67480009e0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-23 06:25:57
# local_time=2012-09-23 08:25:57 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 10302891 10302891 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 343 343 0 0
# scanned=226468
# found=15
# cleaned=0
# scan_time=5784
C:\Dokumente und Einstellungen\Christine\Lokale Einstellungen\Temp\jar_cache6184034467582095420.tmp Java/Exploit.CVE-2012-4681.AB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Christine\Lokale Einstellungen\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Christine\Lokale Einstellungen\Temp\CAC37A85-BAB0-7891-8B03-4A052F7F8AA4\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Christine\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WU3JTFKI\brand_files[1].7zip multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\AVG\Rescue\PC Tuneup 2011\120527132221531.rsc multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Search Settings\SearchSettings.dll Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Search Settings\SearchSettings.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Search Settings\SearchSettingsRes409.dll Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\iMesh Applications\MediaBar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.A application (unable to clean) 00000000000000000000000000000000 I
D:\System\RECYCLER\S-1-5-21-874574627-2650805779-3784137826-1007\Dd791\Setup691_FreeFlvConverter.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I
Tscho |
|
23.09.2012, 19:49
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner sperrt RechnerCode:
ATTFilter Datenbank Version: v2012.09.17.07
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 21:17
| #10 |
| | Bundespolizei Trojaner sperrt Rechner Sorry, das war noch vom offline-scannen. Jetzt aber: mbam-log-2012-09-23 (20-57-10).txt Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.23.05 Windows XP Service Pack 3 x86 FAT32 Internet Explorer 7.0.5730.11 Reiner :: COMPUTER [Administrator] Schutz: Aktiviert 23.09.2012 20:57:10 mbam-log-2012-09-23 (20-57-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|I:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 539601 Laufzeit: 1 Stunde(n), 18 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
24.09.2012, 13:47
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner sperrt Rechner adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2012, 14:18
| #12 |
| | Bundespolizei Trojaner sperrt Rechner Hallo cosinus, der Lauf war echt schnell nur ein paar Sekunden, hier das Egebnis: Code:
ATTFilter # AdwCleaner v2.003 - Datei am 09/29/2012 um 15:17:09 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Reiner - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Reiner\Desktop\Bundestrojaner\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : Application Updater
Gefunden : vToolbarUpdater11.2.0
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Programme\Mozilla Firefox\extensions\searchsettings@spigot.com
Datei Gefunden : C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Programme\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gefunden : C:\WINDOWS\system32\conduitEngine.tmp
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gefunden : C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\AVG Secure Search
Ordner Gefunden : C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\Babylon
Ordner Gefunden : C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\mediabarim
Ordner Gefunden : C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\OpenCandy
Ordner Gefunden : C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\PriceGong
Ordner Gefunden : C:\Dokumente und Einstellungen\Christine\Anwendungsdaten\Search Settings
Ordner Gefunden : C:\Dokumente und Einstellungen\Dominik\Anwendungsdaten\Search Settings
Ordner Gefunden : C:\Dokumente und Einstellungen\Jacqueline\Anwendungsdaten\Search Settings
Ordner Gefunden : C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\Dealio
Ordner Gefunden : C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\mediabarim
Ordner Gefunden : C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\PriceGong
Ordner Gefunden : C:\Dokumente und Einstellungen\Reiner\Anwendungsdaten\Search Settings
Ordner Gefunden : C:\Programme\Application Updater
Ordner Gefunden : C:\Programme\AVG Secure Search
Ordner Gefunden : C:\Programme\Conduit
Ordner Gefunden : C:\Programme\ConduitEngine
Ordner Gefunden : C:\Programme\Gemeinsame Dateien\AVG Secure Search
Ordner Gefunden : C:\Programme\iUserbar
Ordner Gefunden : C:\Programme\Search Settings
Ordner Gefunden : C:\Programme\Viewpoint
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Dealio
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\iUserbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51D37496-C262-4D13-A8C1-C93E59BF50B9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gefunden : HKCU\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Search Settings
Schlüssel Gefunden : HKCU\Toolbar
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4afb-BEBF-F5FD231ECD39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{44D72967-CBD7-4840-BBF6-2E59F6A72F37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{461DF47F-860F-4350-B908-7586A6166AB6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{51D37496-C262-4D13-A8C1-C93E59BF50B9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48c9-91B4-7809E6945287}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4d7e-AF25-EFCC303D20A1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46b8-A83C-F3A45BDA23EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A2556ECC-6E8B-43AC-AF38-7A19C5E03EA4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49e5-A6C0-33FC86D80205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4a9a-B4EF-72A91E3CCF4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4e93-966C-65615720AEFB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4c0d-BA6D-BFEA16E773A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\S
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchSettings.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchSettings.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2436531
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\iUserbar
Schlüssel Gefunden : HKLM\Software\MetaStream
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{535AFB6D-84D3-4658-9C56-07A6D8C2F125}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{918733BE-F663-4AFD-AC41-333E141DA273}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iUserbar Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51D37496-C262-4D13-A8C1-C93E59BF50B9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A2556ECC-6E8B-43AC-AF38-7A19C5E03EA4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iUserbar Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\Software\Search Settings
Schlüssel Gefunden : HKU\S-1-5-21-874574627-2650805779-3784137826-1007\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{51D37496-C262-4D13-A8C1-C93E59BF50B9}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{51D37496-C262-4D13-A8C1-C93E59BF50B9}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.5730.11
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={C12D33B7-53A1-46EA-848A-A6AC79C188C8}&mid=af1e04e899f947d0b701d15edc5cfa45-5e152cbfd45cbc58c155cd03afb1fd0f74c7444c&lang=de&ds=AVG&pr=fr&d=2012-05-27 12:55:52&v=11.1.0.12&sap=nt
*************************
AdwCleaner[R1].txt - [16099 octets] - [29/09/2012 15:17:09]
########## EOF - C:\AdwCleaner[R1].txt - [16160 octets] ##########
|
|
01.10.2012, 11:45
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner sperrt Rechner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2012, 21:09
| #14 |
| | Bundespolizei Trojaner sperrt Rechner Hallo cosinus, hatte etwas Probleme damit. Habe das erste mal vergessen den Virenscanner (AVG) abzuschalten. Der hat adwcleaner in quarantäne geschoben. Das habe ich dann Rückgängig gemacht. Dann wie von dir beschrieben adwcleaner.exe gestartet und nach Neustart auf dem ganzen Rechner keine adw*.txt gefunden. Dann habe ich adwcleaner neu runtergeladen und nochmal laufen gelassen. Nach dem Neustart war die AdwCleaner[S1].txt da: Code:
ATTFilter # AdwCleaner v2.003 - Datei am 10/01/2012 um 21:42:25 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Reiner - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Reiner\Desktop\Bundestrojaner\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.5730.11
*************************
AdwCleaner[R1].txt - [16230 octets] - [29/09/2012 15:17:09]
AdwCleaner[S1].txt - [615 octets] - [01/10/2012 21:42:25]
########## EOF - C:\AdwCleaner[S1].txt - [674 octets] ##########
ANIWZCSds.exe Fehler in Anwendung -> ANIWZCS2 Service Launcher hat einen Fehler ermittelt und musste beendet werden. Da ich nicht weiss, ob das auch damit zu tun hat, anbei die beim Dump erzeugte Datei appcompat.txt: Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="ANIWZCSdS.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="ANIWZCSd.dll" SIZE="679936" CHECKSUM="0x30919C35" BIN_FILE_VERSION="2.6.14.7445" BIN_PRODUCT_VERSION="2.6.14.7445" PRODUCT_VERSION="2, 6, 14, 7445" FILE_DESCRIPTION="ANIWZCS Dynamic Link Library" COMPANY_NAME="Wireless Service" PRODUCT_NAME="ANIWZCS Dynamic Link Library" FILE_VERSION="2, 6, 14, 7445" ORIGINAL_FILENAME="ANIWZCS2.DLL" INTERNAL_NAME="ANIWZCS2" LEGAL_COPYRIGHT="" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="2.6.14.7445" UPTO_BIN_PRODUCT_VERSION="2.6.14.7445" LINK_DATE="11/03/2007 04:09:46" UPTO_LINK_DATE="11/03/2007 04:09:46" VER_LANGUAGE="Englisch (USA) [0x409]" />
<MATCHING_FILE NAME="ANIWZCSdS.exe" SIZE="49152" CHECKSUM="0x62703B2F" BIN_FILE_VERSION="1.0.3.7034" BIN_PRODUCT_VERSION="1.0.3.7034" PRODUCT_VERSION="1, 0, 3, 7034" FILE_DESCRIPTION="ANIWZCS2 Service Launcher" COMPANY_NAME="Wireless Service" PRODUCT_NAME="ANIWZCS2 Service Launcher (NT)" FILE_VERSION="1, 0, 3, 7034" ORIGINAL_FILENAME="ANIWZCS2S.exe" INTERNAL_NAME="ANIWZCS2S" LEGAL_COPYRIGHT="" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.3.7034" UPTO_BIN_PRODUCT_VERSION="1.0.3.7034" LINK_DATE="01/19/2007 03:49:24" UPTO_LINK_DATE="01/19/2007 03:49:24" VER_LANGUAGE="Englisch (USA) [0x409]" />
<MATCHING_FILE NAME="CtrlSrv.exe" SIZE="24576" CHECKSUM="0x902C35EE" BIN_FILE_VERSION="1.0.2.61204" BIN_PRODUCT_VERSION="1.0.2.61204" PRODUCT_VERSION="1, 0, 2, 61204" FILE_DESCRIPTION="CtrlSrv MFC Application" COMPANY_NAME="Alpha Networks Inc." PRODUCT_NAME="CtrlSrv Application" FILE_VERSION="1, 0, 2, 61204" ORIGINAL_FILENAME="CtrlSrv.EXE" INTERNAL_NAME="CtrlSrv" LEGAL_COPYRIGHT="Copyright (C) 2003" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.2.61204" UPTO_BIN_PRODUCT_VERSION="1.0.2.61204" LINK_DATE="12/04/2006 05:43:12" UPTO_LINK_DATE="12/04/2006 05:43:12" VER_LANGUAGE="Englisch (USA) [0x409]" />
<MATCHING_FILE NAME="WZCSLDR2.exe" SIZE="49152" CHECKSUM="0xA4D3EE56" BIN_FILE_VERSION="1.0.10.7034" BIN_PRODUCT_VERSION="1.0.10.7034" PRODUCT_VERSION="1, 0, 10, 7034" FILE_DESCRIPTION="ANIWZCS2 launcher for Windows." COMPANY_NAME="Wireless Service" PRODUCT_NAME="ANIWZCS2 Service Launcher (9x)" FILE_VERSION="1, 0, 10, 7034" ORIGINAL_FILENAME="WZCSLDR2.exe" INTERNAL_NAME="ANIWZCS29X" LEGAL_COPYRIGHT="" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.10.7034" UPTO_BIN_PRODUCT_VERSION="1.0.10.7034" LINK_DATE="01/19/2007 03:49:03" UPTO_LINK_DATE="01/19/2007 03:49:03" VER_LANGUAGE="Englisch (USA) [0x409]" />
</EXE>
<EXE NAME="ntdll.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="ntdll.dll" SIZE="743936" CHECKSUM="0x92BA25FB" BIN_FILE_VERSION="5.1.2600.6055" BIN_PRODUCT_VERSION="5.1.2600.6055" PRODUCT_VERSION="5.1.2600.6055" FILE_DESCRIPTION="DLL für NT-Layer" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Betriebssystem Microsoft® Windows®" FILE_VERSION="5.1.2600.6055 (xpsp_sp3_gdr.101209-1647)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. Alle Rechte vorbehalten." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB8395" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.6055" UPTO_BIN_PRODUCT_VERSION="5.1.2600.6055" LINK_DATE="12/09/2010 15:15:07" UPTO_LINK_DATE="12/09/2010 15:15:07" VER_LANGUAGE="Deutsch (Deutschland) [0x407]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="1063424" CHECKSUM="0xD288FF05" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Client-DLL für Windows NT-Basis-API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Betriebssystem Microsoft® Windows®" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. Alle Rechte vorbehalten." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x106D93" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="Deutsch (Deutschland) [0x407]" />
</EXE>
</DATABASE>
Tscho |
|
02.10.2012, 14:43
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner sperrt RechnerZitat:
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei Trojaner sperrt Rechner |
| bekannte, bundestrojaner, chaos, combofix, desktop, frage, geld, gen, glaube, großes, infizierte, infizierten, interne, internet, laufen, lieber, netzwerk, offline, rechner, sauber, schlau, sperrt, troja, trojaner, versucht |
Linear-Darstellung
